Non-queryable Account Providers (like SAMLP/WSFED…) can now be set to not require a logon for a defined time span. The default setting is that a logon is required every time.
Account Providers now contain an option to ask the user if he/she has an existing account upon first logon with that account provider.
See https://stackapps.com/ on how to connect and register.
Available info is: GivenName, Surname, Nationality, Date of birth, eID valid from, eID valid to.
eID requires the installation of client side eID software. See https://eid.belgium.be
For more information on GitHub: See https://developer.github.com/
For more information on iDIN: See https://www.idin.nl/
The WSFED Account Provider will now update the configuration based on the Metadata URL (if provided) when the configuration is saved.
The WSFED Account Provider now supports uploading a metadata file for configuration.
For more information on Amazon: See https://developer.amazon.com/home.html
The Identity Hub now contains a statistics overview per tenant available for Administrators. The first available statistics are:
Total number of users per time period, Total number of active users per time period, Total number of logons per time period
For more information on how to get an UZI-pas: See https://www.uziregister.nl/
For more information on how to get an Itsme B2B account: See https://www.itsme.be/
The profile view of users for administrators now shows the originating account providers for the roles that are mapped for the profile.
The Identity Hub now supports DigId as Account Provider to authenticate users. For more info on DigId: https://www.digid.nl/
SAMLP and WSFED Account Providers now have a Metadata URL that can be used to configure/update Identity Provider partners.
SAMLP Account Provider now supports configuration via Federation Metadata URL of file (including updates).
SAMLP Account Provider now supports Client Certificate authentication for the HTTP Artifact binding.
SAMLP Account Provider now supports HTTP Artifact binding.
SAMLP Account Provider will now automatically detect when MFA has been preformed on the ADFS (if the ADFS provides the information).
Upgraded to version 2.12 of Facebook Graph API
It is now possible to exclude Account Providers per App. Those Account Providers (logon methods) can not be used to logon to the App.
Added report for administrator that provides information on 2-factor options set by users.
Configuration of the Identity Provider part of a SAMLP Account Provider can now be done by specifying the metadata url of the Identity Provider.
Administators can now reset the 2-factor authentication when a user loses his/her device where the app was configured.
The Identity Hub now supports Proof Key for Code Exchange (PKCE)
If two factor authentication is required at tenant level and if an Account Provider is performing two factor authentication, it is now possible to avoid consecutive two factor authentication.
On the profile page the user can now add a mobile phone number
The Identity Hub can now send SMS text messages. This is implemented using an exten-sibility model. For the moment there is one out-of-the-box SMS service provider Twilio (see https://www.twilio.com/)
Users can now verify their mobile phone number using the verification link on their profile page or on the profile security information page.
For on-premise installation a custom SMS Provider Service can be developed by the client or U2U Consult.
Multifactor authentication can now be performed via SMS. It requires a configured SMS Service Provider and a verified mobile phone number of the user.
Metadata Endpoint is now available for SAMLP and WS-FED.
App claims mappings are now displayed per category
Added reports for administrators
Support form_post response mode.
For SAMLP and WS-FED Account Providers custom mapped claims can now be passed to applications.
Mail can now be disabled as two factor authentication option at the tenant level.
To support development localhost redirect uri without uri are now supported out of the box for the Implicit Flow.
The username/password account provider now supports adding a logo for the login button.
Roles can now be retrieved and mapped for Office 365 Account Providers.
Improvements to UI for App and Account Provider.
Now support SingleLogoutResponse url's.
Users can now be provisioned by administrators.
A configuration option has been added to prevent users from registering.
Overview of protocol endpoints has been added to the administrative user interface.
Users list can now be filtered per account provider.
Users can now be provisioned by administrators.
A configuration option has been added to prevent users from registering.
Overview of protocol endpoints has been added to the administrative user interface.
Now supporting Live Metrics.
A view has been added that shows a list of users having a role.
For tenants with high number of users, the list of users will have better performance.
The SAML-P Account Provider can now have a secondary token signing certificate for the Identity Provider to support certificate rollover.
To support the new Microsoft Converged applications types.
An option has been added to require 2-factor authentication for the complete tenant.
An option has been added to disable requesting and collecting location information.
On the detail page of a user, an admin can choose to delete a user.
A Delete Profile button has been added on the user's profile page.
A method "DeleteProfileAsync" has been added to the class TheIdentityHub.IdentityService.
When using TheIdentityHub.IdentityService.GetProfileAsync() the result (TheIdentityHub.Profile) has a new property OldIdentityIds.
An option (flag) has been added to the UserName/Password Account Provider.
A method "UpdateProfileAsync" has been added to the class TheIdentityHub.IdentityService.
OpenID Connect Authorization Code flow is now supported to request tokens from The Identity Hub. How To: Perform OpenID Connect 1.0 Code Grant
Android and PHP SDK are now available
How To: Sign into your PHP web site with The Identity Hub (OAuth 2.0)
How To: Sign into your Mobile app with The Identity Hub
The Identity Hub now supports authentication through My Digipass.
The default requested scopes for OAuth Account Provider can now be toggled (except the minimum required scopes).
Users can now be archived and will no longer appear in the list of users.
Users can now be disabled to prevent them from signing in.
On the page where the user has to choose what provider to use to sign in a welcome text can be added.
When email address is set to be unique only one user can exist with the same email address. Only one Account Provider can be active in this specific case.
An option has been added to the SAMLP Account Provider to compensate for ADFS flow issues due to the cookie limitations in IOS/Safari.
Support for searching The Identity Hub for users and roles when assinging permissions in SharePoint.
The Identity Hub now enforced HTTPS Strict Transport Security.
Claim Mappings are now supported for SAMLP Account Providers.
ReCaptha has been updated to use the latest version.
Administrators can now activate te possibility to retrieve the usernames based on an email address.