January 14, 2019
- The OnBeforeSocialLogin extension now supports OIDC, in addition to SAML.
Users who use time-based authentication as their second authentication factor, may now print backup codes to use in case they cannot access their device. This option is available from their Profile Update screen:
On mobile devices, users may generate and view their codes, but cannot print them.
December 18, 2018
- When Lite Registration is performed using accounts.setAccountInfo, a UID is returned in the response.
- Lite Preferences Center can now include user-editable profile and data fields, and not only preferences.
- Emails used in Lite Registration are now validated with the same logic used for profile.email (Gigya's default validation, or a regex expression defined in the format parameter for profile fields in accounts.setSchema).
- When a job fails after processing some files, it will now go into "retry" mode and attempt to handle the remaining files, while ignoring those already processed.
- fileNameRegex parameter added to the Amazon S3 reader, for filtering files by their name.
- Site admins can now set a custom issuer for OIDC in the Console.
- The 'Plugins' code configuration page has been removed from Gigya's Console. You can access the same functionality in our Developer's Guide.
- socialize.removeConnection now supports removing SAML identities.
December 3, 2018
- New Extension, onBeforeSocialLogin, is triggered when a user performs social login. Currently, the extension is supported only for SAML login, and will be expanded later on to include other types of social login.
- Updates to the SAP Marketing cloud writer (datasource.write.hybrismarketing):
- New timeout parameter for configuring the time to wait for a response from the platform
- New mobileField parameter for passing a contact's mobile phone number into SAP Marketing Cloud
- New communicationType field in the consent object, for passing the communication type to which the contact consented
- timeout parameter added to SFTP and FTP writers and readers
- In custom scripts, setSessionParameter is now limited to 100 lines.
November 19, 2018
- New "Fallback policy" setting allows choosing between ignoring all errors in the execution of an Extension, and failing all flows if an error occurs.
- New templates available in IdentitySync Studio, when creating a dataflow:
Import Full Accounts from SFTP
Import Lite Accounts from SFTP
November 13, 2018
- New header in Gigya's Console, includes the following:
New SAP logo, replacing the Gigya logo
Changed control for the partner name selector
Changed control for the site selector
November 5, 2018
- New component, datasource.read.azure.blob_token, for reading data "blobs" from the Azure Blob cloud storage using an access token.
- New parameters added to datasource.write.gigya.generic : apiKey, userKey and secret, enable the usage of the generic writer in a Gigya-to-Gigya data transfer scenario. These parameters are used as credentials from the source site, from which to read data.
October 15, 2018
- New component, datasource.delete.hybrismarketing, for deleting end-users from the SAP Marketing Cloud (Hybris Marketing) database, following a deletion from the Gigya database.
- New from parameter added to datasource.read.gigya.audit, for selecting the audit log from which to query (Gigya's main Audit Log, or the Consent Vault).
- New marketingAreaField in the datasource.write.hybrismarketing component, for passing the marketing area associated with a record into SAP Hybris Marketing.
- Support for adding an error path after datasource.write.salesforce.
October 8, 2018
The new Extensions feature allows you to flexibly implement custom validations on Gigya login, registration and profile update flows. Using Extensions, you can meet a wide range of business use-cases, such as:
- Prevent a user from registering with an abusive username
- Prevent a user from registering with a disposable email address
- Validate that zip codes match country and state provided
To use Extensions, host custom functions on your site or a serverless computing host (e.g. Lambda). Then, specify which Extension Endpoint (Gigya flow) to attach these functions to. Based on the response received from the Extension endpoint, the service will either allow the flow to proceed, or block it if the validation failed.
- You can now create a Lite Preferences Center where lite users can view and edit their privacy and communication settings. This was previously only available for fully-registered users.
- You can now receive from Twitter an email address in addition to other user details. Note that this depends on approving your app with Twitter, and the individual user's permission.
October 2, 2018
- You can now offer to users time-based authenticator apps (such as Google Authenticator) as the second step of authentication, in addition to SMS codes. When more than one option is enabled in your RBA configuration, users will now see a drop-down control from which to select their authentication preference:
- New IPRatio global rule, for triggering an action (e.g., lockout) based on the percentage of failed logins, of the total login attempts.
August 27, 2018
- Gigya's OpenID Connect offering now supports custom scopes and claims.
August 13, 2018
- New component, datasource.read.gigya.comment, executes a search in Gigya's comment database.
