| copyright | lastupdated | keywords | subcollection | content-type | ||
|---|---|---|---|---|---|---|
|
2024-05-13 |
release notes, new, spa, single sign on, mfa, cloud directory, saml, app security, application identity |
appid |
release-note |
{:codeblock: .codeblock} {:screen: .screen} {:download: .download} {:external: target="_blank" .external} {:faq: data-hd-content-type='faq'} {:gif: data-image-type='gif'} {:important: .important} {:note: .note} {:pre: .pre} {:tip: .tip} {:preview: .preview} {:deprecated: .deprecated} {:beta: .beta} {:term: .term} {:shortdesc: .shortdesc} {:script: data-hd-video='script'} {:support: data-reuse='support'} {:table: .aria-labeledby="caption"} {:troubleshoot: data-hd-content-type='troubleshoot'} {:help: data-hd-content-type='help'} {:tsCauses: .tsCauses} {:tsResolve: .tsResolve} {:tsSymptoms: .tsSymptoms} {:java: .ph data-hd-programlang='java'} {:javascript: .ph data-hd-programlang='javascript'} {:swift: .ph data-hd-programlang='swift'} {:curl: .ph data-hd-programlang='curl'} {:video: .video} {:step: data-tutorial-type='step'} {:tutorial: data-hd-content-type='tutorial'} {:ui: .ph data-hd-interface='ui'} {:cli: .ph data-hd-interface='cli'} {:api: .ph data-hd-interface='api'} {:terraform: .ph data-hd-interface='terraform'} {:release-note: data-hd-content-type='release-note'}
{: #release-notes}
{: #appid-jun2223} {: release-note}
IdP-initiated login is now available : If you want to log in to your applications on IBM Cloud from your identity provider's UI, you can enable IdP-initiated login. Learn more.
{: #appid-may0423} {: release-note}
IBM Cloud Foundry service broker unsupported : All services that use the Cloud Foundry service broker will stop working on 1 June 2023, when Cloud Foundry enters the End-of-Support stage.
Does this change affect me?
Not sure if your {{site.data.keyword.appid_short_notm}} instance is using the Cloud Foundry service broker? In the Cloud Foundry services section, check whether your {{site.data.keyword.appid_short_notm}} instance is listed as an alias. If your instance is already an alias, you do not need to take any action.
If your instance is not an alias and you want to keep it, please contact IBM Cloud support{: external} to discuss next steps.
{: #appid-feb0123} {: release-note}
Ability to bulk delete Cloud Directory users
: It's now more efficient for users to clean up {{site.data.keyword.appid_short_notm}} instances. You can now use the bulk_remove API endpoint to remove multiple users from an {{site.data.keyword.appid_short_notm}} instance at once. Learn more.
{: #appid-Dec1522} {: release-note}
New {{site.data.keyword.appid_short_notm}} API endpoints
: {{site.data.keyword.appid_short_notm}} added options to make it more efficient for you to migrate your users from one service instance to another. You can now use the export_all or import_all API endpoints to migrate all of your users (up to approximately 16,000).
{: #appid-Jun2722} {: release-note}
Swift Server SDK unsupported : {{site.data.keyword.cloud_notm}} no longer supports the Swift Server SDK for {{site.data.keyword.appid_short_notm}}. To continue to receive support for your App ID integration, you can move to directly calling the APIs.
{: #appid-Jan2122} {: release-note}
{{site.data.keyword.appid_short_notm}} availability in Configuration Governance : {{site.data.keyword.cloud_notm}} {{site.data.keyword.appid_short_notm}} is now available as part of the Configuration Governance component of the Security and Compliance Center. You can create guardrails for {{site.data.keyword.appid_short_notm}} such as enforcing whether monitoring of runtime activity made by application users is tracked.
{: #appid-dec1521} {: release-note}
Logging enhancement : As of 15 December 2021, {{site.data.keyword.appid_short_notm}} now logs email addresses from login attempts even if the user is unknown to the service. Previously, email addresses were logged only if the user was known to {{site.data.keyword.appid_short_notm}}.
{: #appid-sept2721} {: release-note}
New region availability : As of 27 September 2021, {{site.data.keyword.appid_short_notm}} is now available in the Sao Paulo region. For a detailed list of the regions in which the service is available, see Regions and endpoints.
{: #appid-jul1221} {: release-note}
New region availability : As of 12 July 2021, {{site.data.keyword.appid_short_notm}} is now available in the Toronto and Osaka regions. For a detailed list of the regions in which the service is available, see Regions and endpoints.
{: #appid-feb2121} {: release-note}
Kubernetes Ingress annotation : As of 21 February 2021, the custom Kubernetes Service Ingress image is deprecated. The {{site.data.keyword.appid_short_notm}} docs are now updated to include information for integrating with the community Kubernetes image. To get started, see Containerized apps with Ingress. For more detailed deployment information, see the {{site.data.keyword.containershort_notm}} documentation.
{: #appid-nov2020} {: release-note}
App to app access control : You can now control which actions that an application is able to perform in your apps by using role-based app-to-app access control. For more information, see the access control docs.
{: #appid-jun1820} {: release-note}
Securing your data in {{site.data.keyword.appid_short_notm}} : You can now restore deleted instances of {{site.data.keyword.appid_short_notm}} during the data retention period. Learn more.
{: #appid-jan2720} {: release-note}
Cloud Directory: Connect your own email provider : You can now bring your own custom email provider or connect your SendGrid account to have more control over your email communication with your users. For more information, see the configuring email settings docs.
