Version 7.2 - Released on March 27, 2017
- New option of dividing sites in a site group to separate SSO Segments, where only sites that belong to the same segment share an SSO experience.
Global Configuration in the Console
- Global Configuration can now be created, saved and edited within Gigya's Console, and includes built-in mobile support.
- Added Subscriptions option for facilitating newsletter sign-up when mapping fields in the UI Builder.
- New accounts.unsubscribe API for unsubscribing users from newsletters.
- It is now possible to override master configurations in child sites regarding CAPTCHA requirement for new registrations.
- You can now update comment sender data after a comment has been posted, allowing you to preserve sender information (such as photos) when migrating between servers.
- Added support for sharing images to VKontakte.
- The OpenId Connect Relying Party (OIDC RP) redirectUri has been changed.
- The socialize.exportUsers API is being deprecated. For more information, see Changes That May Require Your Action.
Version 7.1 - Released on February 06, 2017
JSON Web Token (JWT) Support
- New accounts.getJWT REST endpoint enables relaying user data using a JWT. Elements of Gigya's user object are returned in the JWT payload.
- New accounts.getJWTPublicKey REST API allows retrieval of the public key necessary for validating an id_token returned from the accounts.getJWT API endpoint.
Risk Based Authentication (RBA)
- New Console UI to simplify RBA configuration.
- Network Protected Identity (NPI): a new feature of Risk Based Authentication (RBA) which leverages data gathered on suspicious login attempts from Gigya's ~1 billion users to increase security.
OpenID Connect (OIDC)
- New Console UI for simplifying registration as a Relying Party (RP).
- New introspection endpoint can return metadata of an access token.
- Support for refresh tokens improves security by enabling short-lived access tokens.
- Changed dialog when making changes that cause a schema update, now shows details of the change in JSON format, so as to update existing screen-sets with greater ease.
- New image control for adding an image to any screen.
Web Content Accessibility Guidelines (WCAG)
- Enhancements to support WCAG compliance, e.g., looped tabbing within a Gigya screen for better keyboard control, added screen-reader support.
Updates to icons in the Share Bar based on latest branding guidelines from social networks, including Facebook, Google Plus, Linkedin, Twitter, and Microsoft.
Identity Access default search now also includes the username, in addition to the email, UID and first or last names.
Version 6.5 - Released on November 14, 2016
UI Builder Improvements
- New customizable Password Reset screen added to default screen-sets.
- Ability to store multiple items in array fields.
- New Admin permission added to allow users to make UI changes to screen-sets without modifying the site schema.
- Set fields as 'required' in a given screen, without making them 'required' in the site schema.
- Ability to clone, add, delete and reorder screens within a screen-set, for a more flexible user experience and the option to customize flows within the UI Builder.
- Exposed in the UI Builder the screen-id, auto-skip and data-on-success screen attributes.
- Set a default value for checkbox controls, such as to check them by default to increase subscription rates.
- Can now return the following additional fields to the SP:
RaaS - Site Groups
- Ability to override the automated email policy for child sites. This allows for greater flexibility when sending brand-specific emails from your existing marketing system.
Version 6.4 - Released on September 26, 2016
UI Builder Improvements
Enhancements to the options group control.
Ability to add CSS classes.
Ability to add conditional fields.
Ability to link labels to elements.
Ability to define multiple webhooks per site.
Ability to mute webhooks when calling accounts.setAccountInfo.
Social login now supports keyboard navigation.
Share Bar now supports configuring popup size and positioning.
Deprecation of Legacy Identity Providers
Kaixin, VZNet, TypePad, Verisign, LiveJournal, MySpace, Skyrock, Digg, OpenID and Signon have been deprecated.
You can no longer use an email address with a single character top-level domain (e.g., firstname.lastname@example.org). Using one will result in error code 400006.
Usernames limited to 500 characters maximum.
Password length limited to 100 characters.
Version 6.3 - Released on June 07, 2016
Audit log improvements
- Added time field to Date/Time filters.
- Added country field to the expanded information panel.
- Added flags for Malaysia, Argentina, Hong Kong, Taiwan and Greece.
- Support for the new Pinterest PinIt button.
- Favorite Books added to the Interests tab in CI.
