New features

2026-05-08 New feature: set password when enabling an account

The new feature

Now, when an account is disabled, its password is deleted. Afterwards, if the user changes his password, the disabled account will still have no password. If the disabled account is enabled, the agent of the account will set the password of the password domain to the account and send it to the target system.

Bear in mind

Please note the following points:

How to configure it?

The following components must be installed:

Let's look at an example

Let’s look at an example, here we have the user "ethan_miller" to whom we are going to assign the password "Dummy01.".

image.png

You can check your password on the "My accounts" page, click on the "View password" of the "app-demo" account.

image.png

Now let's disable the "app-demo" account.

image.png

Check the password again, it must be empty.

image.png

We are going to assign a new password "Dummy02.".

image.png

The other account has the new password.

image.png

Enable the "app-demo" account.

image.png

Check the account with the new password.

image.png


2026-05-19 New feature: filter holder groups at the IdP login

The new feature

From now on, the service providers who have selected the “Ask for group membership after authentication” option will be able to filter which of these should be selectable with the attribute "Script to filter out group memberships".

Bear in mind

Please note the following points:

How to configure it?

The following components must be installed:

Let's look at an example

Let’s look at an example, here we have the user "user4" who has already set up the holder groups.

image.png

We had a service provider that was already selected the option "Ask for group membership after authentication".

image.png

The holder groups have several custom attributes (startDate, endDate and status).

image.png

We now want to filter the holder groups with the attibute status with the Active value.

image.png

So we're going to create a script in the "Script to filter out group memberships" of the service provider.

image.png

This is the script.

// Return the groups whose “status” attribute has the value "Active"
//
l = new java.util.ArrayList();
lug = serviceLocator.getGroupService().findUsersGroupByUserName(user.userName);
for (i=0; i<lug.size(); i++) {
  ug = lug.get(i);
  if (ug.attributes!=null &&
      ug.attributes.get("status")!=null &&
      "Active"===ug.attributes.get("status"))
  {
    l.add(ug.group);
  }
}
return l;

Please note that if the script fails or is not configured correctly, the holder groups page will not be displayed.

Now, to test it, we’ll log in to the application (the service provider), and these are the IdP’s login pages

image.png

image.png

2026-05-21 New feature: CSV connector in Soffid 4

The new feature

The first version of the "CSV connector" has been released in Soffid 4. This connector only includes the “Customisable CSV fileagent. In this version, this agent is used to generate a CSV file as part of the Soffid synchronisation engine.

Bear in mind

Please note the following points:

How to configure it?

The following components must be installed:

Let's look at an example

Step 1: install the CSV plugin from the marketplace (Add new button) in the License and plugin page. The name of the connector is "Test plugin".

image.png

image.png

Step 2: create an agent of the "Customisable CSV file" type.

image.png

Step 3: configure the agent with the mappins you need (in the "Attribute mapping" tab).

For further information on how to configure this agent, please refer to the CSV connector in Soffid 4 page.

image.png

Step 4. Create CSV accounts for users.

image.png

Step 5. The accounts created will have synchronised automatically as the engine is set to automatic and the agent is in write mode, and it is active in the monitoring.

The accounts.

image.png

The engine.

image.png

The agent.

image.png

And the monitoring.

image.png

Step 6. Now let’s check the CSV file. It was configured in the "/tmp/users.csv" path of the container.

image.png

2026-05-31 New feature: new authorization for the SCIM webservice

The new feature

From now on, all users used to access the SCIM webservice will require the new "webservice:user" authorisation.

Bear in mind

Please note the following points:

How to configure it?

The following components must be installed:

Let's look at an example

For this example, we will be using the Bruno application; for further information, please see this page Testing Tool.

First, let’s check that the "Test" user we were using in the SCIM web service no longer has access, see the "401 Unauthorized" error.

image.png

On the Roles page, we are going to create a new role, "SOFFID_SCIM", and then assign the new authorisation to it.

image.png

On the Authorisations page, we assign the new authorisation "webservice:user" to it.

image.png

The final step is to grant the SOFFID_SCIM role to the user.

image.png

Now, when we query the web service, it returns results.

image.png

2026-05-31 New feature: hidden stack tracers

The new feature

Users who do not have the SOFFID_ADMIN role will no longer see the details of errors in the Console; instead, an identifier will be displayed so that administrators can look it up in the log.

Bear in mind

Please note the following points:

How to configure it?

The following components must be installed:

Let's look at an example

Let’s follow these steps.

image.png

Now the user has to share the id with the Soffid administrator, in this exemple XFVBYOJTVZU4VO75.

Soffid administrators can look up the id in the "Console log" page.

image.png