October 2019

  • CORS is now supported for OIDC endpoints. Previously, OIDC endpoints were unrestricted and all domains had access to the APIs. With this security enhancement to Cloud Identity, you must specify the domains that you want to access the APIs. See Managing domains.
  • Policy editor is updated. See Managing access policies with the policy editor. A New device condition type is added for policy rules. See Managing policy rules with the policy editor.
  • Report documentation is reorganized for more direct access to information. See .
  • A new report for multi-factor authentication (MFA) activity is available. See Generating a multi-factor authentication activity report.
  • WeChat mobile is now a supported identity provider. See Adding a WeChat mobile identity provider.
  • In addition to API client and application, identity source is added as a new token category for OIDC grants. See Managing tokens.
  • You can manage which identity sources are shown to users and administrators on a new Security > Sign-in options tab. See Managing sign-in options.
  • Two attributes, login_hint and max_age, are added to grant types. See Grant types.
  • FIDO2 is supported for login and second factor authentication. You need a FIDO2 USB device or a device with a FIDO2 built-in sensor. FIDO2 authentication is supported on Google Chrome Canary, which you can download from https://www.google.com/chrome/canary/, Microsoft Edge, and Windows Hello. See Managing IBM Verify Authenticators and Managing FIDO2 devices.
  • QR code and FIDO2 are now supported for passwordless login. See Signing in.
  • Updated list of supported application templates. Added support for the following applications:
    •     Xi Frame