Transcript
We'll go over this month's new available features. Generally available features. Forms is a new visual editor that allows you to build custom forms that can be used to extend your login and signup flows with additional steps and business logic. Some of the key capabilities of forms include pre-built components with front-end and back-end validations. Custom business logic with out-of-the-box integrations with third parties. Controlled and secure experience within your tenant's domain. And consistent branding experience with universal login. Using forms enables you to build use cases like progressive profiling, custom policies acceptance, and custom signup or login steps. Personalization has never been easier. Continuous session protection is now generally available for enterprise customers, providing powerful tools to dynamically manage sessions and refresh tokens within Auth0 actions. This feature offers flexible options to configure expiration settings, access additional session and token data, and revoke sessions when necessary, enhancing security and control. Key benefits of continuous session protection include dynamic session and token expiration, configure custom absolute and idle timeouts for sessions and refresh tokens using the new setExpiresAtDate and setIdleExpiresAtDate methods. These settings can be applied across users, organizations, or specific connections to meet your security and compliance needs. Enhance security with revocation. Revoke sessions and refresh tokens programmatically using actions based on custom logic or risk assessments. This allows you to take immediate action when suspicious behavior is detected or when tokens no longer meet your security policies. Comprehensive session and token insights. Access additional session and refresh token attributes within actions, enabling you to make more informed, data-driven decisions for managing user sessions. These features allow enterprise customers to dynamically improve their security posture by customizing session behavior, enforcing shorter expiration times for high-risk roles such as administrators, and revoking tokens when necessary to mitigate risks. Custom prompts passwordless support. Custom prompts provides experience flexibility by allowing customers to customize user signup, login, and other prompts and flows as they see fit for their user journeys. It allows you to collect additional information at signup or login. With this enhancement to custom prompts, you can now capture additional data during signup and login when using a passwordless connection and surfacing the data in the post-login action. Security center thresholds. Within the security center dashboard offering, customers can now set metric thresholds. This new feature provides enterprise customers with an enhanced proactive capability around the various security center monitors they track. Customers can now configure thresholds on security threat metrics and monitor when threats exceed the acceptable value. The feature is available in all public cloud environments and rolling out to private spaces throughout the next few weeks. We are excited to announce that our bot detection feature has been upgraded with a new machine learning model specifically designed to detect and prevent signup attacks. This enhancement integrates advanced ML capabilities into our proprietary bot detection system, significantly improving the identification of fraudulent account creation attempts. This feature is currently available in the new universal login experience, providing added security for customers utilizing our latest UIs in our latest UI. For customers using the classic login or custom UI, we are evaluating options to extend these capabilities in the future. As always, to activate bot detection or if you require more detailed information, please visit our online documentation or contact your account team. We are here to assist you in ensuring your systems remain secure against evolving threats. Let's wrap up with a look at early access features. Self-service single sign-on. Every B2B SaaS product exposes administrative functionality to their business customers. Typically, the subscription owner in the customer's organization can do various administrative tasks. Some are specific to the product, but a great deal of them are related to identity and shared across all SaaS apps. Single sign-on configuration, organization membership and access level management, security policies, auditing, and for products that offer programmatic access to their customers. API token management. Every SaaS company needs to build these capabilities from scratch, which is a waste of time and resources that could be spent on core product value. The most difficult of these capabilities to build and maintain is single sign-on configuration. This feature provides a flexible, self-service SSO configuration experience to our SaaS customers' business customers. Verify accounts and password reset with one-time password code. Enhance security by requiring a unique, time-sensitive OTP sent to a user's registered email or phone number to verify accounts or reset passwords. Phone extensibility. Customize outbound flexible identifier phone messages and providers with a new phone extensibility action. Thanks for viewing the Customer Identity Cloud Monthly release highlights. Information and documentation on the latest updates can be found at auth0.com change log.