7 November 2024 (v2.123)
ReachFive v2.123 introduces a few improvements and needed bug fixes.
We’re happy to introduce our Data Breach Detection feature.
We now retrieve an additional field from Kakao.
You can also now filter users by MFA credentials on the ReachFive Console.
As always, we made some general improvements and fixed a few items for you.
Release highlight
Our Data Breach Detection feature enhances your security by identifying leaked passwords before they lead to unauthorized access on your site. The feature actively scans for known leaked credentials and cross-references them with attempts to sign in, sign up, or update a password. When a leaked password is detected, authentication is automatically suspended (if configured), preventing potential security risks.
When you choose to add the Data Breach Detection feature to your ReachFive integration, you get added protection against data breaches, ensuring your users know your brand is dedicated to mitigating security risks on their behalf. Staying on top of leaked passwords builds trust and ensures valuable user information isn’t put at risk.
Enable the protection directly in the ReachFive Console knowing user events are logged to mark when leaked credentials are in use and deleted for further auditing purposes. Automatically notify users with dedicated email and SMS templates (Sign in option).
For more, see Data Breach Detection.
Kakao verified phone numbers
You are now able to retrieve and leverage the phone_number_verified information from KakaoTalk.
The information below outlines what happens when users authenticate using Kakao with ReachFive.
If the phone_number scope does not exist for the account, neither the phone_number or phone_number_verified fields are retrieved or valued inside the ReachFive profile for the user.
|
If the SMS feature is enabled and the phone_number scope exists, we retrieve the phone_number_verified and set the boolean on their ReachFive profile to the appropriate value true if verified and false if unverified.
If the SMS feature is not enabled, even if the phone_number scope exists, phone_number_verified remains false.
For more details, see Kakao Connect.
Filter by MFA users
You can now filter users by those who have enrolled their identifier (email or phone number) for Multi-factor Authentication. This can help you analyse or produce reports of how many of your users are using MFA. This includes filtering by the MFA credential type, when it was created, and the phone number. Email is the email associated with the user account and is returned as normal in a search.
This is available for filtering:
-
User profiles on the ReachFive Console
-
Pre and post-event webhooks
-
With the GET
api/v2/usersendpoint using the MFA credential object.ExampleGET api/v2/users?filter=credentials.type=="email"
Example scenario
You want to get a quick reference of how many of your users have enrolled their mobile or email for MFA.
-
Go to your ReachFive Console.
-
Navigate to .
-
Click Filter.
-
In the field, type MFA and you see the options to filter by the following:
-
User - MFA - Type (Authentication)
-
User - MFA - Email - Created At
-
User - MFA - Phone Number - Created At
-
User - MFA - Phone Number - Value
See the MFA credentials object for details on each of these fields.
-
General improvements
-
We made some improvements to ensure that
external_idis valued and retained properly in the User profile object.
Fixes
| Item | Fixed |
|---|---|
The |
✓ |
There were some role issues for users authenticating to the ReachFive Console with Azure. |
✓ |
There was temporarily an access issue for those using MFA on the ReachFive Console. |
✓ |
There was a brief issue with updating roles for clients in the ReachFive Console. |
✓ |
For a brief period, you could not save changes to Email templates. |
✓ |