- Added support for multiple custom buttons in the plugin. You can now add multiple custom SAML IdPs, with your site as the SP.
- Support for the new Instagram icon.
- Support for the new Instagram icon.
- Improved keyboard navigation in screen-sets.
Console access improvements
- Improved support for Italian landlines.
Version 6.2 - Released on March 28, 2016
Comments / Ratings and Reviews plugin
- The Comments and Ratings and Reviews plugins now use version 2 by default.
- To use version 1 (not recommended), pass the version parameter with a value of 1.
CAPTCHA now required for all shares via email
- CAPTCHA is now activated automatically for all email shares.
Deprecated support for IE8
- The list of check-boxes control has been removed from the UI Builder. This does not affect implementations that currently use this control.
- When passing an object where an array is expected, error code 400006 is now thrown instead of 500028.
Miscellaneous bug fixes
- Fixed Italian translation encoding bug.
- Fixed translation in Dutch.
- Fixed bug where TFA screen didn’t close under certain circumstances after registration completion.
- Fixed bug with SSO after logout.
- Fixed bug with errors thrown when multiple Follow Bars loaded on the same page.
Version 5.8 - Released on October 26, 2015
Line as a Login Provider
Major Improvements to RaaS
For version 5.8, RaaS has undergone a major redesign - both the UI and behind-the-scenes functionality. It has been overhauled visually and has been made fully responsive. In addition, improvements have been made to the UI Builder and new widgets have been added. Here are some of the more prominent changes:
- Screen-sets have been updated to a more modern look and feel. For more information, see UI Builder.
- Screen-sets are now fully responsive.
- Improved preview mode in the UI Builder allows you to simulate screen-sets as they're displayed on various devices and screen sizes.
- New support for conditional attributes in screen-sets enables you to fine tune your screens on smaller devices.
- New "Login ID" control added to the UI Builder.
- New "My Photo" widget added to the UI Builder. With a single widget, users can upload/view their profile photo or change their existing photo. When used on a mobile device, users can upload a photo directly from the device camera. For more information, see Markup Extensions.
- Improved functionality in default screen-sets:
- Instant validation of user input, including "user ID" availability.
"Keep me logged in” remembers the user’s login state, so they don’t have to log back in every time they return to the site.
- An ability to close any Gigya screen and get back to the originating site.
- Password strength indicators are now available on mobile.
Visual Styles for Add-ons Updated
- CSS for the Social Login, Add Connections and Edit Connections add-ons have been updated to match the style of the new RaaS screen-sets.
- The concept of Temporary Users, deprecated for some time, will no longer be supported. For more information, see Changes That May Require Your Action.
- Miscellaneous bug fixes and performance enhancements.
- Profile.email is now prioritized when resetting passwords via Identity Access.
Version 5.7.5 - Released on September 01, 2015
Optional two-factor authentication (TFA) on a per-user basis
- Site admins can now selectively enable/disable TFA on a per-user basis (for example if a certain type of user requires more elevated security than another).
- If TFA isn’t mandated for all users, then users can choose to independently activate it, as an additional security measure.
New placeholders available for RaaS email templates
- Additional user profile fields will now be available as placeholders for email templates: nickname, username, name, birthDay, birthMonth, birthYear, age, UID, email, gender, city, state, country, zip, photoURL, thumbnailURL and profileURL.
PayPal as an OAuth2 Provider
- “paypaloauth” will be added as a new login provider, enabling you to create new Paypal applications directly, simplifying the onboarding process.
- OAuth login will provide better permissions control, allowing you to define which permissions to request rather than have Gigya set a default list on your behalf.
- Note: This is a new provider due to migration limitations on PayPal’s side. Please see Changes That May Require Your Action for more information.
Version 5.7 - Released on July 20, 2015
Customized Screen-Sets can now be exported and re-used across different sites.
- Fixed issue with 'Welcome' emails sent to imported users.
- Importing social users now also imports social data.
- Miscellaneous bug fixes and performance enhancements.
Version 5.6 - Released on June 16, 2015
- GCS, formerly deprecated, is no longer supported.
- Facebook Facepile has been deprecated in accordance with FB policy. For more information, see https://developers.facebook.com/docs/plugins/deprecated.
