Release Notes
Secure Access Release Notes
Secure Access release notes are published biweekly for commercial deployments in both the US and EU. FedRAMP and government environments receive updates two weeks after features are released to commercial deployments.
August 13, 2025
Secure Access Release Notes
Hot Fix Release
Session Termination on Role Permission Changes
Secure Access console sessions are now automatically terminated if a user’s role permissions are downgraded or if the account is suspended. Actions that can trigger session termination include:
- Removing a user, or a group the user belongs to, from a role
- Removing permission scopes from a role the user is assigned to directly or through a group
- Deleting a role the user is assigned to directly or through a group
When a session is terminated due to a role permission change, the console will redirect to the login screen with a message indicating that the logout was caused by updated role permissions. Users who have not been suspended can log back in immediately, and their new session will reflect the updated role permissions.
August 11, 2025
Secure Access Release Notes
What's New
New Beyond Identity Logo
Beyond Identity unveiled a refreshed logo design on August 11 as part of our company rebrand. Customers will see the updated logo across the RealityCheck, Secure Work, and Secure Access platforms, as well as on both documentation portals. This update is visual only and does not impact platform functionality or user workflows. We’re excited to share this next chapter of our brand with you.
August 6, 2025
Version 2.106.1-2 BI Authenticator Release Notes
Beyond Identity began deploying its Platform Authenticator v2.106.1-2 on August 6, 2025. This release includes an enhancement.
Enhancements
| OPERATING SYSTEM | DESCRIPTION |
|---|---|
| Windows | Windows Platform Authenticator 2.106.1-2 Hot Fix Release The 2.106.1-2 release of the Windows Platform Authenticator is identical to version 2.106.0 (originally released on July 30, 2025). We are issuing a new build because version 2.106.0 was removed from our website on August 5, 2025, after being incorrectly flagged as a false positive by Microsoft Defender. Since Microsoft Defender SmartScreen rule updates can take several hours to propagate, we chose to release a new build (2.106.1-2) rather than re-publish the flagged 2.106.0. |
July 30, 2025
Version 2.106.0 BI Authenticator Release Notes
Beyond Identity began deploying its Platform Authenticator v2.106.0 on July 30, 2025. This release includes enhancements and bug fixes.
Enhancements
| Operating System | Feature |
|---|---|
| Windows, macOS, Android, iOS | Faster Onboarding for Users with Registration Codes We removed an extra step during onboarding for users registering a Secure Access and Secure Work credential. Previously, users with a 9-digit registration code were required to click an additional button to enter the code. This step has been eliminated to streamline the process. |
| Windows | Updated Windows Desktop Login Process - Not available for Secure Access We’ve improved the fingerprint enrollment experience for Windows Desktop Login to better align with Windows Hello requirements. The updated flow now intelligently adapts based on your system setup. For example, whether Windows Hello is enabled, if a PIN has been created, or if a fingerprint reader is available. We’ve also made it easier to access the fingerprint enrollment option within your passkey settings. |
Bug Fixes
| Operating System | Fix |
|---|---|
| Windows | Authentication Hang at Startup Resolved We've fixed an issue that could cause the Windows Platform Authenticator to freeze if launched right after system startup. |
| Windows | WebViewHelper Resource Usage Optimized We've resolved an issue where multiple instances of WebViewHelper could run at the same time, unnecessarily consuming system resources. The update improves system performance and stability during authentication. |
| Windows | Authentication Stability Improved We addressed a rare timing issue that could cause authentication to fail when the same request was processed by multiple components. This fix improves reliability and reduces the chance of unexpected failures during authentication. |
| Android, iOS | Roaming QR Code Scanning Fixed We've resolved an issue that was preventing the app from recognizing and responding to Roaming QR codes. You can now scan these QR codes directly within the app’s camera screen, and it will correctly open the browser to continue the authentication flow, making sign-ins smoother and more reliable. |
| Android | Android App Crash Message Resolved a race condition that could cause the Login Service to crash in the background on Android 12+ devices. Although the service would recover automatically, the operating system reported it as a crash and displayed a pop-up notification to users. |
| Windows, macOS, Android, iOS, Linux | Redundant Passkeys Resolved an issue where re-importing the same credential on a device could result in multiple redundant passkeys appearing in the Admin Console. The system now deletes the duplicate from the cloud to ensure the number of credentials remains consistent between the device and the cloud. |
July 28, 2025
Secure Access Release Notes
Changes
-
Authentication URL During Log In
A new box displaying an authentication URL within the standard Secure Access login dialog has been removed. While the dialog window itself remains part of the normal login flow, the section removed allowed users to copy and paste the URL into their browser to complete authentication. However, we’ve temporarily removed this feature to ensure a more seamless and fully supported login experience.
