Skip to main content
Version: Secure Access

Release Notes

Last updated on

Secure Access Release Notes

Secure Access release notes are published biweekly for commercial deployments in both the US and EU. FedRAMP and government environments receive updates two weeks after features are released to commercial deployments.

July 23, 2025

Secure Access Release Notes

Here’s a summary of the latest features and improvements to the Beyond Identity Secure Access platform.


What's New


  • Secure Access Roaming Authentication (Early Access)

    End users can now authenticate securely on devices that don’t have their passkey installed. This is ideal for shared workstations, kiosks, or virtual desktops, and provides a fast, phishing-resistant way to log in when a primary device is unavailable, broken, or lost. More details in our user documentation.

Bug Fixes

  • The magic-links:create scope is no longer classified as sensitive. For customers using the custom roles feature, this means you no longer need to include all scopes when assigning a role that includes this scope.


  • The Getting Started link for creating identities now directs to the correct page in the documentation.



June 28, 2025

Secure Access Release Notes

Here’s a summary of the latest features and improvements to the Beyond Identity Secure Access platform.


What's New


New Directory UI Features (Early Access)

We're introducing exciting new features in the Directory section of the platform. These features are currently in Early Access. If you'd like to try them out, contact Support.


  • New Enrollment Summary Section

    A new Enrollment Summary now appears at the top of the Identities section, offering a quick snapshot of your directory. It displays key metrics such as the total number of identities, those enrolled or not enrolled, pending and failed invite attempts, and more.

    ReleaseNotes


  • Batch Enrollment Feature

    Administrators can now onboard multiple users with a new bulk enrollment feature. This update simplifies enrollments by enabling administrators to send up to 200 invitation emails at a time to multiple users.

    View user documentation


  • Batch Identities Deletion Feature

    Administrators can now delete multiple identities at once with a new bulk deletion feature.

    View user documentation


Multi-Realm Management Now Available (Early Access)

The new multi-realm feature allows administrators to manage Secure Work and Secure Customer identity directories within a single tenant, making it seamless to handle both employee and customer authentication workflows.

View user documentation:


Granular Role Permission Customization (Early Access)

Administrators can now create and assign custom roles with granular, least-privilege permissions in the Secure Access Console. Admins can define exactly which actions each role can perform, such as allowing help desk staff to reset credentials or enabling application owners to manage app assignments. This feature minimizes the number of high-privilege accounts, reduces the attack surface, insider risk, and helps meet access control requirements for standards like SOC 2, ISO 27001, HIPAA, and FedRAMP.

View user documentation

Bug Fixes

  • Eliminated Duplicate USER_AUTHENTICATION Events on Timeout

    Timeout scenarios no longer trigger multiple USER_AUTHENTICATION events. Events are now reliably emitted once per authentication attempt, improving log accuracy.

  • Corrected Invalid UNAUTHORIZED Authentication Events

    Resolved an issue where failed authentications could produce empty or invalid USER_AUTHENTICATION - UNAUTHORIZED events. These events now consistently contain the correct information for auditing and troubleshooting.

  • Firefox Private Browsing Login Issue

    Resolved an issue preventing logins in Firefox Private Browsing mode after configuring Okta as an identity provider (IdP). Authentication payload handling has been improved to ensure reliable login experiences.



June 27, 2025

Version 2.104.0-4 BI Authenticator Release Notes

Beyond Identity began deploying its Platform Authenticator v2.104.0-4 on June 27, 2025. This release includes one new feature and a bug fix.


What's New

Operating SystemFeature
Windows, macOSCustomizable Authentication Prompts

IT administrators can now customize the informational text displayed during authentication/verification prompts on Windows and macOS desktop devices. This enhancement gives organizations the flexibility to deliver clear, context-specific guidance during the authentication process. Administrators can use the BIConfigure tool to set, retrieve, or clear this custom text, helping align prompts with internal policies, minimize user confusion, and support compliance initiatives. Learn how to configure authentication prompts


Bug Fixes

Operating SystemFix
WindowsAuthentication Stability Improved

We addressed a rare timing issue that could cause authentication to fail when the same request was processed by multiple components. This fix improves reliability and reduces the chance of unexpected failures during authentication.

June 14, 2025

Secure Access Release Notes

Here’s a summary of the latest updates and improvements to the Beyond Identity Secure Access platform to enhance your experience and security.

Enhancements

Console Session Behavior

  • Improved Re-Login Experience After Timeout
    Refined the re-login flow in the Secure Access Console for a smoother, more intuitive user experience after session timeout or logout.

  • Improved Partner Branding Stability
    Partner logo assets are now self-hosted in the Secure Access Console, improving branding reliability and load performance.

Bug Fixes

  • Unexpected Logouts During Active Sessions
    Fixed an issue causing active users to be logged out unexpectedly from the Secure Access Console.

  • Region Toggle Now Works Correctly in EU
    Resolved a problem where the region toggle displayed incorrect information and produced invalid links in the EU Virtual Data Center (VDC). The toggle now accurately reflects the active region.

  • Repeated Logout After “Resume Activity” Prompt
    Fixed a bug where users were logged out even after choosing “Resume Activity” during session timeout warnings. Session timers now reset correctly with each interaction.

May 28, 2025

Secure Access Release Notes

Here’s a summary of the latest updates and improvements to the Beyond Identity Secure Access platform to enhance your experience and security.

What's New

Inactivity Timeout for Enhanced Security

To help keep your data secure, the Secure Access Console now automatically logs users out after 15 minutes of inactivity. If your session times out, simply log in again to continue where you left off.