Import and export user roles : You can now include any roles that are assigned to a user as part of using the export and import APIs. For more information, see the migrating profiles or managing Cloud Directory users documentation.
Post-MFA extensions : You can now create post-MFA extensions to help you to monitor and improve your users MFA experiences. For more information, see the extending MFA docs.
Pre-MFA extensions : You can now create pre-MFA extensions that allow you to make custom decisions at runtime about which users must complete your MFA flow. For more information, see the extending MFA docs.
{: #appid-dec1519} {: release-note}
Access control : You can now define which users are able to access your app data, use specific features, or perform specific actions in your apps by using role-based access control. For more information, see the access control docs.
Cloud Directory: Custom MFA flows : You can now make custom decisions about who must complete the MFA flow by configuring your own extension and registering it with {{site.data.keyword.appid_short_notm}}. For more information, see Customizing MFA.
{: #appid-nov2219} {: release-note}
Single-page applications: SDK : Don't manage a backend for your app? You can now easily secure your browser applications by using the JavaScript SDK. For more information, see the SPA docs.
{: #appid-sept1219} {: release-note}
Increase the security of your SAML flow : You can now increase the security of your SAML work flows by enabling request signing and response encryption. For more information, see SAML.
{: #appid-aug0819} {: release-note}
Track runtime authentication events with {{site.data.keyword.at_short}} : Now you can track, manage, and analyze authentication events that are performed by your app users at runtime by integrating {{site.data.keyword.at_short}} and {{site.data.keyword.appid_short_notm}}. Releasing your secured custom, mobile, or web app to your users is only the beginning of your journey toward adoption. After your app is deployed, you need to have insights into how your users are interacting with your app. For example, the number and trends of active users. In regulatory markets, such as with HIPAA, you must have a way to share the detailed records of both successful and failed authentication events with auditors. With {{site.data.keyword.appid_short_notm}}, you can now have a very detailed view of runtime events that are related to user authentication.
Edit user profile information directly in the dashboard : You can now update profiles for users of your application through the {{site.data.keyword.appid_short_notm}} dashboard. Then, you can use that information to personalize their experience of your app. For more information, see user profiles.
{: #appid-jul3019} {: release-note}
Create future user profiles through the dashboard : You can now start building profiles for users that you know will use your application in the future through the {{site.data.keyword.appid_short_notm}} dashboard. For more information, see Preregistering future users.
Slack channel : Have questions while working with {{site.data.keyword.appid_short_notm}}? Get in touch directly with the development team on Slack{: external}!
The {{site.data.keyword.appid_short_notm}} Identity and Access Istio adapter : Centralize all your identity management in a single place with the App Identity and Access adapter. The adapter can be configured to work with any OIDC-compliant identity provider, which enables it to control authentication and authorization policies in all environments including both front and backend apps. And, it does it all without any change to your code or the need to redeploy your application. For more information, see Securing multicloud apps with Istio.
Access user profile information through the GUI : View information about all your users that you can leverage to build personalized app experiences. For more information, see Storing and accessing profiles.
Cloud Directory: Automatically associate users with a profile : Automatically associate Cloud Directory users with an {{site.data.keyword.appid_short_notm}} profile as you create them. For more information, see Managing users.
{: #appid-may1819} {: release-note}
Cloud Directory: View user information : View information about your Cloud Directory users that you can leverage to build personalized app experiences. For more information, see Viewing user information.
{: #appid-apr2419} {: release-note}
Version 4 of the runtime APIs : Update your apps! To further the standards on which {{site.data.keyword.appid_short_notm}} is based, we've made a few changes. With those changes, we were able to tighten interoperability within the OIDC workflow and broaden the frameworks that are able to use the service.
Cloud Directory: Single sign-on : Provide smooth authentication experiences between multiple web apps with single sign-on (SSO) for Cloud Directory. With SSO enabled, user's are not prompted to reenter their credentials the next time they attempt to access your app. Instead, they are automatically signed in to any of your apps that are protected by the same {{site.data.keyword.appid_short_notm}} instance. For more information, see Single sign-on.
Updated dashboard : Navigate through your Cloud Directory information quickly! Using IBM Design Thinking{: external}, the {{site.data.keyword.appid_short_notm}} dashboard has been redesigned to give you an even better user experience.
{: #appid-feb0719} {: release-note}
Cloud Directory: Multi-factor authentication - SMS : Require users to enter a second form of authentication during sign-in to increase the security of your app. With Cloud Directory, the first factor is the user's password that they would normally use. Then, the service sends the user a one-time code through SMS that the user must enter before they can gain access to your app. For more information, see Multi-factor authentication.
{: #appid-dec1118} {: release-note}
Cloud Directory: Multi-factor authentication - Email : Require users to enter a second form of authentication during sign-in to increase the security of your app. With Cloud Directory, the first factor is the user's password that they would normally use. Then, the service sends the user a one-time code through the email that is registered that the user must enter before they can gain access to your app. For more information, see Multi-factor authentication.
Cloud Directory: Password policies : Further enforce app security by specifying rules that users must adhere to when they create the password that they use to sign in. For example, you can set an advanced policy that dictates the number of times a password must change before a user can reuse a previous password. Or, you can prevent users from creating a password that contains their username or email address. For more information, see Defining password policies.
{: #appid-mar1717} {: release-note}
Introducing {{site.data.keyword.appid_short_notm}} : IBM Cloud App ID allows you to easily add authentication to web and mobile apps. You no longer have to worry about setting up infrastructure for identity, ensuring geo-availability, and confirming compliance regulations. Instead, you can enhance your apps with advanced security capabilities like multifactor authentication and single sign-on.