Search
K

Release notes archive

Maverics release notes archive

2023-12-20: Optional fields for SAML-based identity fabric, cache config fixed

We've updated Azure SAML, ADFS, Duo and Generic SAML fabric by adding SP Cert Path/Key, Name ID Format, and IDP-initiated login options.
Optional fields

Resolved issues

  • TLS block for cache config is now properly formatted for deployment

2023-12-19: Windows client authentication

You can now add Windows desktop authentication to your identity fabric. The Windows Client Authenticator App for Maverics allows Windows/IIS users to validate their identity to Maverics Orchestrator using their Windows desktop credentials. The app can be downloaded from any environment.
Windows Client Authenticator

Resolved issues

  • Resolved an issue where policies that use equals were not being deployed.
  • Resolved an issue where service extension claims values where not appearing on first page load.

2023-12-13: Fixed missing metadata on deploy that includes a Build Claims SE

We've released a partial fix to an issue where metadata entered in a build claims SE was not deploying with a user flow.

2023-12-07: Improved import of service extensions and deployment of updated service extensions

This release includes continued improvements to the import process. You can now import user flows that reference service extensions. Deployments now include additional metadata in the JSON for the import process to execute correctly, however the metadata is completely ignored when read by the orchestrator.
Note: To use this update, you will need to redeploy a user flow that contains service extensions, then download the maverics.tar.gz file and re-import using the button on the dashboard.

Resolved issue

  • Fixed an issue where the the latest edits of a service extension were not being deployed in a user flow. This condition was found when two user flows were being deployed that reference the same service extension. Now in this scenario Maverics will always deploy the latest service extension. This is consistent with how identity fabric (Connector) config is deployed when referenced by more than one user flow.

2023-12-05: Canada region selector, import enhancement, and Learning Center update

New accounts have the ability to sign up and login to the new Maverics Canada instance. Accounts in the US and Canada are completely separate. Features and fixes are deployed at the same time as the US.
To use the region selector, go to https://maverics.strata.io and select Canada from Available Regions. You will then be redirected to https://ca.maverics.strata.io to sign up for a new account.
Selecting Canada as your region
Existing customers who would to use the Canadian region instead of the US region need to manually migrate their data to a new Canadian account. Maverics has import capabilities that can help facilitate migrating user flows, app fabric, application definitions, and environment settings to a new account.

Import configuration to existing environments

When you import configuration, creating a new environment is now optional by default. This enables yyou to easily deploy user flows to existing environments without creating unnecessary environments.
Import configuration
Recipe formats included in the Learning Center have also been updated to use Proxy type apps.

Resolved issue

  • Empty IDP-initiated login fields are no longer being set in the deployed config.

2023-11-29: nameID format for SAML app type

You can now specify the nameID format of your choice in the SAML app type setup.

Resolved issue

  • You can now specify the OIDC well-known endpoint in the Azure AD attribute provider configuration. This will enable you to use Azure as a standalone attribute providers with other IDPs.

2023-11-28: Attribute provider bug fix

Resolved issue

  • Fixed an issue where if an attribute provider was included in a rule, an inspection error was shown that prevented you from being able to commit and deploy.

2023-11-21: Resolved SAML issue

  • If you set up custom certs in the SAML auth provider settings, the SAML cert you download from an Environments page now displays the correct cert (*.pem file).

2023-11-20: Service extension code editor improvements

The service extension code editor will now show compile errors as you type.
Compile errors
Additionally, the deploy screen will now show service extension diffs.
SE diff view

Resolved issues

  • When an account owner deletes an account, it will only delete the selected account and not delete the user. When a user logs in that has no accounts they will be shown the Oops Octopus error. From here they can be invited to another account or delete their user from the profile menu.
  • Fixed an issue where the import of service extension names came through as ids. Now all service extensions deployed will include the name field.
  • When editing an environment, a breadcrumb to go back to the environment now appears.

2023-11-16: Sonar OIDC test app!

To test OIDC auth flows, we have an updated image in Docker Hub and documentation on how to use it to spin up your own local running version of Sonar.
Sonar Systems test app

Resolved issues

  • Orchestrator telemetry is now off by default when creating any non-evaluation environment
  • Audited all default service extension examples to ensure they can deploy without error to orchestrators. Added a specific note about using claims SE with SAML apps.
  • Fixed cert issues when downloading a SAML metadata file
  • Fixed edinvite sign-up flow when user has already started sign-up
  • Fixed a validation on static headers that prevented you from using a or a period in a value.

