What's New more...

• OAuth VerifyToken endpoint now returns info about the account provider that was used to sign in to obtain the token.

  account_provider_id: The id of the Account Provider.
  account_provider_type_id: The type id of the Account Provider.

• Pass culture as query string parameter

  By default The Identity Hub determines the culture based on the user language parameters passed by the browser. However it is possible to overwrite this behavior by specifying a querystring parameter when redirecting to The Identity Hub. Example: https://www.theidentityhub.com/[Tenant]/authenticate?culture=nl-NL

• Support for MAX-AGE for non-queryable Account Providers

  Non-queryable Account Providers (like SAMLP/WSFED…) can now be set to not require a logon for a defined time span. The default setting is that a logon is required every time.

• Inquiry for existing account when user logs in for the first time

  Account Providers now contain an option to ask the user if he/she has an existing account upon first logon with that account provider.

• The Identity Hub now supports StackExchange as Account Provider

  See https://stackapps.com/ on how to connect and register.

• The Identity Hub now supports eID as Account Provider (basic info - on demand)

  Available info is: GivenName, Surname, Nationality, Date of birth, eID valid from, eID valid to.
  eID requires the installation of client side eID software. See https://eid.belgium.be

• The Identity Hub now supports GitHub as Account Provider

  For more information on GitHub: See https://developer.github.com/

• The Identity Hub now supports iDIN as Account Provider (on demand)

  For more information on iDIN: See https://www.idin.nl/

• WSFED Account Provider update via Metadata

  The WSFED Account Provider will now update the configuration based on the Metadata URL (if provided) when the configuration is saved.

• WSFED Account Provider Metadata file support

  The WSFED Account Provider now supports uploading a metadata file for configuration.

• The Identity Hub now supports Amazon as Account Provider

  For more information on Amazon: See https://developer.amazon.com/home.html

• New Statistics for Administrators

  The Identity Hub now contains a statistics overview per tenant available for Administrators. The first available statistics are:
  Total number of users per time period, Total number of active users per time period, Total number of logons per time period

• The Identity Hub now supports UZI-pas as Account Provider

  For more information on how to get an UZI-pas: See https://www.uziregister.nl/

• The Identity Hub now supports Itsme as Account Provider

  For more information on how to get an Itsme B2B account: See https://www.itsme.be/

• User Profile roles

  The profile view of users for administrators now shows the originating account providers for the roles that are mapped for the profile.

• DigId

  The Identity Hub now supports DigId as Account Provider to authenticate users. For more info on DigId: https://www.digid.nl/

• SAMLP/WSFED Account Provider - Federation Metadata

  SAMLP and WSFED Account Providers now have a Metadata URL that can be used to configure/update Identity Provider partners.

• SAMLP Account Provider - Federation Metadata

  SAMLP Account Provider now supports configuration via Federation Metadata URL of file (including updates).

• SAMLP Account Provider - Artifact Client Certificate authentication

  SAMLP Account Provider now supports Client Certificate authentication for the HTTP Artifact binding.

• SAMLP Account Provider - Artifact

  SAMLP Account Provider now supports HTTP Artifact binding.

• SAMLP Account Provider - ADFS - MFA

  SAMLP Account Provider will now automatically detect when MFA has been preformed on the ADFS (if the ADFS provides the information).

• Facebook Account Provider

  Upgraded to version 2.12 of Facebook Graph API

• Exclude Account Providers per App

  It is now possible to exclude Account Providers per App. Those Account Providers (logon methods) can not be used to logon to the App.

• Reporting

  Added report for administrator that provides information on 2-factor options set by users.

• Create SAMLP Account Provider from Metadata url

  Configuration of the Identity Provider part of a SAMLP Account Provider can now be done by specifying the metadata url of the Identity Provider.

• Reset 2-factor authentication app

  Administators can now reset the 2-factor authentication when a user loses his/her device where the app was configured.

• OAuth 2.0/OpenID Connect

  The Identity Hub now supports Proof Key for Code Exchange (PKCE)

• Two factor authentication

  If two factor authentication is required at tenant level and if an Account Provider is performing two factor authentication, it is now possible to avoid consecutive two factor authentication.

• New mobile phone number field for User Profile

  On the profile page the user can now add a mobile phone number

• Default Twilio SMS Provider Service

  The Identity Hub can now send SMS text messages. This is implemented using an exten-sibility model. For the moment there is one out-of-the-box SMS service provider Twilio (see https://www.twilio.com/)

• Mobile phone number verification

  Users can now verify their mobile phone number using the verification link on their profile page or on the profile security information page.

• Custom SMS Provider Service

  For on-premise installation a custom SMS Provider Service can be developed by the client or U2U Consult.

• Multifactor authentication using SMS

  Multifactor authentication can now be performed via SMS. It requires a configured SMS Service Provider and a verified mobile phone number of the user.

• App SAMLP/WS-FED Metadata Endpoint

  Metadata Endpoint is now available for SAMLP and WS-FED.

