Resources
Changelog
What shipped, and when. One entry for every notable release: authentication, SSO, provisioning, conditional access, AI agent identity and the admin API, newest first.
Entries
Newest first. Dated entries are added as they ship; we do not backfill or invent releases.
- June 29, 2026 · Added
- Conditional access by time of day and by country, with fully local GeoIP resolution: no request leaves the platform to locate an IP address. Conditional access
- June 29, 2026 · Security
- Password policy aligned with NIST 800-63B and ANSSI guidance, configurable per organisation and per group.
- June 28, 2026 · Added
- Invitation-based registration by default: self-signup stays off until an administrator enables it. Sign-in methods are configurable per organisation (passwordless as opt-in), and users are invited to create a passkey after signing in. MFA and passkeys
- June 27, 2026 · Added
- Self-service organisation creation, a white-label "My apps" employee portal, and a richer user profile (job title, department, language).
- June 26, 2026 · Added
- User groups in the directory, with application access granted per group. Directory and groups
- June 22, 2026 · Improved
- Organisation logos are now self-hosted on sovereign object storage, and the sign-in page has been redesigned.
- June 19, 2026 · Added
- Anomaly detection for AI agents (six deterministic rules, hourly baseline, automatic containment), impact simulation of access policies against real sign-ins with versioning and restore, a unified registry of identities (humans, services, agents), and policy-as-code (export, plan, apply). AI agent identity
- June 19, 2026 · Added
- First-class identity for AI agents: human owner, expiry, lifecycle states (active, dormant, expired, orphaned) and attested access reviews. Scoped admin API tokens, a public OpenAPI 3.1 contract, and rotation and expiry of agent secrets. Admin API
- June 19, 2026 · Security
- DPoP (RFC 9449), PAR (RFC 9126) and private_key_jwt; OIDC Back-Channel Logout; security alerts by e-mail with a self-service sign-in history; fully local detection of compromised passwords. Security
- June 16, 2026 · Added
- Obexal becomes a SAML 2.0 identity provider (outbound, multi-tenant SSO), and outbound SCIM 2.0 provisioning ships with automatic deprovisioning and audited failures. SCIM provisioning
- June 15, 2026 · Added
- AI agent governance: immediate kill switch, scope and duration ceilings and an audience allowlist, all fail-closed. Custom RBAC roles with anti-escalation safeguards. AI agent governance
- June 15, 2026 · Added
- Attributable delegation for AI agents through Token Exchange (RFC 8693, act claim), with revocable user consent and bound audience (RFC 8707).
- June 15, 2026 · Added
- Network conditional access (IP/CIDR), fail-closed delegated LDAP/Active Directory authentication, and a catalogue of around forty SaaS integrations.
- June 15, 2026 · Added
- Custom domains verified over DNS with automatic TLS, per-organisation white label, and a platform operator console.
How we publish
One entry for every notable release, newest first. Security fixes are documented as they ship.
Organisation administrators are notified by e-mail of the changes that affect them.
Follow what ships.
Tell us what you run and we will keep you informed of the changes that matter to you.