2023-11-14: Proxy app: static headers

When creating a proxy app user flow, you can now send any static header without having to source it from the session.
Proxy app static headers
Set your attribute, and choose Static as the attribute provider. The header will be sent to your favorite proxy app.

Resolved issues

  • Duplicate accounts are no longer created if a user attempts to sign up multiple times through PLG or SLG sign up flows.
  • The Calendly scheduling widget will now render properly on Safari.

2023-11-10: Proxy app specific logout

You can now add a proxy app logout URL and post logout redirect URL to proxy apps. See our docs.
Proxy app logout
Additionally, if you need to make a query to Okta to add custom claims to your session you can now do this by using Okta as a attribute provider.
Okta attribute provider

Resolved issues

  • Metadata from service extensions persists and are now properly deployed.
  • Claims set in service extensions can now be properly selected and deployed for OIDC and SAML apps.
  • Partial fix for sign up issues causing duplicate accounts.
  • Fixed an issue where attribute providers username mapping configuration was malformed for proxy apps.
  • No longer missing last commit date/time for user flow list
  • Resolved an issue where the orchestrator would fail to start up a SAML or OIDC app type service due to a configuration mismatch when a service extension is present. Maverics will now omit claimsmapping if empty when deploying SAML or OIDC app type user flows.

2023-11-06: Service extensions metadata

You can now define key-value pairs for additional context, such as environment variables, in your service extensions.
Service extension metadata
There is a known issue where the input is colliding with the accessibility widget. If a prompt appears, click Reset in the accessibility widget settings in the lower right corner.

Resolved issues

  • Updated logos on signup.

2023-11-02: IDP initiated login for SAML app user flows

Maverics now enables you to set up an IDP-initiated login flow for a SAML app type.
IDP-initiated login

Resolved issues

  • Addressed an issue where headers were missing or not properly generated for proxy app deployments. (Note: This is still an issue for existing header-based apps. To utilize the fix, create a new proxy app. The fixes to existing header-based apps will be released soon.)

2023-11-01: Introducing proxy apps!

Header apps are now called proxy apps. You will still be able to edit and deploy existing header app type user flows, however you will no longer be able to create new AppGateway-based configuration in Maverics. Instead, you can create proxy apps.
We have also released a new service extension format and updated our service extension examples.

Resolved issues

  • You can now successfully add headers to location policy.
  • You will no longer get orchestrator errors due to the extraneous empty cache config.

2023-10-24: Updated invitation email

We've updated user invitation emails to specify the user who sent the invitation and the account you've been invited to.
Invitation email

2023-10-23: Transfer ownership of an account

In the Accounts section, you can now transfer ownership of an account to another member of your team. Owners of accounts can invite members, make payments, or delete the account. To transfer ownership of your account, go to Profile > Accounts.

2023-10-16: Resolved issue

  • You can now delete your user profile without error.

2023-10-12: API app type support

Import now supports API app types. You can now download a deployment bundle that contains a API app type user flow and import that configuration into a new local or evaluation environment.

User profile page

Users now have a Profile page where they can view their name and email, and delete their profile. If the user is an account owner, it will delete the account. If the user is a member of another account, it also will remove them as a member of another account.

Resolved issues

  • Updated the build claims service extension code example

2023-10-05: Member invitations

When inviting a member to your account, the invitee no longer has to sign up for a personal account. They become members managed by another account owner.
Member invite flow
Additionally, import options now support orchestrator settings.
Import options

Resolved issues

  • The new IDE now shows up properly for API app types.

2023-10-04: Splitting the main configuration and service extensions for API app type user flows

When deploying a configuration, the deploy preview can now show code changes in the main configuration separately from code changes in the bundled service extensions.
Deploy preview
Note: This feature is currently limited to API app type user flows.
Additionally, we now offer a side-by-side comparision view in the deploy preview.
Deploy preview

2023-10-02: SAML and OIDC Auth Providers settings in Environments

You can now upload independent key pairs used for encryption for SAML and OIDC Auth Providers. To use this, open an environment and click Edit. Scroll down and upload your key pairs.
SAML and OIDC auth providers
Additionally, the Import function now shows a preview of ingredients being imported, and a new tutorial to extend Okta to a legacy, non-standard app is now available in the Learning Center.

Known issues with SAML and OIDC Auth Provider certs

  • After you have uploaded custom key pairs, you are unable to revert back to use generated certs
  • When using a custom cert for SAML and generated Cert for OIDC, the deployed config has invalid name values in the OIDC config (workaround: use custom certs for both key pairs in the unlikely event you deploy both of these app types to a single environment)

Resolved issues

  • A portion of the Learning Center no longer appears on the first step of signing up with HYPR.
  • 2023-09-29: Handle unauthorized service extension

Service Extension: CustomUnauthorized-page
Our new CustomUnauthorized service extension enables you to provide a custom experience when a user is not authorized to access a resource.

