Get Started

What's New in Cloudentity

Learn about the latest additions to the Cloudentity SaaS platform!

26.10 Manage Users' Identifiers and Addresses in Identity Pools

Cloudentity Platform admin users can now manage user’s identifiers and addresses within Cloudentity Identity Pools. Admins can add new identifiers with the email, mobile, UUID types, or even identifiers coming from external sources. Additionally, admins can add new verifiable email or mobile addresses for users and define whether the address is verified or not.

Adding new identifiers and addresses

24.10 Cache Request Responses Within Cloudentity Authorizers

We improved Cloudentity authorizer’s integration with the Open Policy Agent’s REGO language, so that the caching features in the REGO http.send() function are effective. You can now use the following fields in your REGO policies:

  • cache - Cache HTTP response across OPA queries. Default: false.

  • force_cache - Cache HTTP response across OPA queries and override cache directives defined by the server. Default: false.

  • force_cache_duration_seconds - If the force_cache field is set to true, this field specifies the duration in seconds for the freshness of a cached response.

In Cloudentity v2.8.0, the authorizers provide an inter-query cache that persists across policy validations, which enables calls to the http.send() method to access cached responses from previous policy validations. The cache is recreated on each API discovery cycle, so the duration of cached responses is limited by the authorizer’s discovery interval.

The cache size can be configured via the rego_inter_query_cache_size configuration setting for Cloudentity authorizers:

enforcement:
    rego_inter_query_cache_size: 1000000 # maximum size for the Rego inter-query builtin cache

20.10 Full Support for Brazilian Open Insurance

Cloudentity platform now fully supports Brazilian Open Insurance (OPIN) initiative.

  • The Open Finance Brazil type of workspace is configured to provide industry-specific OPIN configuration, for example, OPIN scopes.

  • Added permission mappings and groups validation required by OPIN. It can be used in the consent creation endpoint.

  • Added the following endpoints from the OPIN spec for consent creation and management:

  • Added DCR requirements support coming from the the Open Insurance specification. This includes:

    • Requirement of using mTLS for DCR registration

    • Software statement parsing and validation for the model provided by the specification

    • Software role to scope mapping during DCR

  • Extended mTLS aliases in the OAuth wellknown endpoint to include the backchannel authentication endpoint when Client Initiated Backchannel Authentication method is enabled as required by the OPIN specification.

  • Add an option to configure supported acr (Authentication Context Class Reference) values in the authorization server’s OAuth advanced settings. Workspaces now use whatever is configured in the settings instead of an internal hardcoded list.

14.10 Bunch of New Articles for Financial Data Exchange (FDX) Compliance

Financial Data Exchange

We have added a whole lot of new articles on complying with the Financial Data Exchange (FDX) standards body! Check out brand new solution guide. Learn how to build consent pages that comply with the FDX requirements, how data providers can protect their APIs with Cloudentity, and much more:

21.09 Password Policies for Identity Pool Users

Times, when qwerty1234 was thought to be a safe password, are long gone! Make sure that your users fulfill all of the requirements for safe passwords with Cloudentity password policies. Such policies enable the Identity Pool administrators to specify, for example, the minimal length of a password, number of special characters, and many more.

Password Policies

16.09 Integration with Kusk API Gateway

Kusk API Gateway enables developers to build, validate, deploy, and monitor REST APIs based on Envoy Proxy running on your Kubernetes cluster. Do you know what else can be run in a K8s cluster? That’s right! Cloudentity authorizers! It is now possible to integrate the Kusk Gateway with Cloudentity and protect the APIs deployed behind your gateway with advanced access control measures. The integration is based on the Cloudentity Standalone Authorizer.

Kusk Gateway APIs access control

1.09 Event-Based Notifications Using Webhooks

With Cloudentity Extensions, you can set up event-based notifications in order to subscribe third-party applications to important events captured by our platform. You can, for example, notify an external CRM system that a user granted their consent for an application registered within your Open Banking workspace, and more.

[mermaid-begin]
flowchart TB app(Third-party application) acp(Cloudentity) wh(Trigger Webhook) stop(End) decision{Event subscribed?} acp-- Event captured -->decision decision-- Yes -->wh decision-- No -->stop wh-- Send notification to provided URL -->app style stop fill:#e32a20 style app fill:#28c912
Updated: Oct 31, 2022