- New parameters added to datasource.write.hybrismarketing, for supporting writing subscription and consent information to Hybris Marketing.
July 25, 2018
- You can now define entitlements to which a user can grant consent. These entitlements are linked to a specific consent statement. For example, a user can agree to the terms of a contest, and as part of that consent, agree to share their data with a raffle ticket provider (one entitlement) but not with the promotions department (separate entitlement).
- In the Consent History tab of Identity Access, you can view the entitlements associated with a consent interaction.
- In the Consent Vault, the following were added:
- A record of the entitlements associated with the consent interaction
- A User Action Timestamp. While it will usually be identical to Timestamp (UTC), the user action timestamp is used to differentiate in import scenarios between the time the record was added to the system, and the original time at which the consent interaction took place.
July 15, 2018
- New Audit Log tab added to Identity Access, for viewing audited actions within the context of the user's profile. This replaces the Account Audit Log, which was to be found in the Admin tab of the Console.
July 3, 2018
- New integration with DocCheck uses Gigya's social login to authenticate medical professionals.
- Improvements to the Array Manager ensure a much smoother flow in the UI Builder, when adding and mapping the widget.
July 2, 2018
- New limitation placed on several Email Templates placeholders, to discourage spam abuse of Gigya's platform:
- Maximum length of 30 characters
- Period characters are replaced by a visually-identical unicode character, to prevent planting clickable links in placeholders
June 26, 2018
- If your site implementation includes Customer Consent, a new Consent History tab displays an audit of the consent transactions captured for this user, in a user-friendly timeline format.
- New addResponse parameter in datasource.write.gigya.generic enables including Gigya's API response in the output file, which can then be used in a later step.
- You can now connect the generic writer (datasource.write.gigya.generic) to a next step that follows a successful run, and not just a failed one.
June 20, 2018
Consent (Enterprise Preference Manager)
June 6, 2018
Consent (Enterprise Preference Manager)
- A new verifyLoginInterval parameter in the Global Configurationobject allows you to periodically check the validity of the user account, and automatically log out users whose consent is no longer valid after a consent version update. This ensures that users who have an active long-lived session (“Remember me”), will be asked to re-consent when the active version of a mandatory consent statement changes.
- You can now use FunCaptcha as a CAPTCHA provider in your login and registration screens, instead of Google. This is especially useful as an added security measure in countries that do not allow using Google’s solution, such as China. Note that this integration requires a FunCaptcha subscription.
June 3, 2018
Enterprise Preference Manager
- You can now extend the consent statement by defining custom key-value pairs of data for each statement. The consent custom data will be available on the account (when calling accounts.search or accounts.getAccountInfo), and will be audited in the consent vault.
May 28, 2018
If your site package includes Enterprise Preference Manager, you will have access to the Privacy Tab, which displays the user's consent status to your site's terms of service, privacy policies and other consent statements.
May 13, 2018
- Support added for 3 additional languages on Gigya screens and SDKs: Latvian, Lithuanian and Estonian. This includes default translations for all screen-sets, and localized user-facing error and information messages. For more information on localization, see UI Builder Localization and Advanced Customizations and Localization.
May 7, 2018
New actions added to the Identity Access user management dashboard:
Remove Identities: Remove a social or federated identity from the user's account. After removal, the user will not be able to log in with that identity, and data from that source will be deleted.
Reset TFA Devices: Reset the devices used as the second factor for authenticating the user. In their next login, they will need to register a device.
Force TFA Expiration: Force the user to provide second-factor authentication the next time they log in.
April 29, 2018
- You can now define the retention period for storing records in the Audit Log and the Account Audit Log, in a Settings page in the Admin tab of Gigya's Console.
- You can now stop a job mid-run, by hitting the Stop icon in the Job history window:
- The inferColumns parameter was removed from file.format.dsv, as column names are inferred automatically, or set manually using the columns parameter.
April 25, 2018
- You can now unlock an account that was locked out because they triggered an RBA policy (for example, had 3 unsuccessful login attempts).
April 15, 2018
Risk Based Authentication
- If you are using two-factor authentication as part of RBA, you are now required to provide your Twilio credentials in the RBA configuration page. For more information, see Twilio Credentials for Mobile Authentication.
April 10, 2018
Social Provider Configuration
When configuring social providers, you now have the option to allow only secure (HTTPS) redirects. When choosing this option, you should also make sure your social provider apps are configured to use HTTPS redirect URIs.