2023-09-27: SAML app encryption options

When defining a SAML app, you can now upload a cert to verify the signatures of incoming requests.
SAML app cert
When there is no cert uploaded the resulting config will now include: "requestVerification": { "skipVerification": true
SAML provider encryption settings
  • Create/edit environments: SAML provider encryptions options are available when you create and edit an environment.
  • Custom key pair: You can now override the automatic generation of certs/keys and upload a custom cert and key pair.
  • Disable signing: You can now disable signed responses and assertions.

Known issue

  • Checking both Double Signed Response and Double Signed Assertion will result in an error from the Orchestrator. They are meant to be used one at a time, however this will be addressed in a future update.

Import enhancements: Service extensions

You can now import tar.gz files. These can contain app definitions, identity fabric config, user flows…and now user flows that contain service extensions.
To use it:
  1. 1.
    Deploy a user flow that includes service extensions.
  2. 2.
    Download the configuration either from the deploy screen or from the environment.
  3. 3.
    Go to the Dashboard and choose Import using a tar bundle.

Resolved issues

  • Fixed an issue where you could not import json from the Learning Center tutorials.

2023-09-26

Import config: expanded to support OIDC and SAML app type and user flows

The import config capability now has a number of use cases that it supports.
  • In-application tutorials: It is used to import recipes in our tutorials
  • Application Onboarding: After a deal is signed, a discovery process launches during a kick-off with our customers. They often complete an inventory of hundreds of applications with technical information that we need to define in config. Now you can construct a JSON file from this data and import it directly into Maverics taking a once manual input process and automating it completely.
Other import enhancements include:
  • “Flow” is no longer appended to the name of an imported flow.
  • Flow names are supported on import/export with the flowName key in the json.
  • You can now import OIDC and SAML app type and user flows To use it:
    • Deploy a SAML or OIDC app type user flow.
    • Download the .tar.gz bundle from the Environments page
    • Unzip the bundle and open the maverics.json in a text editor. Copy the code.
    • Go to Import Identity Orchestration Recipe Import https://maverics.strata.io/user_flows_import

Policy editing refinements

You can now add add identity fabric to a policy location without having to specify it on a user flow. The radio buttons are now gone and replaced with drop-downs. We also took the opportunity to polish the titles and descriptions with terms that are more straight-forward.
Policy editing refinements
Note: The authentication section no longer appears on the user flow definition page for a header based app. This is not an error. It has moved to a policy definition drop down.

Keycloak to Amazon Cognito tutorial in the Learning Center

The newest tutorial available in the Learning Center helps on-prem Keycloak customers extend to Amazon Cognito.
To use it, you will need a Cognito User Pool and test user. You will be adding a client and creating a test user. To try the tutorial, go to https://maverics.strata.io/learn/redirect?context=keycloak-to-cognito-recipe

Service extensions: code editing enhancements

The new GO code editor for service extensions provides an enhanced syntax formatting autocomplete. The editor provides a lightweight editing experience, and is not intended to be used like a full IDE.
To use it, start editing service code a drop down will automatically appear with suggestions. You can also ctrl+space anywhere in the code editor to manually envoke the code editor.
SE code editing

Other resolved issues

  • When importing a recipe, application icons will no longer appear as broken images.

2023-09-14: Duo Single Sign-On is now available!

Using Duo and Maverics together has become even easier. You can now set up Duo Singe Sign-On (SSO) as part of your identity fabric, and use it for authentication in your user flows.

Other features

  • You can now sort user flows by the last commit date.

2023-09-12: Several feature enhancements

Applications

  • You can now specify TLS settings in header-based apps
    • Add a path to a CA cert
    • Skip TLS verification (enableSkipVerify):
      enableSkipVerify

Fabric

  • Fabric now includes the logoutURL (for example, https://auth0tenantname/v2/logout) required by Auth0.
  • You can now specify scopes in OIDC providers.
    enableSkipVerify

Other features

  • Mac, Windows, and Linux now have the same easy 3-step experience. Our updated Linux evaluation bundle now includes a raw orchestrator Linux executable. There's no need to install an RPM enabling you to launch it from a command line.
  • Login and isLoggedIn service extensions are always used together and have now been combined into a single form called Upstream Application Login.

Resolved issues

  • Updated service extension names and descriptions

2023-09-11: Service Extension parity

We've now achieved 90% parity with the service extension points available via the YAML API.
Proxied apps use the the service extension format currently documented for YAML configuration, while SAML apps, OIDC apps, and API endpoints (aka ServeSE) require a new format. The new format is available for internal preview, and public documentation for the new service extensions will be released soon.