Learn more about session behavior

Kandji + Beyond Identity Integration

The Beyond Identity Mac Platform Authenticator (PA) is now integrated into Kandji's Auto App Collections, enabling fully automated deployment and updates via the Kandji MDM platform. This eliminates the need for IT admins to manually download and re-upload the latest version of the Mac PA, streamlining operations with zero-touch updates. By selecting options like "Continuously Enforce" and "Automatically enforce new updates," you can ensure your macOS devices will always have the latest, most secure version of the Beyond Identity Authenticator.

Learn more

Enhancements

BI Authenticator Updates: iOS v2.103.3 (Released May 13)

Streamlined Navigation After Authentication on iOS

We've improved the post-authentication experience in our iOS app to make navigation smoother and more intuitive. After completing authentication, users are now guided back to the previous screen more seamlessly, reducing friction and improving overall usability. This enhancement is part of our ongoing effort to deliver a more polished and user-friendly experience on key mobile platforms.

May 13, 2025

Version 2.103.3 BI Authenticator Release Notes

    Changes

  • iOS
    • Navigating back to the previous app after authentication is now visually clearer, thanks to updated graphics.

April 22, 2025

Version 2.103.1 BI Authenticator Release Notes

    Fixed

  • Android: Resolved an issue where some users could not register a passkey via any method, including email registration link, 9-digit code, or credential extension. Users affected by this issue could also not authenticate with existing passkeys.

April 17, 2025

Version 2.103.0 BI Authenticator Release Notes

    Changes

  • Changes to Secure Work Passkey Extension flow - Documentation
  • Passkey Extension for Secure Access - Documentation
  • iOS & Android
    • Default the initial screen to the listing of all user passkeys, rather than the 1st passkey.

    • Fixed

  • macOS
    • Fixed a minor issue where a long username would cause the Tenant name to be clipped on the user passkey.
  • Windows
    • Fixed an issue where Domain Connector 2.102.6 would not start.
    • Changed default locations and settings to better align with Windows best practices.
    • Settings.ini file moved to C:\ProgramData\BeyondIdentity\domain_connector.ini
    • The default log folder moved to C:\ProgramData\BeyondIdentity\logs\domainConnector
    • The multiDC configuration value now defaults to yes

April 14, 2025

Secure Access Console Release Notes

    New event type: Fetch Data From Integration

  • We are now publishing a new debug capability for integrations that improves event transparency and accountability in the Beyond Identity Console.
  • The new event type, FETCH_DATA_FROM_INTEGRATION, provides information when an attempt to retrieve data from your integrations fails.
  • Beyond Identity will retry the connection to your integration approximately once per 15 minutes. Each time the attempt to fetch data from the integration fails, you will see the new event in your Activity log.
  • After the connection to the integration is restored, we will send one FETCH_DATA_FROM_INTEGRATION event with a Success outcome to confirm that the connection has been reestablished. Future successful data retrievals will not send more events.
  • You can filter these events from your view in the Activity log.
  • You can view these events for each integration on the new Logs tab in the Integrations panel:
    • Logs View

February 28, 2025

Secure Access Release Notes

Console

v1.55

  • Added support for bulk email enrollment from the Identities page
    • This functionality is available on request. Contact your Beyond Identity support representative for more information.
      Bulk enrollment

v1.56

  • Fixed a bug where Administrators and Users login to the Beyond Identity Console navigated users to the incorrect login screen if the ?tenant={TENANT_NAME} query parameter was present in the URL

v1.59

  • Added Groups as an optional attribute statement value source
    • When creating a new application with Generic SAML, the dropdown field for Beyond Identity Attribute Name now includes Groups. This functionality enables bulk assignment for Groups. Both the Beyond Identity Console and the API support this.
      Attribute statements

Bug fixes

  • Improved dashboard performance
  • Fixed an API token error with the Okta | Beyond Identity integration which prevented byndRegistered custom attribute in Okta from being updated successfully upon end user enrollment in Beyond Identity
  • Fixed an issue with SCIM-created Groups not being visible in the Application Assignment page
  • Resolved an issue with policy attributes evaluating to undefined in the policy activity log
  • Improved CrowdStrike policy evaluation accuracy for temporary API return errors that prevented successful user logins
  • Fixed a bug with policy activity log displaying the incorrect status of CrowdStrike Device Found attribute

February 6, 2025

Windows Version 2.102.0-6 and macOS 2.102.0-7 BI Authenticator Release Notes

    New

    Platform Authenticator Proxy

    Beyond Identity is in the process of adding official proxy support to the Platform Authenticator on the macOS and Windows platforms. This is the first release to preview this functionality.


    To minimize the chance of any change in behavior for existing users of Beyond Identity, this feature is not active by default. However, during the preview phase of this feature, the end user of the Platform Authenticator can enable this functionality. The list below details what happens when this feature is enabled.


    In a future release, this feature defaults to an enabled state. We recommend any current users of Beyond Identity to turn on the feature with an administrator and to attempt an authentication as normal. With this feature enabled and authentication working as expected, no future change is required on your configuration.


    View the Proxy End User Guide for more information.

October 28, 2024

Version 2.100.6 BI Authenticator Release Notes

    Fixed

  • Windows - Additional functionality bugs resolved

Version 2.100.5 Endpoint Release Notes

    Fixed

  • macOS - Fixed MDM detection on iOS when enabling Safari extension
  • General - Resolved functionality bugs