What's new

Passwords are automatically regenerated according to defined password and rotation policies.

Updated credentials are securely stored in Bravura Safe, Bravura Security’s encrypted credential vault.

All changes are fully tracked through vault audit logging, supporting compliance and forensic review.

The process integrates with existing onboarding and offboarding workflows, including batch operations.

A new Remember Me option that safely remembers usernames across sessions and tabs.

Clear, actionable error messages when sign-in fails, including guidance for locked or disabled accounts.

Improved input validation, including disabled sign-in when required fields are empty.

Password strength indicators and password policy guidance during password changes.

Session timeout monitoring with friendly warnings before sessions expire.

Full WCAG 2.2 Level A/AA accessibility support and improved visual clarity using the Inter font.

New action cards provide quick access to common tasks.

Account summaries and status indicators offer at-a-glance visibility.

Interactive metrics and profile summary cards give better insight into user activity.

Dashboards are fully responsive, automatically adapting to mobile, tablet, and desktop screens.

Widgets can be rearranged using drag-and-drop, with an edit mode that makes customization simple.

Improved loading behavior displays content immediately using smart loading states rather than blocking spinners.

Replaced IdentityServer4 with OpenIddict

A JWT-based authentication framework delivers more secure session handling and tighter UI–API integration.

CSRF protection is automatically applied to sensitive requests.

Active sessions are extended automatically to avoid unnecessary interruptions.

New endpoints for password policies, target groups, session logs, and identity information.

Expanded target system and account configuration options.

Batch support for password onboarding, resets, and offboarding.

Improved internationalization so API responses match the user’s selected language.

Modernized identity services, replacing legacy components with a supported authentication framework.

Dashboard usage metrics support data-driven improvements.

Logging behavior has been refined to reduce noise while preserving diagnostic depth.

Upgrade checks have been improved to ensure smoother post-upgrade validation.

Bravura Safe (2025+) connector enables vault integration with Bravura Safe 2025 and later.

Bravura Safe User Management (2025+) connector provides user lifecycle support for newer Bravura Safe deployments.

A new Vaulting Platforms category has been added to improve connector organization and discoverability during installation.

The Google Apps connector now supports clearing:

The DUO Authentication connector now handles challenge response scenarios correctly when users do not have any DUO methods configured.

The Okta connector has been improved to simplify challenge response behavior:

Active Directory

SAP

Databases

Human resources applications

Python-based Unix and SSH connectors now support dots (periods) in user and account IDs, improving compatibility with modern naming conventions.

The end-user license agreement has been updated to remove outdated training references.

An issue that prevented customer-verified connectors from upgrading correctly has been fixed.

The underlying UI project structure has been updated to support future modernization efforts.

Added a health check for user class cache validity that allows product administrators to see if user class caches are valid and resolve if required, improving the performance of end-user filters.  

Optimized userclass/userclasspoint cache update triggered by a single user. 

Added the loadcvagentsloadcvagents utility to install the Customer-Verified connectors. When loading connectors, the post-installation or post-upgrade tasks are also modified to install the Customer-Verified connectors for the configured target systems on the Bravura Security Fabric instance server. Removed the Customer-Verified pre-installation check to no longer run for proxy server upgrades. 

Exposed failed host in IDPM_REQUEUE exit trap for listing successful and failed targets. 

Added components for interfacing with Bravura Cloud as part of Pass Plus’s Password Change/Resecure feature. 

Improved catch-all authorization functionality for when not enough authorizers are configured.   

Improved request kvg in workflow plug-in’s input, in the case of a request containing duplicate resources, it always includes the copy from the enacted resource if applicable. This can avoid issues with authmod, implementer, etc. plug-ins due to the duplicate resources. 

Added configuration options in config.js to control the Chosen jQuery plugin's activation thresholds for single-select and multi-select elements, improving accessibility for dropdown menus with fewer options. 

Improved the styling and structure of radio selection lists in authentication chains.

Optimized views and queries to calculate nested group memberships which can improve performance of stored procedure UserclassUserList called by loaduccache utility. 

Added a discovery flag to reduce disk space usage for discoveries that are likely to be small (such as pull-mode ones). By default, pull-mode systems will use this flag. The LWS SAVE QUEUE SPACE system variable can return pull-mode systems to their old behavior. 

Optimized auto discovery.

Modified Guacamole in-browser RDP token redemption request to use POST instead of GET to prevent the token from appearing in IIS logs.  

Added a new password generation plugin, advrandpasswd, to be able to generate stronger passwords . Generating random passwords with a plugin

Set Referrer-Policy to no-referrer in HTTP Response Headers.

Disabled the HTTP OPTIONS method.

Fixed an issue when using an absolute path for custom connectors that was previously showing an error for "The connector for [] is not installed" on the target configuration pages.

Added the ability to use relative paths for the directories that loadplatform uses for the connectors rather than absolute paths so that the connector files such as attribute definition files can be located correctly.

Fixed an issue for the trace functionality in order to log the thread id correctly for agent operations in the trace file that is used by the “Trace Logging“ target system address configuration option. 

Added support for OpenSSL 3.0 for the psunix package for Connector Pack and for the idmunix package for Bravura Security Fabric. Added the agttelnet-openssl.exe Telnet connector that adds support for OpenSSL 3.0.

Cleaned up branding changes 

Disallow options Changes made will invalidate authorizations and Encrypt this attribute in the database to be checked at the same time when adding/updating an attribute via the UI or idmconfig.  

Updated the Orgchart graph page to load the current user’s manager, even if the manager is in an orphaned Orgchart tree (calculated level is -1).  

im_corp_hr_orgchart_manager: adjust the early termination condition to check the orgchart data in addition to attribute values 

Updated error message regarding Guacamole container connection issues.  

Clarified password conflicts pages.

Removed REST policy (OPA) dependency on SQL Service Broker.

Fixed REST API endpoint PATCH /targetSystems({key)} to properly save target system option "automaticallyDiscoverResourcesToLoad".

Added OPA policy identity_connect_token to IdentityServer login endpoint to authorize login attempts.

Default policy identity_connect_token set to check for userclass membership to _EXPLICIT_REST_API_USERS_.

Added new Rego custom function GetProfileAttributeValues.