Follow Bar Plugin
- The Follow Bar plugin now uses the Facebook Page plugin, which replaces the Facebook Like box, in accordance with FB policy. For more information, see https://developers.facebook.com/docs/plugins/deprecated.
- Interests and Activities endpoints have been deprecated by Facebook and will no longer be returned. In addition, you will no longer be able request those permissions from your users. For more information, see https://developers.facebook.com/docs/apps/changelog.
- Various localization bugs have been fixed in the Czech, German, Hungarian and Taiwan-Chinese languages.
Version 5.5 - Released on May 18, 2015
Updated signInWith icons.
Comment replies are kept even if the parent comment is deleted.
Site Groups and SSO
- Site schema (required fields) can now be set on the member site level. Currently this setting is only available through the REST API.
- Added ability to modify email verification at member site level in SSO through the console, or through API.
Version 5.4 - Released on March 23, 2015
- Users can now be logged in by clicking the email verification link.
Optimized the Social Login plugin for mobile and other touch screen devices.
If comments.showCommentsUI is called with 'includeUID = true', the user's UID will be added to the comment div as an attribute called data-gig-uid.
Comments can now contain clickable URLs.
Added a new ' onCommentEdited ' event for when a user edits a comment.
Site Groups and SSO
- Added support for SSO on iOS devices where 3rd party cookies are blocked for non-visited domains on the browser.
- 'Welcome', 'Password reset' and 'Account deleted' automated emails are now configurable at a child-site level.
- The Facebook option in the Share Bar plugin and Simple Share pop-up will now display the 'share' dialog by default.
Added a new 'Users by Level' report which displays users' GM data by levels within a challenge.
Exports from CI Plus and CI Plus queries opened in the Identity Query Tool now support queries that contain Signals (i.e. activity filters).
For security reasons, the Chat plugin is no longer supported within the REST API. Removed methods are:
- Added new group privilege - 'Full API Access'.
- When checked, any user assigned to the group has full API access using their individual user key/user secret.
- Added support for localization in Bulgarian, Slovak, Serbian and Croatian.
- Login responses now include a 'new user' indication.
- Added support for hashing passwords with the pbkdf2-sha256 algorithm.
- Date formats returned from the server are now standardized to ISO 8601 in the following format: yyyy.MM.dd.Thh.mm.ss.SSSZ
Version 5.3 - Released on February 17, 2015
Gigya can now be used as a SAML IdP
partners can use Gigya’s Idp service to federate identities across sites that do not share a users database.
Partners can now set an initial permission group for users when permissions are managed at the Gigya console including a ‘No Permissions’ group
‘Password strength’ now supported on mobile.
New ‘Password strength’ widget design.
Added orientation options for password strength widget bubble
Added attributes to display field validation result for screen-sets
Added a basic version of CI with Demographic data for all RaaS and Identity Storage customers
CI's Profile and Top Likes sections now support pagination to display more results.
Improved ‘Quick Filters’ functionality (previously ‘Filter Shortcuts’).
Added ability to view and copy queries from CI.
Improved ‘More Options’ layout.
The "Top Content" data pane in CI only displays pages that were explicitly registered through the "Signals" page in the Admin Console or via API.
Added a new dashboard in the Admin Console to support NEXUS integrations, so that activation for integrations can be requested through the Gigya Console in a ‘self serve’ manner.
Added support for ‘WeChat’ as a new login provider.
Clients can upgrade to version 2 of the login plugin via the UI builder.
Updated list of available login providers
Added ability to delete a single chat entry
Users can now edit their comments after posting
Email address is prefilled in the ‘follow my comments’ subscription textbox.
Some UX improvements
Anonymous (logged out) users who wish to share their comments will be prompted to login automatically
Added support for PHP Symfony 2 password hashing algorithm
3rd party plugins can now validate login signatures for users logging in through Gigya
Added a new API - exchangeUIDSignature.
Improved support for migrating user data between sites or from other social login providers
Ability to import complete user social information
Social login popup now closes automatically when login fails due to inactive account.
‘search’ APIs now accept a timeout parameter
updateComment response now returns a comment object
Added new data types to the Data store / accounts databases.
Improved ‘import settings’ time on Game Mechanics.
All API responses now include a ‘Time’ field.
Fixed RenRen support for sharing via mobile