# New features



# 2026-05-08 New feature: set password when enabling an account

### The new feature

<p class="callout info">Now, when an account is **disabled**, its **password** is **deleted**. Afterwards, if the user changes his password, the disabled account will still have no password. If the disabled account is **enabled**, the agent of the account will **set** the password of the **password domain** to the account and send it to the target system.</p>

### Bear in mind

Please note the following points:

- The user's **password domain** will have **value** once at least one password has been assigned.
- The account must be a **single-user account**; these are the ones that can be viewed in a user’s accounts tab.

### How to configure it?

The following **components** must be installed:

- Console 4.0.57 (or higher)
- Syncserver 4.0.35 (or higher)
- SAP plugin 4.0.2 (or higher)

### Let's look at an example

Let’s look at an example, here we have the user "**ethan\_miller**" to whom we are going to assign the password "**Dummy01.**".

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2026-06/scaled-1680-/8KacmI0v1LGoDJfV-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2026-06/8KacmI0v1LGoDJfV-image.png)

You can check your password on the "**My accounts**" page, click on the "**View password**" of the "**app-demo**" account.

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2026-06/scaled-1680-/xcUYNTHc1zmEcTHX-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2026-06/xcUYNTHc1zmEcTHX-image.png)

Now let's **disable** the "app-demo" account.

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2026-06/scaled-1680-/6t1qrUFAOBlmIeqP-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2026-06/6t1qrUFAOBlmIeqP-image.png)

Check the password again, it must be empty.

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2026-05/scaled-1680-/BeGQeZT3Rla7fpaH-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2026-05/BeGQeZT3Rla7fpaH-image.png)

We are going to assign a new password "**Dummy02.**".

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2026-06/scaled-1680-/18lgUFrATVmk75jn-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2026-06/18lgUFrATVmk75jn-image.png)

The other account has the new password.

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2026-06/scaled-1680-/gT7ORlraCtVORk9z-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2026-06/gT7ORlraCtVORk9z-image.png)

**Enable** the "app-demo" account.

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2026-06/scaled-1680-/ZA3P6gdNmBQCncYV-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2026-06/ZA3P6gdNmBQCncYV-image.png)

Check the account with the new password.

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2026-06/scaled-1680-/FR3F7F3Qdx8kpCs6-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2026-06/FR3F7F3Qdx8kpCs6-image.png)

# 2026-05-19 New feature: filter holder groups at the IdP login

### The new feature

<p class="callout info">From now on, the **service providers** who have selected the “**Ask for group membership after authentication**” option will be able to filter which of these should be selectable with the attribute "**Script to filter out group memberships**".</p>

### Bear in mind

Please note the following points:

- The **holder groups** **must be** correctly **configured** in Soffid.
- If there is only **one** possible **holder group**, it is **selected automatically** and is not displayed to the user.

### How to configure it?

The following **components** must be installed:

- Addon federation 4.0.25 (or higher)

### Let's look at an example

Let’s look at an example, here we have the user "**user4**" who has already set up the **holder groups**.

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2026-05/scaled-1680-/JpAKXBOb9tYRKvLA-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2026-05/JpAKXBOb9tYRKvLA-image.png)

We had a **service provider** that was already selected the option "**Ask for group membership after authentication**".

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2026-05/scaled-1680-/kP8QV9hPqFVt8sdA-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2026-05/kP8QV9hPqFVt8sdA-image.png)

The holder groups have several **custom attributes** (startDate, endDate and status).

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2026-05/scaled-1680-/jSgdoRMeh0qAllS1-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2026-05/jSgdoRMeh0qAllS1-image.png)

We now want to **filter** the **holder groups** with the attibute **status** with the **Active** value.

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2026-05/scaled-1680-/YqrDoi5j8iFQ3WLV-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2026-05/YqrDoi5j8iFQ3WLV-image.png)

So we're going to create a script in the "**Script to filter out group memberships**" of the service provider.

