July 3, 2018
- New integration with DocCheck uses Gigya's social login to authenticate medical professionals.
- Improvements to the Array Manager ensure a much smoother flow in the UI Builder, when adding and mapping the widget.
July 2, 2018
- New limitation placed on several Email Templates placeholders, to discourage spam abuse of Gigya's platform:
- Maximum length of 30 characters
- Period characters are replaced by a visually-identical unicode character, to prevent planting clickable links in placeholders
June 26, 2018
- If your site implementation includes Enterprise Preference Manager, a new Consent History tab displays an audit of the consent transactions captured for this user, in a user-friendly timeline format.
- New addResponse parameter in datasource.write.gigya.generic enables including Gigya's API response in the output file, which can then be used in a later step.
- You can now connect the generic writer (datasource.write.gigya.generic) to a next step that follows a successful run, and not just a failed one.
June 20, 2018
Consent (Enterprise Preference Manager)
June 6, 2018
Consent (Enterprise Preference Manager)
- A new verifyLoginInterval parameter in the Global Configurationobject allows you to periodically check the validity of the user account, and automatically log out users whose consent is no longer valid after a consent version update. This ensures that users who have an active long-lived session (“Remember me”), will be asked to re-consent when the active version of a mandatory consent statement changes.
- You can now use FunCaptcha as a CAPTCHA provider in your login and registration screens, instead of Google. This is especially useful as an added security measure in countries that do not allow using Google’s solution, such as China. Note that this integration requires a FunCaptcha subscription.
June 3, 2018
Enterprise Preference Manager
- You can now extend the consent statement by defining custom key-value pairs of data for each statement. The consent custom data will be available on the account (when calling accounts.search or accounts.getAccountInfo), and will be audited in the consent vault.
May 28, 2018
If your site package includes Enterprise Preference Manager, you will have access to the Privacy Tab, which displays the user's consent status to your site's terms of service, privacy policies and other consent statements.
May 13, 2018
- Support added for 3 additional languages on Gigya screens and SDKs: Latvian, Lithuanian and Estonian. This includes default translations for all screen-sets, and localized user-facing error and information messages. For more information on localization, see UI Builder Localization and Advanced Customizations and Localization.
May 7, 2018
New actions added to the Identity Access user management dashboard:
Remove Identities: Remove a social or federated identity from the user's account. After removal, the user will not be able to log in with that identity, and data from that source will be deleted.
Reset TFA Devices: Reset the devices used as the second factor for authenticating the user. In their next login, they will need to register a device.
Force TFA Expiration: Force the user to provide second-factor authentication the next time they log in.
April 29, 2018
- You can now define the retention period for storing records in the Audit Log and the Account Audit Log, in a Settings page in the Admin tab of Gigya's Console.
- You can now stop a job mid-run, by hitting the Stop icon in the Job history window:
- The inferColumns parameter was removed from file.format.dsv, as column names are inferred automatically, or set manually using the columns parameter.
April 25, 2018
- You can now unlock an account that was locked out because they triggered an RBA policy (for example, had 3 unsuccessful login attempts).
April 15, 2018
Risk Based Authentication
- If you are using two-factor authentication as part of RBA, you are now required to provide your Twilio credentials in the RBA configuration page. For more information, see Twilio Credentials for Mobile Authentication.
April 10, 2018
Social Provider Configuration
When configuring social providers, you now have the option to allow only secure (HTTPS) redirects. When choosing this option, you should also make sure your social provider apps are configured to use HTTPS redirect URIs.
April 2, 2018
Enterprise Preference Manager
- You can now display to users the reason why their personal data is being collected (Purpose), and include a document URL to the statement to which they are agreeing. These can be displayed in any of the supported languages. For more information, see Consent Management.
March 26, 2018
Identity Access has a new design. The new dashboard provides administrators and customer service teams with a holistic view of customer profiles, and the ability to manage customer experiences. This update includes:
- Smoother admin flows, with information arranged logically by tabs (profile, preferences, loyalty)
- Friendly design with intuitive behavior
- New capabilities include:
- Main user list includes both lite and full users
- Filter for users by their registration status or email ownership
- Search for users by their full name
- Perform quick actions from the main page, without having to go into individual profiles: verify an email address, resend a verification email, send a reset password email, and disable / enable login.
