2026

​

OIDC app type editing improvements

• User flows are being phased out. All configuration for an OIDC app — client details, access policies, claims, and OAuth 2.0 scopes — now lives in a single view.
• Resources (formerly Dependencies) define the identity fabric and service extensions you reference in access policies and claims. Define your Resources first, and they’ll be available in the relevant drop-downs throughout the OIDC app editor.

​

Custom Telemetry Exporters for Metrics

• New Relic — preset tuned for New Relic’s OTLP ingest (otlp.nr-data.net, delta temporality, base2 exponential histograms, gzip).
• Generic OTel — works with any OTLP receiver. Point it at your own OpenTelemetry Collector or directly at a SaaS backend that accepts OTLP, including Datadog, Grafana Cloud, Honeycomb, Splunk Observability Cloud, Dynatrace, AWS CloudWatch (via ADOT), Microsoft Azure Monitor, Google Cloud Observability, and Chronosphere.

• Observability settings are now grouped under Orchestrator Settings.
• Each exporter runs independently — a slow or unreachable destination won’t block the others.
• Maverics Cloud Telemetry remains available and is unaffected by custom exporter configuration.

• Resolved an issue where SSO configuration changes were not applied
• Fixed sidebar navigation active state on Identity Fabric and Service Extension detail pages

• Dropdowns with 10+ items now include a search filter so you can quickly find what you need
• Fixed an issue where dropdown selections couldn’t be changed

• Added search and filter support to dropdown selectors
• Resolved issues preventing successful signup and user invitation flows

• The code editor for service extensions, OPA policies, and OpenAPI code has been upgraded to Monaco Editor for an improved editing experience
• Configure JSON output logging for deployments

• SAML apps now support configuring NameID element qualifiers
• The Console now validates Rego policy scripts for compilation errors when saving OPA policies
• The OIDC Identity Fabric connector now shows a detailed error view and validates that the connected Orchestrator meets the required minimum version
• Resolved an issue where account re-registration was blocked after deleting an account

• API App Type Moves to Service Extensions: API App Types have been relocated from the Applications area to the Service Extensions area in the Maverics Console, unifying the experience for managing APIs and service extensions under a single interface.
  • All existing API App Types automatically appear in the Service Extensions area alongside your other extensions.
  • Creating a new API is straightforward — select “API” from the Service Extensions area and provide your configuration details.
  • API App Types can now be attached to deployments directly.
  • Existing deployments that already have APIs associated with them will find those APIs in a new dedicated APIs section within the deployment configuration. No migration or reconfiguration is required.
• Added OIDC callback error handling configuration for the Entra ID and Generic OIDC Identity Fabric connectors. Requires Orchestrator v2026.03.3 or higher.
• Service extension asset uploads now support files up to 5 MB
• Fixed an issue where dependencies and library settings were not deployed with API service extensions

• The Console will now validate the SAML certificate and key pair when uploading to a deployment. We recommend doing this only for testing purposes; for production, always use a secrets provider.
• LDAP configuration no longer shows a custom login file path option
• HTTP Server TLS configuration now supports None as a client authentication type
• Resolved issues when attaching service extensions to a deployment
• Resolved issues when typing spaces or enter the Rego policy editor
• Service Extensions list header is now properly titled

• Fixed an issue where service extensions were not working as a Name ID source in SAML user flows
• Authentication service extensions are no longer listed in the user flow dependency list

• Audit Log (Beta) is now available
• Resolved email case sensitivity issues when signing in and accepting user invitations

• Maverics Console no longer applies an automatic namespace prefix when a Service Extension is the source for a NameID attribute value. This resolves Orchestrator runtime errors that produced “connector does not exist” and “missing claim mapping” messages, which prevented SAML authentication from completing.
• Action Needed: SAML user flows that use a Service Extension to populate the NameID value may require a manual update to the NameID mapping field.
• You can now remove members who declined a team invitation
• Resolved an issue whereby screens refresh unexpectedly causing a loss of edits

• Audit logs now capture login and logout events
• Audit log events now include event type, category, and target metadata in the admin API
• Audit logs table now shows the target type alongside the target name
• Service extensions listed in user flow dependencies now show available metadata
• Audit Logs navigation item is pinned to the bottom of the sidebar
• Fixed sorting issues across listing views for consistent ordering
• Fixed an issue where dependency metadata was not preserved when updating a user flow
• Fixed the Service Extension editor shuffling metadata fields
• Audit log timestamps are now formatted for readability
• Session creation audit log events no longer include query parameters

• Configure the maximum TLS version for deployment TLS settings (requires Orchestrator v2026.02.3 or higher)
• Resolved an issue preventing login with Email OTP
• Added a Target Name column to the audit logs table for easier identification of affected resources
• User details are now included in membership audit log events

• Configure HTTP Server timeouts and access logging in Deployments
• Configure outbound authorization for MCP protocol operations (initialize and tools/list) for MCP Proxy apps (requires Orchestrator v2026.02.2 or higher)
• Improved UX when deploying HTTP Server settings, including default placeholders and endpoint timeout validation
• Resolved TLS configuration issues with client CA files, Windows certificate store persistence, and cipher suite persistence

• Your Console account is now linked to one sign-in method (the last one you used) — use that same method every time you log in
• Sign-in options: Maverics Account passwordless (Email OTP or HYPR), social sign-in (Google or Microsoft Account), or Enterprise SSO (bring your own IdP)
• GitHub sign-in has been removed as a login option
• If you try a different sign-in option, you’ll see a message that the email is already associated with another identity provider

• Redis Cache now supports enabling TLS configuration in the Console without having to set a CA file path
• A new toggle lets you enable or disable TLS for the Redis cache connection
• Set the minimum TLS version (1.2 or 1.3)

• Resolved an issue preventing SSO users from reliably signing into Maverics Console

• Resolved a critical issue where CA (Certificate Authority) and mutual TLS configuration was not persisting in proxy applications
• The system now properly saves and deploys the configuration
• Fixed an issue where the proxy outbound TLS CA file path was not being properly saved or deployed

• The sign up and sign in flows have been redesigned for a cleaner, more efficient user experience
• The Orchestrators Main Menu has been removed — all orchestrator settings are now accessible from the Deployment Manager

• You can now configure JWT client authentication for OIDC apps
• Requires Orchestrator v2026.01.3 or higher

• JWT Client Authentication Configuration for the Generic OIDC Connector
• Requires Orchestrator release v2026.01.3 or higher

• Resolved issues preventing the attachment of service extensions to OIDC, SAML, or Proxy app type user flows
• Resolved issues preventing deletion of applications or user flows that were not attached to a deployment

• MCP Proxy App Type is now available
• You can now create and configure MCP Proxy apps directly from the Maverics Console