April 2, 2018
Enterprise Preference Manager
- You can now display to users the reason why their personal data is being collected (Purpose), and include a document URL to the statement to which they are agreeing. These can be displayed in any of the supported languages. For more information, see Consent Management.
March 26, 2018
Identity Access has a new design. The new dashboard provides administrators and customer service teams with a holistic view of customer profiles, and the ability to manage customer experiences. This update includes:
- Smoother admin flows, with information arranged logically by tabs (profile, preferences, loyalty)
- Friendly design with intuitive behavior
- New capabilities include:
- Main user list includes both lite and full users
- Filter for users by their registration status or email ownership
- Search for users by their full name
- Perform quick actions from the main page, without having to go into individual profiles: verify an email address, resend a verification email, send a reset password email, and disable / enable login.
- Manage complex objects and arrays: add new arrays of data to a profile, assign values to existing objects, or delete values.
- Manage subscription tags
- Easily move between accounts without the need to go back to the main list
Enterprise Preference Manager
- You can now add tags to consent objects by using the metadata control in the UI Builder. These tags will be displayed in the Consent Vault for the relevant consent action.
March 21, 2018
Risk Based Authentication
Risk Based Authentication now also processes login attempts made by unknown (non-registered) accounts, where previously it only processed information of known (registered) accounts.
You can now customize the sender name and message that are sent in an SMS message when two-factor authentication is triggered. For more information, contact your Gigya Account Manager.
You can now dynamically structure the URL of the reset password page, using placeholders for the site API key and for the reset token.
- Self-serving SSL certificate provisioning is now available to site admins allowing you to generate SSL certificates for CNAMES without requiring assistance from Gigya’s support.
March 6, 2018
- Permissions to run an IdentitySync job are now granted automatically on the worker, for partners and users with the relevant permissions.
- When creating custom scripts using the record.evaluate component in IdentitySync studio, you can now expand to full-screen mode for easier code editing:
February 26, 2018
- When reviewing the details of a job in the Job History page, you can now sort by each one of the step metrics (e.g., by duration, step name, number of errors).
- New newsletterField in datasource.write.silverpop enables writing to Silverpop's built-in status field, rather than to a custom field.
- Updated Silverpop templates in IdentitySync studio use newsletterField by default.
February 18, 2018
- Partner ID and API key added to the email notification sent after a job executes.
January 29, 2018
- You can now use IdentitySync to copy accounts from one Gigya site to another. For more information, see IdentitySync.
- New step metrics for advanced debugging and monitoring of dataflows that fail or take a long time to execute. For more information about monitoring dataflows, see IdentitySync.
January 24, 2018
Support for using Google’s reCAPTCHA v.2 in login screens. If you are using reCAPTCHA v.1, you should migrate to v.2 before March 31, 2018. For more information, see CAPTCHA.
- Due to low adoption, we are sunsetting the iRank parameter. It will be returned so as not to break existing implementations, but the value will always be zero. The affected APIs are:
January 15, 2018
For more information on IdentitySync releases, see IdentitySync Change Log.
- IdentitySync Studio can now be opened in full-screen mode.
- Status column added to the IdentitySync scheduler, displays a status of "busy" or "ready".
- Step parameters in IdentitySync Studio now include a link to the developer's guide, and tooltips on hover:
- New consent parameter added to datasource.read.gigya.account to be used in implementations of Enterprise Preference Manager. Enables retrieving only users with a given consent status (valid, expired, or not granted).
- New component, datasource.write.hybrismarketing, for writing user data directly to the SAP Hybris Marketing platform. For more information, see Hybris Marketing.
- New action and sync_fields parameters in datasource.write.silverpop support choosing the method for handling existing user data, and specifying a unique ID for rows in Silverpop.
- Bug fixes
January 9, 2018
Enterprise Preference Manager
Customer Consent is Gigya's offering for managing user privacy, preferences and consent in a way that is transparent to the user, while helping you uphold rigorous standards so as to support your compliance with international privacy regulations.
- Flexibly create site policies (terms of service, privacy policies and other consent statements) and manage their versions.
- Manage communication preferences.
- Consent is enforced as part of the site flows (required at registration, when a version changes, and in SSO groups where site policies differ), and in downstream applications using IdentitySync, Gigya's ETL platform.