- Manage complex objects and arrays: add new arrays of data to a profile, assign values to existing objects, or delete values.
- Manage subscription tags
- Easily move between accounts without the need to go back to the main list
Enterprise Preference Manager
- You can now add tags to consent objects by using the metadata control in the UI Builder. These tags will be displayed in the Consent Vault for the relevant consent action.
March 21, 2018
Risk Based Authentication
Risk Based Authentication now also processes login attempts made by unknown (non-registered) accounts, where previously it only processed information of known (registered) accounts.
You can now customize the sender name and message that are sent in an SMS message when two-factor authentication is triggered. For more information, contact your Gigya Account Manager.
You can now dynamically structure the URL of the reset password page, using placeholders for the site API key and for the reset token.
- Self-serving SSL certificate provisioning is now available to site admins allowing you to generate SSL certificates for CNAMES without requiring assistance from Gigya’s support.
March 6, 2018
- Permissions to run an IdentitySync job are now granted automatically on the worker, for partners and users with the relevant permissions.
- When creating custom scripts using the record.evaluate component in IdentitySync studio, you can now expand to full-screen mode for easier code editing:
February 26, 2018
- When reviewing the details of a job in the Job History page, you can now sort by each one of the step metrics (e.g., by duration, step name, number of errors).
- New newsletterField in datasource.write.silverpop enables writing to Silverpop's built-in status field, rather than to a custom field.
- Updated Silverpop templates in IdentitySync studio use newsletterField by default.
February 18, 2018
- Partner ID and API key added to the email notification sent after a job executes.
January 29, 2018
- You can now use IdentitySync to copy accounts from one Gigya site to another. For more information, see IdentitySync.
- New step metrics for advanced debugging and monitoring of dataflows that fail or take a long time to execute. For more information about monitoring dataflows, see IdentitySync.
January 24, 2018
Support for using Google’s reCAPTCHA v.2 in login screens. If you are using reCAPTCHA v.1, you should migrate to v.2 before March 31, 2018. For more information, see CAPTCHA.
- Due to low adoption, we are sunsetting the iRank parameter. It will be returned so as not to break existing implementations, but the value will always be zero. The affected APIs are:
January 15, 2018
For more information on IdentitySync releases, see IdentitySync Change Log.
- IdentitySync Studio can now be opened in full-screen mode.
- Status column added to the IdentitySync scheduler, displays a status of "busy" or "ready".
- Step parameters in IdentitySync Studio now include a link to the developer's guide, and tooltips on hover:
- New consent parameter added to datasource.read.gigya.account to be used in implementations of Enterprise Preference Manager. Enables retrieving only users with a given consent status (valid, expired, or not granted).
- New component, datasource.write.hybrismarketing, for writing user data directly to the SAP Hybris Marketing platform. For more information, see Hybris Marketing.
- New action and sync_fields parameters in datasource.write.silverpop support choosing the method for handling existing user data, and specifying a unique ID for rows in Silverpop.
- Bug fixes
January 9, 2018
Enterprise Preference Manager
Enterprise Preference Manager is Gigya's offering for managing user privacy, preferences and consent in a way that is transparent to the user, while helping you uphold rigorous standards so as to support your compliance with international privacy regulations.
- Flexibly create site policies (terms of service, privacy policies and other consent statements) and manage their versions.
- Manage communication preferences.
- Consent is enforced as part of the site flows (required at registration, when a version changes, and in SSO groups where site policies differ), and in downstream applications using IdentitySync, Gigya's ETL platform.
- Use Gigya's profile screens to create a preference center: Give users control over their personal data, display the policies to which they agreed, and allow them to manage their communication preferences.
- Consent is recorded in a tamper-proof Consent Vault.
Account Audit Log
- New user-friendly audit log that displays a timeline of events audited per a given account (UID).
- New Privacy and Communication profile screens added to the Update Profile screen set, used to create a preference center for registered users.
- New consent widget displays to users the name of the policy to which they agreed and the date they signed it.