• App Claim Mappings

  App claims mappings are now displayed per category

• Reporting

  Added reports for administrators

• OpenID Connect

  Support form_post response mode.

• Custom claims

  For SAMLP and WS-FED Account Providers custom mapped claims can now be passed to applications.

• Two factor authentication

  Mail can now be disabled as two factor authentication option at the tenant level.

• OAuth 2.0

  To support development localhost redirect uri without uri are now supported out of the box for the Implicit Flow.

• Build in Username/Password account provider

  The username/password account provider now supports adding a logo for the login button.

• Office 365 Account Provider

  Roles can now be retrieved and mapped for Office 365 Account Providers.

• User Interface

  Improvements to UI for App and Account Provider.

• SAMLP Account Provider.

  Now support SingleLogoutResponse url's.

• Build in Username/Password account provider.

  Users can now be provisioned by administrators.

• Build in Username/Password account provider.

  A configuration option has been added to prevent users from registering.

• Protocol Endpoints.

  Overview of protocol endpoints has been added to the administrative user interface.

• Users list.

  Users list can now be filtered per account provider.

• Build in Username/Password account provider.

  Users can now be provisioned by administrators.

• Build in Username/Password account provider.

  A configuration option has been added to prevent users from registering.

• Protocol Endpoints.

  Overview of protocol endpoints has been added to the administrative user interface.

• Azure Application Insights support.

  Now supporting Live Metrics.

• Users per role.

  A view has been added that shows a list of users having a role.

• User list has been optimized.

  For tenants with high number of users, the list of users will have better performance.

• SAML-P Account Provider Certificate Rollover.

  The SAML-P Account Provider can now have a secondary token signing certificate for the Identity Provider to support certificate rollover.

• OpenId: Full support for Code Flow and Implicit Flow.
• An option has been added to not use the Live SDK with Microsoft Account Provider.

  To support the new Microsoft Converged applications types.

• 2-factor authentication can now be set as required.

  An option has been added to require 2-factor authentication for the complete tenant.

• Requesting location information on the login page can now be disabled.

  An option has been added to disable requesting and collecting location information.

• Hub or Tenant Admins can now delete a user.

  On the detail page of a user, an admin can choose to delete a user.

• A user can now delete his or her profile.

  A Delete Profile button has been added on the user's profile page.

• Support has been added to the ASP.NET SDK to delete a users profile.

  A method "DeleteProfileAsync" has been added to the class TheIdentityHub.IdentityService.

• Support has been added to the ASP.NET SDK to retrieve the identity id's of merged identities (users profiles).

  When using TheIdentityHub.IdentityService.GetProfileAsync() the result (TheIdentityHub.Profile) has a new property OldIdentityIds.

• The built-in UserName/Password Account Provider now supports requiring an email address as user name.

  An option (flag) has been added to the UserName/Password Account Provider.

• Support has been added to the ASP.NET SDK to update a users profile.

  A method "UpdateProfileAsync" has been added to the class TheIdentityHub.IdentityService.

• Apps that connect through WS-FED or SAMLP can return Roles in Group Claims and the Display Name as Name claim.
• OpenID Connect 1.0 is now supported.

  OpenID Connect Authorization Code flow is now supported to request tokens from The Identity Hub. How To: Perform OpenID Connect 1.0 Code Grant

• Password complexity can now be configured for build in Username Password Account Provider
  
• Android and PHP SDK.

  Android and PHP SDK are now available
  How To: Sign into your PHP web site with The Identity Hub (OAuth 2.0)
  How To: Sign into your Mobile app with The Identity Hub

• Support for MyDigipass Account Provider.

  The Identity Hub now supports authentication through My Digipass.

• Facebook Account Provider now uses version 2.5 of the Facebook Graph Api.
• OAuth scopes for the OAuth Account Provider can now be toggled on and off.

  The default requested scopes for OAuth Account Provider can now be toggled (except the minimum required scopes).

• Users can now be archived.

  Users can now be archived and will no longer appear in the list of users.

• Users can now be disabled.

  Users can now be disabled to prevent them from signing in.

• Welcome text can now be added

  On the page where the user has to choose what provider to use to sign in a welcome text can be added.

• Email address can now be set as unique

  When email address is set to be unique only one user can exist with the same email address. Only one Account Provider can be active in this specific case.

• Support for SAMLP ADFS flow on IOS/Safari

  An option has been added to the SAMLP Account Provider to compensate for ADFS flow issues due to the cookie limitations in IOS/Safari.

• New version of the SharePoint 2013 SDK and WSP Solution.

  Support for searching The Identity Hub for users and roles when assinging permissions in SharePoint.

• HTTPS Strict is now enforced.

  The Identity Hub now enforced HTTPS Strict Transport Security.

• Claim Mappings for SAMLP Account Providers

  Claim Mappings are now supported for SAMLP Account Providers.

• New ReCaptcha implementation

  ReCaptha has been updated to use the latest version.

• Username retrieval for build in username password account provider.

  Administrators can now activate te possibility to retrieve the usernames based on an email address.