07 April 2022 (v2.70)

ReachFive v2.70 further enhances our IFP module, provides a dedicated template for the SMS stepup flow, and offers a new has_password boolean for SMS custom providers.

You can now also revoke access tokens with the revokeToken endpoint.

Security

Improved Identity Fraud Protection module algorithm

We have improved our Identity Fraud Protection (IFP) module’s IP suspension algorithm to be able to respond according to the threat detected on the attacking IP address.

Whitelist IPs for the IFP module

You can now whitelist IP addresses specifically for the IFP module directly from your ReachFive Console.

Whitelisted IP addresses will bypass the attack protection policy.

For more details on our identity fraud protection module, check out the IFP page.

ip inspector whitelist

Authentication

Access token management

We provide a revocation endpoint that lets you revoke Refresh Tokens. It is now possible to use the same endpoint to revoke access tokens.

for more information, check out our revokeToken API endpoint.

Dedicated stepup template with SMS

The SMS sent after a step up request with a phone_number second factor can now be configured separately. The activation SMS template is still available and can be configured as a separate template as well to be able to offer the best overall experience to your users.

For more details on Multi-factor Authentication (MFA), check out our MFA Guide.

Integration

New attribute for SMS custom providers

We added a new boolean field called has_password in the request payload for SMS custom providers. With this, you can easily adapt the SMS to users whom have no password associated with their account, allowing them to create a password.

{
  "sms": "string/sms",
  "template_id": "string",
  "personalizations": {
     "given_name": "string",
     "last_name": "string",
     "gender": "string",
     "has_password": "boolean",  (1)
     "redirect_url": "string/url"
   }
}

1	The `has_password` boolean is only included in the payload for the `password_reset` template.

For more information, check out Custom SMS providers.

New event type

We have a new event type (managed_user_created) for those users created specifically through the Management API.

For more, check out our dedicated User Event Types documentation.

Fixes

Item Fixed

Item	Fixed
We generalized some error messages for actions performed with the Management API.	✓
It was possible to double consent log entries in some specific conditions.	✓
The verification of an email modified from the ReachFive Console wasn’t successful.	✓
The `Name` attribute wasn’t present in the user profile after a login with PayPal.	✓
Some compromised profiles weren’t automatically suspended by the Identity Fraud Protection module.	✓
Imported Lite users weren’t merged correctly.	✓

We generalized some error messages for actions performed with the Management API.

✓

It was possible to double consent log entries in some specific conditions.

✓

The verification of an email modified from the ReachFive Console wasn’t successful.

✓

The Name attribute wasn’t present in the user profile after a login with PayPal.

✓

Some compromised profiles weren’t automatically suspended by the Identity Fraud Protection module.

✓

Imported Lite users weren’t merged correctly.

✓