- You can now display the value of any field (e.g., profile.firstName) in a Gigya screen.
Social Provider Support
- Gigya's Social Login now supports logging users in with Kakao and Naver, to better support market presence in Korea and other areas of Asia.
November 14, 2017
November 14, 2017
- The UID parameter was added to Email Accounts, enabling tracking the account progression (from Lite to full accounts) and a more consistent user experience.
- New subscriptionUpdated webhook is fired when the status of a subscription changes (subscribed / unsubscribed, or a change in the double opt-in status).
October 31, 2017
- New Array Manager widget in the UI Builder enables adding dynamic arrays to Gigya screens that store complex objects, provides great flexibility in the type and quality of data you can request from your users.
October 24, 2017
- New home page of Gigya's Console includes the option to add up to 10 tags to each site, for locating your sites easily and quickly in multi-site installations. For more information, see Site Setup.
- In the UI Builder, new Input Type property for Textbox controls, supports all HTML5 input types, and displays the relevant control (e.g. date selector) both on desktop and on the mobile keyboard..
October 18, 2017
- Custom data fields can now be deleted via the Schema Editor.
- In the Screen-Sets page of Gigya's Console, you can now see a metric that reflects registration conversion rates, i.e., what percentage of users who started a registration flow, completed it successfully. You can read our Registration Conversion Best Practices for tips and recommendations for raising conversion rates.
October 9, 2017
Data Field Deletion
- You can now delete custom data fields from the accounts and Data Store databases, using an API call.
Version 7.4 - Released on September 25, 2017
Scoped Data Access
You can now assign data permissions on the field-level to user groups.
Scoped Data Access is a new feature and released under an Early Adopters program. If you would like to make use of this feature please contact your Account Manager.
Double Opt-In: You can now require your subscribers to confirm their subscription via email, to ensure compliance with anti-spamming policies and German and Canadian legal requirements, and provide users with a better experience. Supported for both full and lite registrations.
Double Opt-In is a new feature and released under an Early Adopters program. If you would like to make use of this feature please contact your Account Manager.
New accounts.importLiteAccount API for importing Lite Registrations and aubscriptions supports writing the value of the timestamp in the lastUpdatedSubscriptionState parameter, thus expanding support for various subscriber import requirements.
- New onBeforeValidation event is called after a user submits a form, and before Gigya's built-in field and form validations, for creating custom field validations.
Recently Released SDKs
- New .Net SDK, version 2.15.7.
- New PHP SDK, version 2.15.9.
- New Java SDK version 3.2.1.
- New Android SDK, version 3.3.9.
- New iOS SDK, version 3.6.0.
Other Platform Enhancements
- You can now create your own custom regex for validating profile.email fields in Gigya registration forms.
- New ds.getTypes API for returning all the types defined in the DS schema, so that you can view the schema structure of your Data Store.
- New accountLockedOut webhook event is fired when an account is locked out as a result of login attempts that were labelled as risky by RBA.
August 14, 2017
August 9, 2017
- Support for including an Invisible reCAPTCHA widget in registration screens. For more information, see CAPTCHA.
July 12, 2017
Configuration Copy Tool
- New tool for copying site configurations is now available in the Gigya Console. The tool allows you to copy the site schema, screen-set collections, and individual screen-sets.
June 28, 2017
Screen-Set Version Control
- New panel for managing screen-set versions, including user and timestamp for each change. This allows greater auditing capabilities, and the option to rollback changes by reverting old versions, and/or opening them for editing.
Screen-Sets on Child-Site Level
- Within a site group, you can now create separate screen-sets for child sites, independent of the parent site. This allows agencies and third parties to manage screen-sets for a child site without requiring access to the parent site.
Version 7.3 - Released on June 26, 2017
Lite Registration enables your customers to sign up in a passwordless flow to subscribe to newsletters, or to receive added value (such as voting, unlocking content, contest participation, etc.) without completing a full registration flow.
- A new LiteRegistration screen-set is created and can be edited in the UI Builder whenever adding a new screen-set collection.
- New isLite parameter added to accounts.initRegistrationfor indicating that a newly created account is a Lite Account. This returns a dedicated regToken, that can then be passed to accounts.setAccountInfo to create a Lite Account.