- Use Gigya's profile screens to create a preference center: Give users control over their personal data, display the policies to which they agreed, and allow them to manage their communication preferences.
- Consent is recorded in a tamper-proof Consent Vault.
Account Audit Log
- New user-friendly audit log that displays a timeline of events audited per a given account (UID).
- New Privacy and Communication profile screens added to the Update Profile screen set, used to create a preference center for registered users.
- New consent widget displays to users the name of the policy to which they agreed and the date they signed it.
- You can now display the value of any field (e.g., profile.firstName) in a Gigya screen.
Social Provider Support
- Gigya's Social Login now supports logging users in with Kakao and Naver, to better support market presence in Korea and other areas of Asia.
November 14, 2017
November 14, 2017
- The UID parameter was added to Email Accounts, enabling tracking the account progression (from Lite to full accounts) and a more consistent user experience.
- New subscriptionUpdated webhook is fired when the status of a subscription changes (subscribed / unsubscribed, or a change in the double opt-in status).
October 31, 2017
- New Array Manager widget in the UI Builder enables adding dynamic arrays to Gigya screens that store complex objects, provides great flexibility in the type and quality of data you can request from your users.
October 24, 2017
- New home page of Gigya's Console includes the option to add up to 10 tags to each site, for locating your sites easily and quickly in multi-site installations. For more information, see Site Setup.
- In the UI Builder, new Input Type property for Textbox controls, supports all HTML5 input types, and displays the relevant control (e.g. date selector) both on desktop and on the mobile keyboard..
October 18, 2017
- Custom data fields can now be deleted via the Schema Editor.
- In the Screen-Sets page of Gigya's Console, you can now see a metric that reflects registration conversion rates, i.e., what percentage of users who started a registration flow, completed it successfully. You can read our Registration Conversion Best Practices for tips and recommendations for raising conversion rates.
October 9, 2017
Data Field Deletion
- You can now delete custom data fields from the accounts and Data Store databases, using an API call.
Version 7.4 - Released on September 25, 2017
Scoped Data Access
You can now assign data permissions on the field-level to user groups.
Scoped Data Access is a new feature and released under an Early Adopters program. If you would like to make use of this feature please contact your Account Manager.
Double Opt-In: You can now require your subscribers to confirm their subscription via email, to ensure compliance with anti-spamming policies and German and Canadian legal requirements, and provide users with a better experience. Supported for both full and lite registrations.
Double Opt-In is a new feature and released under an Early Adopters program. If you would like to make use of this feature please contact your Account Manager.
New accounts.importLiteAccount API for importing Lite Registrations and aubscriptions supports writing the value of the timestamp in the lastUpdatedSubscriptionState parameter, thus expanding support for various subscriber import requirements.
- New onBeforeValidation event is called after a user submits a form, and before Gigya's built-in field and form validations, for creating custom field validations.
Recently Released SDKs
- New .Net SDK, version 2.15.7.
- New PHP SDK, version 2.15.9.
- New Java SDK version 3.2.1.
- New Android SDK, version 3.3.9.
- New iOS SDK, version 3.6.0.
Other Platform Enhancements
- You can now create your own custom regex for validating profile.email fields in Gigya registration forms.
- New ds.getTypes API for returning all the types defined in the DS schema, so that you can view the schema structure of your Data Store.
- New accountLockedOut webhook event is fired when an account is locked out as a result of login attempts that were labelled as risky by RBA.
August 14, 2017
August 9, 2017
- Support for including an Invisible reCAPTCHA widget in registration screens. For more information, see CAPTCHA.
July 12, 2017
Configuration Copy Tool
- New tool for copying site configurations is now available in the Gigya Console. The tool allows you to copy the site schema, screen-set collections, and individual screen-sets.
June 28, 2017
Screen-Set Version Control
- New panel for managing screen-set versions, including user and timestamp for each change. This allows greater auditing capabilities, and the option to rollback changes by reverting old versions, and/or opening them for editing.
Screen-Sets on Child-Site Level
- Within a site group, you can now create separate screen-sets for child sites, independent of the parent site. This allows agencies and third parties to manage screen-sets for a child site without requiring access to the parent site.
Version 7.3 - Released on June 26, 2017
Lite Registration enables your customers to sign up in a passwordless flow to subscribe to newsletters, or to receive added value (such as voting, unlocking content, contest participation, etc.) without completing a full registration flow.
