Release Notes
Secure Access
Learn more about the latest updates to the Secure Access platform.
June 28, 2025
Secure Access Release Notes
Here’s a summary of the latest features and improvements to the Beyond Identity Secure Access platform.
What's New
New Directory UI Features (Early Access)
We're introducing exciting new features in the Directory section of the platform. These features are currently in Early Access. If you'd like to try them out, contact Support.
-
New Enrollment Summary Section
A new Enrollment Summary now appears at the top of the Identities section, offering a quick snapshot of your directory. It displays key metrics such as the total number of identities, those enrolled or not enrolled, pending and failed invite attempts, and more.
-
Batch Enrollment Feature
Administrators can now onboard multiple users with a new bulk enrollment feature. This update simplifies enrollments by enabling administrators to send up to 200 invitation emails at a time to multiple users.
-
Batch Identities Deletion Feature
Administrators can now delete multiple identities at once with a new bulk deletion feature.
Multi-Realm Management Now Available (Early Access)
The new multi-realm feature allows administrators to manage Secure Work and Secure Customer identity directories within a single tenant, making it seamless to handle both employee and customer authentication workflows.
View user documentation:
Granular Role Permission Customization (Early Access)
Administrators can now create and assign custom roles with granular, least-privilege permissions in the Secure Access Console. Admins can define exactly which actions each role can perform, such as allowing help desk staff to reset credentials or enabling application owners to manage app assignments. This feature minimizes the number of high-privilege accounts, reduces the attack surface, insider risk, and helps meet access control requirements for standards like SOC 2, ISO 27001, HIPAA, and FedRAMP.
Bug Fixes
-
Eliminated Duplicate
Timeout scenarios no longer trigger multipleUSER_AUTHENTICATION
Events on TimeoutUSER_AUTHENTICATION
events. Events are now reliably emitted once per authentication attempt, improving log accuracy.
-
Corrected Invalid
UNAUTHORIZED
Authentication EventsResolved an issue where failed authentications could produce empty or invalid
USER_AUTHENTICATION - UNAUTHORIZED
events. These events now consistently contain the correct information for auditing and troubleshooting.
June 27, 2025
Version 2.104.0-4 BI Authenticator Release Notes
Beyond Identity began deploying its Platform Authenticator v2.104.0-4 on June 27, 2025. This release includes one new feature and a bug fix.
What's New
Operating System | Feature |
---|---|
Windows, macOS | Customizable Authentication Prompts |
IT administrators can now customize the informational text displayed during authentication/verification prompts on Windows and macOS desktop devices. This enhancement gives organizations the flexibility to deliver clear, context-specific guidance during the authentication process. Administrators can use the BIConfigure tool to set, retrieve, or clear this custom text, helping align prompts with internal policies, minimize user confusion, and support compliance initiatives. Learn how to configure authentication prompts
Bug Fixes
Operating System | Fix |
---|---|
Windows | Authentication Stability Improved |
We addressed a rare timing issue that could cause authentication to fail when the same request was processed by multiple components. This fix improves reliability and reduces the chance of unexpected failures during authentication.
June 14, 2025
Secure Access Release Notes
Here’s a summary of the latest updates and improvements to the Beyond Identity Secure Access platform to enhance your experience and security.
Enhancements
Console Session Behavior
-
Improved Re-Login Experience After Timeout
Refined the re-login flow in the Secure Access Console for a smoother, more intuitive user experience after session timeout or logout. -
Improved Partner Branding Stability
Partner logo assets are now self-hosted in the Secure Access Console, improving branding reliability and load performance.
Bug Fixes
-
Unexpected Logouts During Active Sessions
Fixed an issue causing active users to be logged out unexpectedly from the Secure Access Console. -
Region Toggle Now Works Correctly in EU
Resolved a problem where the region toggle displayed incorrect information and produced invalid links in the EU Virtual Data Center (VDC). The toggle now accurately reflects the active region. -
Repeated Logout After “Resume Activity” Prompt
Fixed a bug where users were logged out even after choosing “Resume Activity” during session timeout warnings. Session timers now reset correctly with each interaction. -
Firefox Private Browsing Login Issue
Resolved an issue preventing logins in Firefox Private Browsing mode after configuring Okta as an identity provider (IdP). Authentication payload handling has been improved to ensure reliable login experiences.
May 28, 2025
Secure Access Release Notes
Here’s a summary of the latest updates and improvements to the Beyond Identity Secure Access platform to enhance your experience and security.
What's New
Inactivity Timeout for Enhanced Security
To help keep your data secure, the Secure Access Console now automatically logs users out after 15 minutes of inactivity. If your session times out, simply log in again to continue where you left off.
Learn more about session behavior
Kandji + Beyond Identity Integration
The Beyond Identity Mac Platform Authenticator (PA) is now integrated into Kandji's Auto App Collections, enabling fully automated deployment and updates via the Kandji MDM platform. This eliminates the need for IT admins to manually download and re-upload the latest version of the Mac PA, streamlining operations with zero-touch updates. By selecting options like "Continuously Enforce" and "Automatically enforce new updates," you can ensure your macOS devices will always have the latest, most secure version of the Beyond Identity Authenticator.
