Identity Platform 2022.1 is released today, including SSO 9.0 and CustomerID 6.0
Across this release cycle we have covered deep technical improvements and modernisations of the Identity Platform, as well as making progress in a new key development area. For all the details, please head over to our Release Notes.
Due to the structural changes found in this release, OpenLDAP MDB (regarding memory and disk space), the move to Java 11 and some third-party libraries, we felt there were sufficient changes to make this release a major version update. As such, SSO is moving from 8.9 to 9.0 and CustomerID is moving from 5.9 to 6.0 during this 2022.1 release cycle.
Sign in with BYOI: Within the Identity Platform we have added another ‘essential’ BYOI (bring your own identity) provider into full support – Apple. Now you can easily configure sign-in functions with Google, Microsoft, and Apple identities. They enable you to support most consumers or external users and offer an already existing, easy to use identity method to empower your digitisation. You no longer have to maintain internal identity and password management services if you do not require them. Adding in “Sign in with Apple” continues our journey towards offering you a passwordless future, where users can be allowed access based on their existing credentials and authenticated with a glance at their phone. It may take some time for the entire world to transition to this easy-to-use feature, but just like the gradual transition to electric cars, the FIDO alliance will help enable a passwordless future for everyone. For more details on the FIDO backed, passwordless future check out this Apple blog.
Risk-Based Authentication (RBA): We have continued our development of risk-based authentication features over the past several months, with ongoing developments to be continued. For this release, we have added the ability to offer SMS OTP (one time password) and SMTP OTP for unregistered users. Utilising either OpenID Connect or SAML, you can now both securely integrate an external IdP, as well as require a second authentication factor (MFA (Multi Factor Authentication)) to highly assure external users from that IdP. The external user signs into your application via OpenID Connect (or SAML) and after returning to SSO will query the external IdP for the user’s phone number. From there, a six-digit OTP code is sent as an SMS to the user. When the user enters the OTP code on your application login screen, the external MFA is completed, and the user will be allowed to access your application.
Risk-Based Authentication is an area that we will continue to develop over the next two to three release cycles. We are excited to expand our Identity Platform into this dynamic security space and believe we will deliver many useful enhancements to the platform. Ask your Sales Team/Account Manager for more information on upcoming development plans.
We are all aware that security is a continual process, not a one-time destination. For the Identity Platform, this process of continually ensuring our security posture is paramount. We have been investing development cycles to ensure we can respond to unforeseen security events, like Log4j v2 at the end of last year, as well as making systematic improvements to the core functioning and performance of the Identity Platform. During this release we have published several further improvements to the platform.
OpenLDAP MDB: We’ve updated the directory (OpenLDAP) which underlies our SSO application to OpenLDAP MDB (Memory-Mapped Database), which has proven to give a responsive and ready-to-scale datastore to our Identity Platform. We have been operating MDB for one of our cloud customers for six months now and it has proven capable of handling upwards of a million active user sessions. An updated session manager (which is also used with Redis deployments) further improves session management on the platform. Read the release notes for more details as there are environment updates needed to migrate from the existing OpenLDAP BDB to MDB.
Java11: We have recompiled the Identity Platform with Java 11. This fundamental improvement brings all the enhancements of Java 11, as well as the security improvements permitted by enabling updates in third-party libraries and services (like WildFly) used throughout the Identity Platform. For many of us, Java 8 has been a mainstay for a number of years. Java 11 will not be as long lived as Java 8 was – please see Oracle’s page over Java SE life cycles. We will review Java 17 vs Java 21 in late 2023, so please anticipate your environment needs as we move forward.
Third-party libraries: The Identity Platform follows open standards, like OIDC (OpenID Connect), and uses many third-party libraries. The standards and libraries help to ensure that the code is reviewed by a global community, with the community offering patches against security vulnerabilities and bugs. For each and every release, we continue to patch the third-party libraries used and as needed update the libraries to more modern or better functioning libraries and code bases. Within the 2022.1 release, we’ve continued this updating. As with prior releases we encourage every customer to update their environment as soon as possible, to benefit from these latest updates.
As we head into the summer months, we are aiming to finalise another section of Risk-Based Authentication (directory mapped users will gain the ability to use TOTP as their MFA), complete the modernisation of logging libraries within the platform, and complete some updates to make premises-based installations easier. We have some exiting mid-term goals that we hope to announce at the end of summer, that will bring IDaaS into sharp view and consideration for all future customer projects. We expect to have a two-year roadmap laid out to discuss with all of you at the end of summer. Until then, please have a look at the 2022.1 Release Notes. Feel free to engage with us via the Operations team or your account team – we are always happy for your input to help shape our future developments.