2024-03-06: Enhanced support for OIDC hybrid flow

Maverics now supports OIDC hybrid flow with an opt-in for Implicit Grant Type.

OIDC hybrid flow

⚠️

If you configure this with Resource Owner Password Credentials (ROPC), the orchestrator will fail to start. This not a supported flow.

Additionally, the Pendo resource center has been discontinued to make room for an improved Help widget coming soon.

2024-02-28: Error Page URL for Auth0

You can now define an errorPageURL in the Auth0 OIDC identity fabric configuration. This is the page a user will be redirected to if Auth0 returns an error during an OIDC-based login. The URL can be an absolute URL or a relative path.

ℹ️

This feature requires orchestrator release v0.101.0 or higher.

2024-02-26: Use a URL as a claim name

Maverics now supports using a URL as a claim name for policies and OIDC/SAML claims.

2024-02-21: Attribute provider SE bug fix

You can now add an attribute provider service extension to a rule when defining an access policy.

2024-02-20: Sign in with email + passcode

The Maverics landing page now has a single form field to sign up for a new account or sign into an existing account. There is also a new option to sign in using your email address and a one-time passcode (OTP).

New users (users entering their email address into the form field for the first time) are prompted to use email and passcode or use HYPR with Passkeys or the HYPR mobile app.
Existing social sign in users and existing HYPR users will be prompted one time to continue using HYPR or switch to email plus an OTP.
- In a future release we will enable existing users to switch between HYPR and email + OTP from their profile page
Existing Enterprise SSO users will be directed to their IDP after entering their email address.

2025-01-31: DPOP, SE bug fixes, and app migrations

Demonstrate Proof of Possession (DPoP)

ℹ️

You will need the latest version of the Orchestrator to use this feature

When defining an OIDC app you can now require demonstrating proof of possession.

DPoP

App Centric Migrations

To prepare for the migration to app-centric deployments, Maverics now enforces a rule of having an app attached to only one user flow. As part of this rule, any apps that were tied to multiple user flows have been duplicated.

You will see them listed as <original-app-name>-<user-flow-name>-migrated-copy.

Resolved issues

Resolved issues where metadata updates were not deployed when more than one CreateHeaderSE was defined in a user flow.

2025-01-15: Maverics Passwordless improvements

New users can sign in with a passkey as an alternative to the HYPR app. If you are an existing customer and would like to add a alternative login method to the HYPR, contact [email protected] to get a magic link.

For HYPR app users: Users now have improved login notifications, and a better user experience within the HYPR app. This should mitigate any issues where push notifications did not go through.

Additionally the app no longer requires entering a 4-digit pin to confirm authentication.

For more information, see our docs.

2025-01-09: Apps restricted to one user flow

To simplify application deployments, each application is now restricted to one user flow. You’ll see this change in the following areas:

When creating a new user flow the list of apps to choose will be limited to those that are not associated with a user flow.
When editing a SAML or OIDC app type user flow, as you add applications to that user flow, the list will be filtered to to apps that are not associated with a user flow.

Known issues

2025-03-11: OIDC DCR flows for environments

Customers using OIDC DCR who created a new environment after February 1 may be experiencing failures with user flows. Customers experiencing issues will need to manually onboard these OIDC apps to properly deploy them. We are working to resolve this issue.

Release notes archive