Introducing API application type (ServeSE), isLoggedIn, and Login

Develop an API app to facilitate identity flows by creating custom HTTP endpoints, serving HTML pages, or executing custom scripts.
To use it:
  1. 1.
    Go to Applications and select API from the application type column.
  2. 2.
    Enter a name, description, and function name (for example, Serve).
  3. 3.
    Add your Go code in the code editor and click Create.
  4. 4.
    Create a new user flow and select the app you created in step 3.
  5. 5.
    Commit and deploy. You can now deploy user flows that can integrate with these APIs.
You can also add Login service extension points to your header-based app user flows.
Service extension
Select from Service Extensions.
Service extension
Add to your header-based app's user flow.
When a service extension code has been modified, any user flows that reference them will be updated with the status of 'Uncommitted changes.' This will signify that you need to commit and deploy to have the changes take effect.
Finally, in order to simplify the experience, the identity fabric code view has been removed. You can still see the code on the user flow deploy step.

2023-09-05: Improved Windows evaluation bundle

The Windows evaluation experience has been improved. You no longer have to:
  • Run an installer
  • Delete system environment variables (e.g. default yaml config and license files)
  • Edit registry values
  • Edit maverics.env - all paths to certs and keys just work
To use it:
  1. 1.
    Download the zip file and right click and select “Extract all…”
  2. 2.
    Open the Command Prompt.
  3. 3.
    Use cd to navigate to where you extracted the eval bundle.
  4. 4.
    Run call maverics.bat && maverics-orchestrator.exe
  5. 5.
    Go to Orchestrator Telemetry and check for the green dot.

Other enhancements

  • You can now modify requests and responses using service extensions in header-based apps.

Resolved issues

  • Fixed an issue selecting a provider when creating an authorization rule.

2023-08-24: Commit to Deploy

To improve the usability of Maverics, we have reworked Save Revision, Publish to Commit->Deploy. This includes:
  • For easy access, it is now pinned to the top of the user flow screen and the Edit a resource location policy screen.
  • Save a revision is now a Commit in a model dialog
  • Inspector results are accessible on hover when there are errors on a user flow. Note: before you can commit you must clear all the errors.

Other enhancements

  • You can now specify attribute provider and username mapping in SAML and OIDC app type user flows,
  • The maverics.env in the Windows evaluation bundle has been improved to make it easier to copy and paste. We also have a new Learning Center topic in the Learning Center to walk you through the Windows process.
  • You can now specify signing certs in AD FS and Azure AD SAML configs to verify that the authentication requests are signed.
Service extension

2023-08-21: Evaluation Experience

There is now a step-by-step guide the Orchestrator Evaluation Bundle installation on Windows.

Resolved issues

  • Addressed an issue where you could not add a header to a user flow.

2023-08-16: New Service Extensions

You can now leverage the buildAccessTokenClaimsSE or buildIdTokenClaimsSE service extension points in the platform to build custom token claims for OIDC and SAML app type user flows. To use:
  1. 1.
    Go to Service Extensions, and select Custom Claims from the Service Extension list.
  2. 2.
    Enter a name and description, and click Create.
    Service extension
  3. 3.
    Paste in your Go code. Here is a "Hello World" example that prints a log event after a user logs in:
package main
import (
"net/http"
"github.com/strata-io/service-extension/orchestrator"
"github.com/strata-io/service-extension/session"
)
func BuildTokenClaims(_ orchestrator.Orchestrator, _ *http.Request, sess session.Session) (map[string]any, error) {
claims := make(map[string]any)
// TODO: Implement service extension code.
claims["Hello"] = "World"
return claims, nil
}
  1. 4.
    Go to Applications and create an OIDC-based app type.
  2. 5.
    Go to User Flows and create a new user flow. Select the app you created in step 4, and specify an IDP in the following screen.
  3. 6.
    On the User Flow page, scroll to Claims. Select the service extension you created in step 3 for either an Access Token or ID Token.
    Service extension
  4. 7.
    Click Save Revision and publish the user flow and login to your app.
  5. 8.
    In the orchestrator log, you will see:
ts=2023-08-16T22:51:59.768756Z level=debug msg="adding claim Hello:World to ID token" client=client-id

Evaluator Experience: Welcome to Maverics!

Evaluator experience
There is a new guided tour for new account sign-ups that draws people to the Learning Center.
This will be shown only once, but can be recalled by going Help Center->Guides->Welcome to Maverics!
The Learning Center has many content and style updates to make the topics easier to read and understand. There is now a back button so you can navigate more easily between topics.