- New isLite parameter added to accounts.setAccountInfo for admins to use when importing lite accounts.
Subscription & Preference Management
- New Subscription object for capturing and managing newsletter subscription information.
- New subscriptions parameter added to accounts.setAccountInfo for passing the subscription object.
- New subscriptions option for the include parameter added to accounts.getAccountInfo for retrieving the user’s subscription status.
- Added support in accounts.setSchema and accounts.getSchema APIs for setting and getting subscription data.
- Subscriptions data updates both full accounts, and Email Accounts (see below).
- A new entity, Email Accounts, merges identity information from Lite and Full (registered) accounts, as well as subscription data, using an email address as the identifier.
- New view toggle added to Identity Access, to toggle between a UID-based view, and a (new) email-based view.
- You can now use accounts.search to retrieve email account information, including Profile, Data and Subscription objects.
- Includes indication of the type of accounts associated with the user, with the Boolean fields hasFullAccount and hasLiteAccount.
UI Builder Localization
- You can now localize your screen-sets via the UI Builder. The new localization canvas is a centralized system for managing all your localizations, and includes support for up to 44 locales, with 15 full locale translations provided out-of-the-box by Gigya.
- Gigya's Schema Editor allows you to interactively edit your site's schema via the Gigya Console.
New onSubmit Event
- New onSubmit event fired when users submit a Gigya screen (after onBeforeSubmit and before onAfterSubmit). The new event allows you to modify data before it’s submitted to Gigya’s servers, enabling asynchronous handling of your data.
May 22, 2017
- Bug fixes
May 17, 2017
- New iOS SDK version 3.6.0 with support for LINE native login. The new version can be downloaded from here.
April 30, 2017
- Localization canvas for managing translations of a given screen-set. This enables one screen-set to support multiple languages, rather than creating individual screen-sets per target language.
Version 7.2 - Released on April 05, 2017
- New option of dividing sites in a site group to separate SSO Segments, where only sites that belong to the same segment share an SSO experience.
Global Configuration in the Console
- Global Configuration can now be created, saved and edited within Gigya's Console, and includes built-in mobile support.
- Added Subscriptions option for facilitating newsletter sign-up when mapping fields in the UI Builder.
- New accounts.unsubscribe API for unsubscribing users from newsletters.
- It is now possible to override master configurations in child sites regarding CAPTCHA requirement for new registrations.
- You can now update comment sender data after a comment has been posted, allowing you to preserve sender information (such as photos) when migrating between servers.
- Added support for sharing images to VKontakte.
- The OpenId Connect Relying Party (OIDC RP) redirectUri has been changed.
- The socialize.exportUsers API is being deprecated. For more information, see Changes That May Require Your Action.
Version 7.1 - Released on February 06, 2017
JSON Web Token (JWT) Support
- New accounts.getJWT REST endpoint enables relaying user data using a JWT. Elements of Gigya's user object are returned in the JWT payload.
- New accounts.getJWTPublicKey REST API allows retrieval of the public key necessary for validating an id_token returned from the accounts.getJWT API endpoint.
Risk Based Authentication (RBA)
- New Console UI to simplify RBA configuration.
- Network Protected Identity (NPI): a new feature of Risk Based Authentication (RBA) which leverages data gathered on suspicious login attempts from Gigya's ~1 billion users to increase security.
OpenID Connect (OIDC)
- New Console UI for simplifying registration as a Relying Party (RP).
- New introspection endpoint can return metadata of an access token.
- Support for refresh tokens improves security by enabling short-lived access tokens.
- Changed dialog when making changes that cause a schema update, now shows details of the change in JSON format, so as to update existing screen-sets with greater ease.
- New image control for adding an image to any screen.
Web Content Accessibility Guidelines (WCAG)
- Enhancements to support WCAG compliance, e.g., looped tabbing within a Gigya screen for better keyboard control, added screen-reader support.
Updates to icons in the Share Bar based on latest branding guidelines from social networks, including Facebook, Google Plus, Linkedin, Twitter, and Microsoft.
Identity Access default search now also includes the username, in addition to the email, UID and first or last names.