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2026-05/scaled-1680-/9PjFDOz2srel64TD-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2026-05/9PjFDOz2srel64TD-image.png)

This is the script.

```
// Return the groups whose “status” attribute has the value "Active"
//
l = new java.util.ArrayList();
lug = serviceLocator.getGroupService().findUsersGroupByUserName(user.userName);
for (i=0; i<lug.size(); i++) {
  ug = lug.get(i);
  if (ug.attributes!=null &&
      ug.attributes.get("status")!=null &&
      "Active"===ug.attributes.get("status"))
  {
    l.add(ug.group);
  }
}
return l;
```

<p class="callout warning">Please note that if the **script fails** or is **not configured correctly**, the holder groups page will **not be displayed**.</p>

Now, to test it, we’ll log in to the application (the service provider), and these are the IdP’s login pages

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2026-05/scaled-1680-/ljIO7Xg3gF9ZXiLx-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2026-05/ljIO7Xg3gF9ZXiLx-image.png)

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2026-05/scaled-1680-/ZZ0FVGgc0tVBYgrq-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2026-05/ZZ0FVGgc0tVBYgrq-image.png)

# 2026-05-21 New feature: CSV connector in Soffid 4

### The new feature

<p class="callout info">The first version of the "**CSV connector**" <span style="text-decoration: underline;">has been released in Soffid 4</span>. This connector only includes the “**Customisable CSV file**” <span style="text-decoration: underline;">agent</span>. In this version, this agent is used to **generate a CSV file** as part of the Soffid synchronisation engine.</p>

### Bear in mind

Please note the following points:

- The "Customisable CSV file" agent is used to **synchronice**, <span style="text-decoration: underline;">not for load authoritative o reconcile</span>.
- **Users** who need to be created in the CSV file must **have** an **account** with that **agent**.
- Please note the **location** where the file will be created; its configuration will depend on the **operating system** and the type of Soffid **architecture/installation**

### How to configure it?

The following **components** must be installed:

- CSV plugin 4.0.0 (or higher)

### Let's look at an example

Step 1: install the **CSV plugin** from the marketplace (Add new button) in the [License and plugin](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/license-and-plugin "License and plugin") page. The name of the connector is "Test plugin".

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2026-06/scaled-1680-/2oB9SLFndZ0lcQaW-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2026-06/2oB9SLFndZ0lcQaW-image.png)

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2026-06/scaled-1680-/dhespCDZJ3dOM1sl-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2026-06/dhespCDZJ3dOM1sl-image.png)

Step 2: **create** an **agent** of the "Customisable CSV file" type.

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2026-06/scaled-1680-/APaiPdzP2khgdjXu-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2026-06/APaiPdzP2khgdjXu-image.png)

Step 3: **configure** the agent with the **mappins** you need (in the "Attribute mapping" tab).

<p class="callout info">For further information on how to configure this agent, please refer to the [CSV connector in Soffid 4](https://bookstack.soffid.com/books/connectors/page/csv-connector-in-soffid-4 "CSV connector in Soffid 4") page.</p>

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2026-06/scaled-1680-/wGHA94XZpt2v0SM4-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2026-06/wGHA94XZpt2v0SM4-image.png)

Step 4. Create **CSV accounts** for users.

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2026-06/scaled-1680-/5D2TnLjvWXwEAvSc-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2026-06/5D2TnLjvWXwEAvSc-image.png)

Step 5. The **accounts** created will have synchronised automatically as the **engine** is set to automatic and the **agent** is in write mode, and it is active in the **monitoring**.

The accounts.

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2026-06/scaled-1680-/HZ82yAznNziSLr0g-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2026-06/HZ82yAznNziSLr0g-image.png)

The engine.

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2026-06/scaled-1680-/yqx43Nf2PizJgw15-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2026-06/yqx43Nf2PizJgw15-image.png)

The agent.

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2026-06/scaled-1680-/2FWWp81w2FGprT3F-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2026-06/2FWWp81w2FGprT3F-image.png)

And the monitoring.