Resolved issues

  • Unable to add multiple rules or conditions to a access policy

Known issues

  • Currently you are unable to add a header to a header based user flow. As a workaround, you can add them to a resource location policy to achieve the same result.

2023-08-10: Evaluator experience

The responsiveness of Maverics has been optimized for laptop use. We've fixed several issues where page headers and columns were displaying incorrectly when the Learning Center was open. Additionally, we've improved the styling on the Learning Center.

2023-08-07: CPU utilization telemetry and service extensions update

A CPU utilization chart is now available in Orchestrator telemetry (Note: Due to limitations of Mac OS, no data will be reported for this metric).
Additionally, IDPs referenced in a service extension definition are now automatically included in the deployment. We've also made the app more responsive with a collapsible navigation, improved break points, and layout adjustments.

Resolved issues

  • Fixed issue that prevented people from downloading a Docker image for non-evaluation environments

2023-08-01: Learning center now available with two lessons

The first iteration of the Learning Center is available with two lessons:
  • Create an eval environment: a complete how-to process for Mac
  • Use the app modernization recipe: a new recipe that uses hosted demo assets and does not require Docker for the apps and IDPs
Learning center
Orchestrator telemetry is also now available
New graphs in Orchestrtor telemetry show the session count over time. To test it:
  1. 1.
    Start your orchestrator connected to an environment; give it a few minutes for the data to populate.
  2. 2.
    Deploy a user flow that requires authentication, and sign in and out a few times.
  3. 3.
    Go to Orchestrators and click on the Orchestrator ID to view the session graphs and other data.
Telemetry

Resolved issues

  • Maverics correctly reports the number of days left on subscription pages
  • Maverics now remembers the last logged in account

2023-07-24: Evaluation environments now available

In just a few minutes of setup, you can test your user flows with Evaluation Environments. Evaluation environments provide a ready-made cloud storage environment and companion orchestrator package. This enables you to quickly publish user flows and have them connect to orchestrators pre-configured to consume configuration from this environment.
To get started on Mac or Linux:
  1. 1.
    Go to Environments
  2. 2.
    Select Evaluation Environment from the list on the right.
  3. 3.
    Download the appropriate orchestrator bundle for your OS.
  4. 4.
    Unzip all the zipped files.
  5. 5.
    Open the Terminal and navigate to the location of the unzipped files
  6. 6.
    Source the maverics.env and start the orchestrator with the following command:
    source ./maverics.env ./maverics_darwin_amd64
When creating this environment, Maverics will:
  • Set defaults for Orchestrator URL (https://localhost) and logout URL (/logout) as well as other settings. You can change these settings by clicking the Edit button in the top right hand side.
  • Push an empty maverics.tar.gz to the cloud storage bucket (a Strata controlled AWS bucket) so the orchestrator will start up successfully in case there is no user flow published yet.
  • Create a downloadable bundle with a maverics.env preconfigured to connect to this environment
You can only have one eval environment at a time. After you create one, you will not be able to access Evaluation Environment from the right side bar.
See it in action:

Other enhancements

  • The new load attributes service extension point enables you build custom flows such as the IDP picker. Sample code and instructions are coming soon!

Resolved issues

  • Paid customers will no longer see a trial banner in the UI.

2023-07-17: Token settings are now available when creating an OIDC app type

When orchestrating identity in a multi-cloud/IDP world apps have needs and we aim to fulfill those needs without requiring you to change code. In this release, we now expose the access token settings for specifying either a JWT or opaque access token, length, and lifetime.
Token settings
Note: The JWT length options require an upcoming orchestrator build to function properly. For now, select Opaque.

Resolved issues

  • Removed non-functioning buttons on “Accounts” page.

2023-07-11: Enable or disable telemetry

When creating or editing an environment, you will find a toggle switch to enable or disable sending telemtry to Maverics. Telemetry is on by default.
Telemtry switch

Resolved issues

  • If user emails were entered with mixed case (for example, [email protected]), the users were not able to accept invites. This has been fixed.
  • Users previously unable to accept invite can now click Accept Invite in the invitation email or if they have an account they can go to https://maverics.strata.io/accounts and click Accept.
  • After you accept an invite, Maverics now automatically switches to the invited account.

2023-07-07: Create and update fine grained permissions with ease

We have reduced the steps and made the fine grained permissions capability for header based apps easier to find.
Now, when you create an access policy for a header based app’s resource you can set the policy all on one page. Each choice that you make automatically updates the policy. We have removed the confusing “Update” and “Back” buttons.
The policy code view has been moved to the top of the page and updates automatically on each change.
You can add conditional rules, toggle different authorization policies (like allow all), it will hide the conditions you created, and when you toggle back the conditions will no longer be lost.
See it in action:

2023-07-06: Deploy with confidence!