Enhancements
BI Authenticator Updates: iOS v2.103.3 (Released May 13)
Streamlined Navigation After Authentication on iOS
We've improved the post-authentication experience in our iOS app to make navigation smoother and more intuitive. After completing authentication, users are now guided back to the previous screen more seamlessly, reducing friction and improving overall usability. This enhancement is part of our ongoing effort to deliver a more polished and user-friendly experience on key mobile platforms.
May 13, 2025
Version 2.103.3 BI Authenticator Release Notes
- iOS
- Navigating back to the previous app after authentication is now visually clearer, thanks to updated graphics.
Changes
April 22, 2025
Version 2.103.1 BI Authenticator Release Notes
- Android: Resolved an issue where some users could not register a passkey via any method, including email registration link, 9-digit code, or credential extension. Users affected by this issue could also not authenticate with existing passkeys.
Fixed
April 17, 2025
Version 2.103.0 BI Authenticator Release Notes
- Changes to Secure Work Passkey Extension flow - Documentation
- Passkey Extension for Secure Access - Documentation
- iOS & Android
- Default the initial screen to the listing of all user passkeys, rather than the 1st passkey.
- macOS
- Fixed a minor issue where a long username would cause the Tenant name to be clipped on the user passkey.
- Windows
- Fixed an issue where Domain Connector 2.102.6 would not start.
- Changed default locations and settings to better align with Windows best practices.
- Settings.ini file moved to C:\ProgramData\BeyondIdentity\domain_connector.ini
- The default log folder moved to C:\ProgramData\BeyondIdentity\logs\domainConnector
- The multiDC configuration value now defaults to yes
Changes
Fixed
April 14, 2025
Secure Access Console Release Notes
- We are now publishing a new debug capability for integrations that improves event transparency and accountability in the Beyond Identity Console.
- The new event type, FETCH_DATA_FROM_INTEGRATION, provides information when an attempt to retrieve data from your integrations fails.
- Beyond Identity will retry the connection to your integration approximately once per 15 minutes. Each time the attempt to fetch data from the integration fails, you will see the new event in your Activity log.
- After the connection to the integration is restored, we will send one FETCH_DATA_FROM_INTEGRATION event with a Success outcome to confirm that the connection has been reestablished. Future successful data retrievals will not send more events.
- You can filter these events from your view in the Activity log.
- You can view these events for each integration on the new Logs tab in the Integrations panel:
New event type: Fetch Data From Integration

February 28, 2025
Secure Access Release Notes
Console
v1.55
- Added support for bulk email enrollment from the Identities page
- This functionality is available on request. Contact your Beyond Identity support representative for more information.
- This functionality is available on request. Contact your Beyond Identity support representative for more information.
v1.56
- Fixed a bug where Administrators and Users login to the Beyond Identity Console navigated users to the incorrect login screen if the
?tenant={TENANT_NAME}
query parameter was present in the URL
v1.59
- Added Groups as an optional attribute statement value source
- When creating a new application with Generic SAML, the dropdown field for Beyond Identity Attribute Name now includes
Groups
. This functionality enables bulk assignment for Groups. Both the Beyond Identity Console and the API support this.
- When creating a new application with Generic SAML, the dropdown field for Beyond Identity Attribute Name now includes
Bug fixes
- Improved dashboard performance
- Fixed an API token error with the Okta | Beyond Identity integration which prevented
byndRegistered
custom attribute in Okta from being updated successfully upon end user enrollment in Beyond Identity - Fixed an issue with SCIM-created Groups not being visible in the Application Assignment page
- Resolved an issue with policy attributes evaluating to undefined in the policy activity log
- Improved CrowdStrike policy evaluation accuracy for temporary API return errors that prevented successful user logins
- Fixed a bug with policy activity log displaying the incorrect status of CrowdStrike Device Found attribute
February 6, 2025
Windows Version 2.102.0-6 and macOS 2.102.0-7 BI Authenticator Release Notes
New
Platform Authenticator ProxyBeyond Identity is in the process of adding official proxy support to the Platform Authenticator on the macOS and Windows platforms. This is the first release to preview this functionality.
To minimize the chance of any change in behavior for existing users of Beyond Identity, this feature is not active by default. However, during the preview phase of this feature, the end user of the Platform Authenticator can enable this functionality. The list below details what happens when this feature is enabled.
In a future release, this feature defaults to an enabled state. We recommend any current users of Beyond Identity to turn on the feature with an administrator and to attempt an authentication as normal. With this feature enabled and authentication working as expected, no future change is required on your configuration.
View the Proxy End User Guide for more information.
October 28, 2024
Version 2.100.6 BI Authenticator Release Notes
- Windows - Additional functionality bugs resolved
Fixed
Version 2.100.5 Endpoint Release Notes
- macOS - Fixed MDM detection on iOS when enabling Safari extension
- General - Resolved functionality bugs