- A new LiteRegistration screen-set is created and can be edited in the UI Builder whenever adding a new screen-set collection.
- New isLite parameter added to accounts.initRegistrationfor indicating that a newly created account is a Lite Account. This returns a dedicated regToken, that can then be passed to accounts.setAccountInfo to create a Lite Account.
- New isLite parameter added to accounts.setAccountInfo for admins to use when importing lite accounts.
Subscription & Preference Management
- New Subscription object for capturing and managing newsletter subscription information.
- New subscriptions parameter added to accounts.setAccountInfo for passing the subscription object.
- New subscriptions option for the include parameter added to accounts.getAccountInfo for retrieving the user’s subscription status.
- Added support in accounts.setSchema and accounts.getSchema APIs for setting and getting subscription data.
- Subscriptions data updates both full accounts, and Email Accounts (see below).
- A new entity, Email Accounts, merges identity information from Lite and Full (registered) accounts, as well as subscription data, using an email address as the identifier.
- New view toggle added to Identity Access, to toggle between a UID-based view, and a (new) email-based view.
- You can now use accounts.search to retrieve email account information, including Profile, Data and Subscription objects.
- Includes indication of the type of accounts associated with the user, with the Boolean fields hasFullAccount and hasLiteAccount.
UI Builder Localization
- You can now localize your screen-sets via the UI Builder. The new localization canvas is a centralized system for managing all your localizations, and includes support for up to 44 locales, with 15 full locale translations provided out-of-the-box by Gigya.
- Gigya's Schema Editor allows you to interactively edit your site's schema via the Gigya Console.
New onSubmit Event
- New onSubmit event fired when users submit a Gigya screen (after onBeforeSubmit and before onAfterSubmit). The new event allows you to modify data before it’s submitted to Gigya’s servers, enabling asynchronous handling of your data.
May 22, 2017
- Bug fixes
May 17, 2017
- New iOS SDK version 3.6.0 with support for LINE native login. The new version can be downloaded from here.
April 30, 2017
- Localization canvas for managing translations of a given screen-set. This enables one screen-set to support multiple languages, rather than creating individual screen-sets per target language.
Version 7.2 - Released on April 05, 2017
- New option of dividing sites in a site group to separate SSO Segments, where only sites that belong to the same segment share an SSO experience.
Global Configuration in the Console
- Global Configuration can now be created, saved and edited within Gigya's Console, and includes built-in mobile support.
- Added Subscriptions option for facilitating newsletter sign-up when mapping fields in the UI Builder.
- New accounts.unsubscribe API for unsubscribing users from newsletters.
- It is now possible to override master configurations in child sites regarding CAPTCHA requirement for new registrations.
- You can now update comment sender data after a comment has been posted, allowing you to preserve sender information (such as photos) when migrating between servers.
- Added support for sharing images to VKontakte.
- The OpenId Connect Relying Party (OIDC RP) redirectUri has been changed.
- The socialize.exportUsers API is being deprecated. For more information, see Changes That May Require Your Action.
Version 7.1 - Released on February 06, 2017
JSON Web Token (JWT) Support
- New accounts.getJWT REST endpoint enables relaying user data using a JWT. Elements of Gigya's user object are returned in the JWT payload.
- New accounts.getJWTPublicKey REST API allows retrieval of the public key necessary for validating an id_token returned from the accounts.getJWT API endpoint.
Risk Based Authentication (RBA)
- New Console UI to simplify RBA configuration.
- Network Protected Identity (NPI): a new feature of Risk Based Authentication (RBA) which leverages data gathered on suspicious login attempts from Gigya's ~1 billion users to increase security.
OpenID Connect (OIDC)
- New Console UI for simplifying registration as a Relying Party (RP).
- New introspection endpoint can return metadata of an access token.
- Support for refresh tokens improves security by enabling short-lived access tokens.
- Changed dialog when making changes that cause a schema update, now shows details of the change in JSON format, so as to update existing screen-sets with greater ease.
- New image control for adding an image to any screen.
Web Content Accessibility Guidelines (WCAG)
- Enhancements to support WCAG compliance, e.g., looped tabbing within a Gigya screen for better keyboard control, added screen-reader support.
Updates to icons in the Share Bar based on latest branding guidelines from social networks, including Facebook, Google Plus, Linkedin, Twitter, and Microsoft.
Identity Access default search now also includes the username, in addition to the email, UID and first or last names.