When publishing a configuration, you can now view the differences in the code view with the selected revision, compared to the selected environment. This helps you quickly scan the config for an attribute or mapping you may have missed.
View diff
To compare:
  1. 1.
    Save a revision (add an optional comment)
  2. 2.
    Click Publish.
  3. 3.
    On the deploy screen:
  • Select the environment to compare against.
  • Select a different revision to compare.
  1. 4.
    In the code view green and + indicate additions while red and - indicate removals.
Additionally, Oracle ICDS (OIDC-based) Identity Service has been released. For more information, view the demo below.

Resolved issues

  • Slow loading of pages with default and custom app icons. Note that with this change, any uploaded custom app icons will revert to default icons. You will need to re-upload any custom app icons you may have previously uploaded.
  • After editing an environment, you are correctly returned to the environment page.
  • Attribute provider configuration no loger persists in the deployed bundle after being removed from a user flow.

2023-06-30: Revision comments

You can now capture a revision comment and it will display on publish.

2023-06-29: Orchestrator health data is bigger and better!

Orchestrator health data can now be viewed on the Orchestrators page.
Orchestrator green dot
Orchestrator health data is sent to Maverics from Orchestrators and appears on the page after five minutes. If an orchestrator is stopped it will disappear after 15 minutes, however an unavailable state is not yet supported. Additionally, you can click the ID to see memory utilization.

Other enhancements

  • We can now offer custom contract terms to customers with custom billing behavior, allowing you to start an annual subscription and pre-purchase up to a certain limit.
  • Oracle's Identity Cloud Service can now be configured as an IDP.
    • Known issue: This sometimes triggers unexpected panics in orchestrators.
  • You can now specify a destination for logout redirects.
    • Known issue: Orchestrator does not yet support hot reload of logout URLs. You will need to manually restart orchestrators to see any change in logout behavior.

Resolved issues

  • Headers with a “.” in the name can be deleted.
  • You can no longer create a identity service with a name containing a “.” as this sometimes caused config to break downstream when used in a user flow.

2023-06-21: Maverics now supports Trusona

We use a standard OIDC connection to integrate Trusona’s passwordless solution. This enables another great passwordless option for customers who want to modernize their application without having to rewrite any application code.
Trusona

Other enhancements

  • Our interactive onboarding guide (powered by Pendo) just got better. It now points to the app map to start, and each step has an image to guide you through the process. First time visitors will see the onboarding guide every time they log in, until they have dismissed the guide twice. You can always refer to the onboarding guide again by visiting the Guides section in the Resource Center.

2023-06-20: Maverics Passwordless Account now powered by HYPR

Our sign up and login process has been improved! Maverics Passwordless Account powered by HYPR enables you to use Maverics without a password for free -- no paid tenant required.
Maverics Passwordless sign up
We've also added an app map in the top navigation to help guide your journey as a user.
Maverics app map

2023-06-14: Two releases!

You can now use your GitHub account to sign up and sign in to Maverics. Support for GitHub OAuth is a common authentication pattern and benefits admins, app owners, and developers using our product.
We've also improved instructions for using Microsoft Azure storage. You will also need to re-enter your SAS token any time you edit your environment.

2023-06-13: Accessibility, environments, and custom icons

We've implemented the accessWidget by accessiBe to automate web accessibility with AI. We are now over 95% in our scoring for web accessibility guidelines!
Additionally, as an enhancement to our hybrid zero trust architecture, we now support publishing configuration bundles to MS Azure Storage. This completes the end-to-end flow as Oochestrators could already read remote config from a Azure Storage container. Customers who have standardized on Azure now have more viable deployment options.
Finally, no matter how old or what kind of apps you have, Maverics can create user flows that can meet their identity needs. By uploading a custom app icon, you can make the Maverics experience more personal. We've also localized the date in time in our tables.

2023-06-09: Aloha Friday release notes

You can now download SAML metadata files from the Environments page. Additionally, you will be prevented from deleting an identity fabric referenced by a service extension.

2023-06-07: SAML and OIDC app types and user flows now fully available!

We now support orchestrating identity for modern applications that require Open ID Connect (OIDC) IDC for authentication (single orchestrator only). Additionally, in the environment settings you can now download SAML metadata. This streamlines the configuration process for some apps that support importing a SAML metadata file .xml format.