July 23, 2025
Secure Access Release Notes
Here’s a summary of the latest features and improvements to the Beyond Identity Secure Access platform.
What's New
-
Secure Access Roaming Authentication (Early Access)
End users can now authenticate securely on devices that don’t have their passkey installed. This is ideal for shared workstations, kiosks, or virtual desktops, and provides a fast, phishing-resistant way to log in when a primary device is unavailable, broken, or lost. More details in our user documentation.
Bug Fixes
-
"Create Magic Link" Scope is Now Non-sensitive
The
magic-links:createscope is no longer classified as sensitive. For customers using the custom roles feature, this means you no longer need to include all scopes when assigning a role that includes this scope.
-
Documentation Link for Creating Identities
The Getting Started link for creating identities now directs to the correct page in the documentation.
June 28, 2025
Secure Access Release Notes
Here’s a summary of the latest features and improvements to the Beyond Identity Secure Access platform.
What's New
New Directory UI Features (Early Access)
We're introducing exciting new features in the Directory section of the platform. These features are currently in Early Access. If you'd like to try them out, contact Support.
-
New Enrollment Summary Section
A new Enrollment Summary now appears at the top of the Identities section, offering a quick snapshot of your directory. It displays key metrics such as the total number of identities, those enrolled or not enrolled, pending and failed invite attempts, and more.
-
Batch Enrollment Feature
Administrators can now onboard multiple users with a new bulk enrollment feature. This update simplifies enrollments by enabling administrators to send up to 200 invitation emails at a time to multiple users.
-
Batch Identities Deletion Feature
Administrators can now delete multiple identities at once with a new bulk deletion feature.
Multi-Realm Management Now Available (Early Access)
The new multi-realm feature allows administrators to manage Secure Work and Secure Customer identity directories within a single tenant, making it seamless to handle both employee and customer authentication workflows.
View user documentation:
Granular Role Permission Customization (Early Access)
Administrators can now create and assign custom roles with granular, least-privilege permissions in the Secure Access Console. Admins can define exactly which actions each role can perform, such as allowing help desk staff to reset credentials or enabling application owners to manage app assignments. This feature minimizes the number of high-privilege accounts, reduces the attack surface, insider risk, and helps meet access control requirements for standards like SOC 2, ISO 27001, HIPAA, and FedRAMP.
Bug Fixes
Eliminated Duplicate
Timeout scenarios no longer trigger multipleUSER_AUTHENTICATIONEvents on TimeoutUSER_AUTHENTICATIONevents. Events are now reliably emitted once per authentication attempt, improving log accuracy.
-
Corrected Invalid
Resolved an issue where failed authentications could produce empty or invalidUNAUTHORIZEDAuthentication EventsUSER_AUTHENTICATION - UNAUTHORIZEDevents. These events now consistently contain the correct information for auditing and troubleshooting.
-
Firefox Private Browsing Login Issue
Resolved an issue preventing logins in Firefox Private Browsing mode after configuring Okta as an identity provider (IdP). Authentication payload handling has been improved to ensure reliable login experiences.