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2026-06/scaled-1680-/gMGGVd6cwWGO37Be-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2026-06/gMGGVd6cwWGO37Be-image.png)

Step 6. Now let’s **check** the CSV file. It was configured in the "/tmp/users.csv" path of the container.

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2026-06/scaled-1680-/HPjZQHTHOTP0y1wY-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2026-06/HPjZQHTHOTP0y1wY-image.png)

# 2026-05-31 New feature: new authorization for the SCIM webservice

### The new feature

<p class="callout info">From now on, all **users** used to access the **SCIM webservice** will **require** the new "**webservice:user**" authorisation.</p>

### Bear in mind

Please note the following points:

- Users with the **SOFFID\_ADMIN** role **already have** this authorisation inherited by inheritance.
- <span style="text-decoration: underline;">After updating Soffid</span>, you will <span style="text-decoration: underline;">need to grant this authorisation</span> to users who are not administrators and who are already using the SCIM web service.

### How to configure it?

The following **components** must be installed:

- Console 4.0.58 (or higher)

### Let's look at an example

<p class="callout info">For this example, we will be using the Bruno application; for further information, please see this page [Testing ](https://bookstack.soffid.com/books/scim/page/testing-tool "Testing Tool")[Tool](https://bookstack.soffid.com/books/scim/page/testing-tool "Testing Tool").</p>

First, let’s check that the "**Test**" user we were using in the SCIM web service <span style="text-decoration: underline;">no longer has access</span>, see the "**401 Unauthorized**" error.

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2026-06/scaled-1680-/YOxbb2qt0WTvXENH-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2026-06/YOxbb2qt0WTvXENH-image.png)

On the **Roles page**, we are going to create a new role, "**SOFFID\_SCIM**", and then assign the new authorisation to it.

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2026-06/scaled-1680-/7PvJwwbnBMztwL3i-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2026-06/7PvJwwbnBMztwL3i-image.png)

On the **Authorisations page**, we assign the new authorisation "**webservice:user**" to it.

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2026-06/scaled-1680-/aKeNA4AKyeJsXCtY-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2026-06/aKeNA4AKyeJsXCtY-image.png)

The final step is to **grant** the **SOFFID\_SCIM** role to the **user**.

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2026-06/scaled-1680-/7Yegz9EcBDB6t9PU-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2026-06/7Yegz9EcBDB6t9PU-image.png)

Now, when we query the web service, it returns results.

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2026-06/scaled-1680-/shHwcMrzgAyCMKh3-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2026-06/shHwcMrzgAyCMKh3-image.png)

# 2026-05-31 New feature: hidden stack tracers

### The new feature

<p class="callout info">**Users** who do not have the SOFFID\_ADMIN role will **no** longer **see** the details of **errors** in the **Console**; instead, an **identifier** will be displayed so that <span style="text-decoration: underline;">administrators can look it up in the log</span>.</p>

### Bear in mind

Please note the following points:

- Users with the **SOFFID\_ADMIN** role will be able to **view the error log**.
- End **users** will see an **identifier** which they must share with the administrator.

### How to configure it?

The following **components** must be installed:

- Console 4.0.58 (or higher)

### Let's look at an example

Let’s follow these steps.

- Open the **Console**.
- Next, go to the **Identity Self Service** module.
- Select the **Process Search** page.
- In the search bar, select the **Advanced** option.
- Type in **any text**, for example "Test".
- Then click on the **magnifying glass** to search.
- In the pop-up window displaying the error, **click on the "+" icon** to the right of the text "‘Technical data".
- You can now see the **identifier**.

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2026-06/scaled-1680-/MLyGC2KBhY6TpZYJ-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2026-06/MLyGC2KBhY6TpZYJ-image.png)

Now the user has to share the id with the Soffid administrator, in this exemple XFVBYOJTVZU4VO75.

Soffid administrators can **look up** the **id** in the "**Console log**" page.

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2026-06/scaled-1680-/Ohnd3Hf8uSjU7dSj-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2026-06/Ohnd3Hf8uSjU7dSj-image.png)