Other enhancements

  • You can now publish configuations to Gitlab repositories.
  • After 1 hr 58 min of inactivity you will be warned that your session will expire. You have 2 minutes to renew it and if you don’t you will be signed out.

Resolved issues

  • You will now be prevented from deleting a identity service when it is associated with a user flow.

2023-06-06: Improved security for AWS S3 users

To improve security, Maverics now requires a IAM Role for publishing to a S3 bucket. The orchestrator configuration for reading config does not change, and existing environments configured to use a S3 buckets will continue to publish to S3 with an account ID and secret key. However, creating a new environment with an AWS S3 bucket or editing an existing environment requires cross-account roles. For more information, see Configure an environment.

Other enhancements

  • You can now use Maverics to configure an orchestrator to act as a SAML auth provider for your applications.
  • You can now specify the single logout endpoint (e.g. /logout) to trigger logout from all apps and IDPS.
  • We've improved accessibility throughout Maverics to meet American Disability Act (ADA) standards.
  • We've added Auth0 and Generic SAML as new IDPs.

2023-05-18: Feature refinements continue...

The Pricing link is now available from the Subscriptions page. Profile and Account menus are now clickable. Finally, the Publish button on individual User Flow pages now lives next to the Save Revision button, for better visibility.

Resolved issues

  • The Learn more about Deployments link now points to the online help.

2023-05-17: Fixes and feature refinements

Today we addressed feedback we received from our first bug bash.

Resolved issues

  • Updated Orchestrator description and fixed help links to creating an environment.
  • Clicking Deployments breadcrumb no longer returns an error. The Deployments breadcrumb is now gone and correctly shows the path back to the User Flow.
  • Cleaned up all the Learn More links.
  • Describe the IAM permissions needed for an AWS S3 bucket. When creating an AWS S3 environment, we now show a Learn more and info icon which points to the AWS bucket policy in Remote configuration.

Other enhancements

  • SAML app types are on the way! When creating a new or editing an environment you can now specify the Orchestrator URL.
  • The Dashboard now has a short-cut to Invite a Member to your Account. This is a owner only action. If you are not the account owner it will take you to the member list.

2023-05-16: New recipes

As part of our PLG Onboarding initiative we want to make it super easy for evaluators to explore everything that Maverics has to offer. We made a couple small, but impactful changes to the user experience. It is a first step towards our grand plan to build out recipes and how they will simplify the difficult tasks of building a cohesive identity fabric.
  • On the Dashboard, Import custom configuration has been renamed to Import Identity Orchestration Recipe.
  • The new import screen has an updated description with links to the Quick Start Guide.
  • The default import is the same config from the Quick Start Guide. Just click Create and you will have a fully baked and deployable user flow!

Other enhancements

  • After creating a new environment, you'll land on the show page so you can immediately move on to set up an orchestrator.
  • Updated Learn More links throughout the app.
  • New content and behaviors for the Welcome to Maverics onboarding screens.

2023-05-15: A new Sign Up and Sign In page, and creating environments

Our new Sign Up page is brought to you by an extra special collaboration with Product, Design, Marketing and Engineering.
Additionally, we've made several updates to our Environments flow:
  • When creating and editing an environment you can now specify session and cookie domain settings used when proxying header based apps.
  • When editing an environment you can easily download the public key file, configuration and a orchestrator build.
  • You can now more easily download a deployed configuration for local testing.

2023-05-12: Updates to Environments and Service Extensions

You can now download an Orchestrator from an environment. On a new deployment, you can also go to an Environment by clicking its name.
Additionaly, you can now use a Create Header service extension on an Access Policy (e.g. reports). The service extension name now appears in the show field, and we've removed the unused Attribute field when adding a Create Header service extension.

Resolved issues

  • The Buy Now button disappears if you've purchased a subscription.

2023-05-11: Secrets must be entered to update shared storage settings

Secrets must be re-entered to update any shared storage settings.

Resolved issues

When deploying a user flow, it will correctly bundle the latest service extension

2023-05-10: Create and edit environments

We uniquely enable our customers to compose an Identity Fabric and deploy User Flows for their applications, anywhere they are deployed. Our goal is to make this clear in practice when customers use Maverics to set up an environment, configure shared storage, connect orchestrators to the environment, and manage deployed User Flows.
Today we released Part 1 of this journey: Create and edit an environment.
  1. 1.
    The Environments list enables you to choose the cloud storage provider or a local environment.
  2. 2.
    Creating a new environment now has form input. You no longer have to copy and paste JSON code.
  3. 3.
    Editing an environment has two tabs:
  • Settings: Shared storage provider settings and orchestrator startup configuration
  • Publish: User flows, get a public key for an orchestrator, download a deployed configuration

Other enhancements

  • Renamed the Orchestrator download to maverics-orchestrator.<ext>. This helps differentiate it from the maverics.tar.gz config bundle.
  • To delete your account and cancel your subscription in Chargebee, follow these steps: go to the Profile Menu, select Accounts, select the name of your Account, and click Delete. This will also remove you from any accounts you have been invited to.