June 27, 2025
Version 2.104.0-4 BI Authenticator Release Notes
Beyond Identity began deploying its Platform Authenticator v2.104.0-4 on June 27, 2025. This release includes one new feature and a bug fix.
What's New
| Operating System | Feature |
|---|---|
| Windows, macOS | Customizable Authentication Prompts |
IT administrators can now customize the informational text displayed during authentication/verification prompts on Windows and macOS desktop devices. This enhancement gives organizations the flexibility to deliver clear, context-specific guidance during the authentication process. Administrators can use the BIConfigure tool to set, retrieve, or clear this custom text, helping align prompts with internal policies, minimize user confusion, and support compliance initiatives. Learn how to configure authentication prompts
Bug Fixes
| Operating System | Fix |
|---|---|
| Windows | Authentication Stability Improved |
We addressed a rare timing issue that could cause authentication to fail when the same request was processed by multiple components. This fix improves reliability and reduces the chance of unexpected failures during authentication.
June 14, 2025
Secure Access Release Notes
Here’s a summary of the latest updates and improvements to the Beyond Identity Secure Access platform to enhance your experience and security.
Enhancements
Console Session Behavior
-
Improved Re-Login Experience After Timeout
Refined the re-login flow in the Secure Access Console for a smoother, more intuitive user experience after session timeout or logout. -
Improved Partner Branding Stability
Partner logo assets are now self-hosted in the Secure Access Console, improving branding reliability and load performance.
Bug Fixes
-
Unexpected Logouts During Active Sessions
Fixed an issue causing active users to be logged out unexpectedly from the Secure Access Console. -
Region Toggle Now Works Correctly in EU
Resolved a problem where the region toggle displayed incorrect information and produced invalid links in the EU Virtual Data Center (VDC). The toggle now accurately reflects the active region. -
Repeated Logout After “Resume Activity” Prompt
Fixed a bug where users were logged out even after choosing “Resume Activity” during session timeout warnings. Session timers now reset correctly with each interaction.
May 28, 2025
Secure Access Release Notes
Here’s a summary of the latest updates and improvements to the Beyond Identity Secure Access platform to enhance your experience and security.
What's New
Inactivity Timeout for Enhanced Security
To help keep your data secure, the Secure Access Console now automatically logs users out after 15 minutes of inactivity. If your session times out, simply log in again to continue where you left off.
Learn more about session behavior
Kandji + Beyond Identity Integration
The Beyond Identity Mac Platform Authenticator (PA) is now integrated into Kandji's Auto App Collections, enabling fully automated deployment and updates via the Kandji MDM platform. This eliminates the need for IT admins to manually download and re-upload the latest version of the Mac PA, streamlining operations with zero-touch updates. By selecting options like "Continuously Enforce" and "Automatically enforce new updates," you can ensure your macOS devices will always have the latest, most secure version of the Beyond Identity Authenticator.
Enhancements
BI Authenticator Updates: iOS v2.103.3 (Released May 13)
Streamlined Navigation After Authentication on iOS
We've improved the post-authentication experience in our iOS app to make navigation smoother and more intuitive. After completing authentication, users are now guided back to the previous screen more seamlessly, reducing friction and improving overall usability. This enhancement is part of our ongoing effort to deliver a more polished and user-friendly experience on key mobile platforms.
May 13, 2025
Version 2.103.3 BI Authenticator Release Notes
- iOS
- Navigating back to the previous app after authentication is now visually clearer, thanks to updated graphics.
Changes
April 22, 2025
Version 2.103.1 BI Authenticator Release Notes
- Android: Resolved an issue where some users could not register a passkey via any method, including email registration link, 9-digit code, or credential extension. Users affected by this issue could also not authenticate with existing passkeys.
