+33 9 84 25 52 61
Sign in
Resources

Changelog

What shipped, and when. One entry for every notable release: authentication, SSO, provisioning, conditional access, AI agent identity and the admin API, newest first.

Entries

Newest first. Dated entries are added as they ship; we do not backfill or invent releases.

June 29, 2026 · Added
Conditional access by time of day and by country, with fully local GeoIP resolution: no request leaves the platform to locate an IP address. Conditional access
June 29, 2026 · Security
Password policy aligned with NIST 800-63B and ANSSI guidance, configurable per organisation and per group.
June 28, 2026 · Added
Invitation-based registration by default: self-signup stays off until an administrator enables it. Sign-in methods are configurable per organisation (passwordless as opt-in), and users are invited to create a passkey after signing in. MFA and passkeys
June 27, 2026 · Added
Self-service organisation creation, a white-label "My apps" employee portal, and a richer user profile (job title, department, language).
June 26, 2026 · Added
User groups in the directory, with application access granted per group. Directory and groups
June 22, 2026 · Improved
Organisation logos are now self-hosted on sovereign object storage, and the sign-in page has been redesigned.
June 19, 2026 · Added
Anomaly detection for AI agents (six deterministic rules, hourly baseline, automatic containment), impact simulation of access policies against real sign-ins with versioning and restore, a unified registry of identities (humans, services, agents), and policy-as-code (export, plan, apply). AI agent identity
June 19, 2026 · Added
First-class identity for AI agents: human owner, expiry, lifecycle states (active, dormant, expired, orphaned) and attested access reviews. Scoped admin API tokens, a public OpenAPI 3.1 contract, and rotation and expiry of agent secrets. Admin API
June 19, 2026 · Security
DPoP (RFC 9449), PAR (RFC 9126) and private_key_jwt; OIDC Back-Channel Logout; security alerts by e-mail with a self-service sign-in history; fully local detection of compromised passwords. Security
June 16, 2026 · Added
Obexal becomes a SAML 2.0 identity provider (outbound, multi-tenant SSO), and outbound SCIM 2.0 provisioning ships with automatic deprovisioning and audited failures. SCIM provisioning
June 15, 2026 · Added
AI agent governance: immediate kill switch, scope and duration ceilings and an audience allowlist, all fail-closed. Custom RBAC roles with anti-escalation safeguards. AI agent governance
June 15, 2026 · Added
Attributable delegation for AI agents through Token Exchange (RFC 8693, act claim), with revocable user consent and bound audience (RFC 8707).
June 15, 2026 · Added
Network conditional access (IP/CIDR), fail-closed delegated LDAP/Active Directory authentication, and a catalogue of around forty SaaS integrations.
June 15, 2026 · Added
Custom domains verified over DNS with automatic TLS, per-organisation white label, and a platform operator console.

How we publish

One entry for every notable release, newest first. Security fixes are documented as they ship.

Organisation administrators are notified by e-mail of the changes that affect them.

Follow what ships.

Tell us what you run and we will keep you informed of the changes that matter to you.