2023-05-05: Buy Now and New User Flow Status

You can now self-service purchase a Maverics Subscription! After your trial period is over, the Buy Now button appears and you can purchase your subscription. The subscription estimate is based on the number of apps and IDPs published to an environment marked for Production. Watch our demo.
The User Flow list page also has a new Status column. The values are as follows:
  • Current: The user flow is up to date with the current revision. No action needs to be taken.
  • Modified: The user flow has changed and a new revision needs to be published. This can mean:
    • The user flow itself has been edited (an access policy, provider, or header could have been added or updated)
    • A referenced identity service has been updated. For example, adding a logout URL to a referenced OIDC authentication provider will require the user flow to be published again.

Resolved issues

  • The Last Modified columns will never be blank; it will either show the creation date or the last modified date.
  • On a new deployment page, the Publish and Cancel buttons have been moved up for better visibility.

2023-05-03: Service extensions on the menu

You can now get to Service Extensions from the main navigation! From here you can create and edit 3 different extension points that can be used in User Flows for Header based apps: CreateHeaders, Authentication (Authenticate+IsAuthenticated), and IsAuthorized.

Resolved issues

  • Fixed db migrations that were setting off alerts

2023-05-02: Simplified revise and publish

Revise and publish have been simplified! The previous steps to revise and publish a user flow were confusing and prone to errors. To simplify this experience:
  • We've moved the Save As a Revision action, Publish action, and Automated Inspector to the top of a user flow.
  • We've removed the side by side comparison from the bottom.
  • We've the ability to override a calculated revision in the code view.
  • We've moved read only code view to the new deploy step.

Other Enhancements

  • Branded identity service provider icons now appear on the user flow for easier identification.
  • You no longer have to toggle a switch to select an available service extension.

Resolved Issues

  • OIDC secrets are now hidden in form view.
  • Header in on access controls in the User Flow views are no longer garbled
  • New Header type descriptions are rendering properly

2023-04-21: Deploying secure bundles

We are excited to add support for deploying configuration as securely signed bundles! This security enhancement helps to ensure that the configuration being deployed is legitimate and has not been altered by malicious actors. In addition, bundles pave the way for us to deliver Service Extensions.

What do you need to know?

This security enhancement requires that you recreate your Environments with new key names and republish your user flows to those environments. You will need to update your Orchestrator to at least version: v0.19.0 which can be downloaded from the Orchestrators page.
During a deployment Maverics bundles and signs the configuration with a digital signature that is unique to that environment. The bundle file is named “maverics.tar.gz.” When unzipped you see it contains maverics.json which is the configuration, jwt signature file, and a directory of any service extensions referenced in user flows.
The signed bundle is then validated by connected orchestrators configured to use that public key. If the validation fails, the Orchestrator will not load the configuration. To configure your Orchestrator, go to the environment page, download the public key file to the machine running the orchestrator. Set the path to the downloaded file in the MAVERICS_BUNDLE_PUBLIC_KEY_FILE env var.
Go to an environment to download its public key.

Environment and Remote Config Key Names

configurationFileObjectKey and configuration_file_object_key are no longer supported.
configurationFilePathis new and is now the only key that specifies the file path to maverics.tar.gz.
Google Cloud Storage
bucket_name is no longer supported and has been renamed to bucketName which is consistent with all other environments.

2023-04-11: Fit and finish Maverics updates

Sidebar lists on right like Identity Services are now more compact and scrollable. App and Authentication sections of user flows are now more compact.
Additionally the Linux download for Maverics is now a tar.gz file.

Resolved issues

  • When specifying a header, it is now required to be unique to the user fl ow at the app or resource policy level. The benefit here is that it will prevent you from specifying duplicate headers like SM_USER or firstname. This will avoid conflicts downstream.

2023-04-05: Maverics now supports Ping Federate SAML and OIDC

You can now use Ping Federate SAML and OIDC as an identity provider in your identity fabric.

Other enhancements

  • Added SAML-based apps and user flows
    • Includes adding/removing claims and attribute providers, and the ability to publish the SAML user flow. NOTE: SAML user flows are limited to one authentication provider
    • Support for Oracle Universal Directory (OUD) as an attribute provider