Fixed
April 17, 2025
Version 2.103.0 BI Authenticator Release Notes
- Changes to Secure Work Passkey Extension flow - Documentation
- Passkey Extension for Secure Access - Documentation
- iOS & Android
- Default the initial screen to the listing of all user passkeys, rather than the 1st passkey.
- macOS
- Fixed a minor issue where a long username would cause the Tenant name to be clipped on the user passkey.
- Windows
- Fixed an issue where Domain Connector 2.102.6 would not start.
- Changed default locations and settings to better align with Windows best practices.
- Settings.ini file moved to C:\ProgramData\BeyondIdentity\domain_connector.ini
- The default log folder moved to C:\ProgramData\BeyondIdentity\logs\domainConnector
- The multiDC configuration value now defaults to yes
Changes
Fixed
April 14, 2025
Secure Access Console Release Notes
- We are now publishing a new debug capability for integrations that improves event transparency and accountability in the Beyond Identity Console.
- The new event type, FETCH_DATA_FROM_INTEGRATION, provides information when an attempt to retrieve data from your integrations fails.
- Beyond Identity will retry the connection to your integration approximately once per 15 minutes. Each time the attempt to fetch data from the integration fails, you will see the new event in your Activity log.
- After the connection to the integration is restored, we will send one FETCH_DATA_FROM_INTEGRATION event with a Success outcome to confirm that the connection has been reestablished. Future successful data retrievals will not send more events.
- You can filter these events from your view in the Activity log.
- You can view these events for each integration on the new Logs tab in the Integrations panel:
New event type: Fetch Data From Integration
February 28, 2025
Secure Access Release Notes
Console
v1.55
- Added support for bulk email enrollment from the Identities page
- This functionality is available on request. Contact your Beyond Identity support representative for more information.
- This functionality is available on request. Contact your Beyond Identity support representative for more information.
v1.56
- Fixed a bug where Administrators and Users login to the Beyond Identity Console navigated users to the incorrect login screen if the
?tenant={TENANT_NAME}query parameter was present in the URL
v1.59
- Added Groups as an optional attribute statement value source
- When creating a new application with Generic SAML, the dropdown field for Beyond Identity Attribute Name now includes
Groups. This functionality enables bulk assignment for Groups. Both the Beyond Identity Console and the API support this.
- When creating a new application with Generic SAML, the dropdown field for Beyond Identity Attribute Name now includes
Bug fixes
- Improved dashboard performance
- Fixed an API token error with the Okta | Beyond Identity integration which prevented
byndRegisteredcustom attribute in Okta from being updated successfully upon end user enrollment in Beyond Identity - Fixed an issue with SCIM-created Groups not being visible in the Application Assignment page
- Resolved an issue with policy attributes evaluating to undefined in the policy activity log
- Improved CrowdStrike policy evaluation accuracy for temporary API return errors that prevented successful user logins
- Fixed a bug with policy activity log displaying the incorrect status of CrowdStrike Device Found attribute
February 6, 2025
Windows Version 2.102.0-6 and macOS 2.102.0-7 BI Authenticator Release Notes
New
Platform Authenticator ProxyBeyond Identity is in the process of adding official proxy support to the Platform Authenticator on the macOS and Windows platforms. This is the first release to preview this functionality.
To minimize the chance of any change in behavior for existing users of Beyond Identity, this feature is not active by default. However, during the preview phase of this feature, the end user of the Platform Authenticator can enable this functionality. The list below details what happens when this feature is enabled.
In a future release, this feature defaults to an enabled state. We recommend any current users of Beyond Identity to turn on the feature with an administrator and to attempt an authentication as normal. With this feature enabled and authentication working as expected, no future change is required on your configuration.
View the Proxy End User Guide for more information.
October 28, 2024
Version 2.100.6 BI Authenticator Release Notes
- Windows - Additional functionality bugs resolved
Fixed
Version 2.100.5 Endpoint Release Notes
- macOS - Fixed MDM detection on iOS when enabling Safari extension
- General - Resolved functionality bugs