Swiyu / EUDIW onboarding

EID (Digital Identity) provider integrations deliver the highest level of trust and the most frictionless customer experience. By integrating with trusted national and regional Digital Identity providers, you can leverage high-assurance, government-backed verification to dramatically reduce fraud and meet compliance requirements like KYC. This feature allows your customers to onboard and log in in seconds using their verified digital identities, accelerating conversion and enhancing the overall customer journey.
Nevis provides out-of-the-box integrations with 3 EUDI wallets configured for EID digital onboarding:

• Signicat e-ID Hub — European e-id
• walt.id — EUDI Wallet + custom Verifiable Credentials
• Swiss e-ID — for Swiss citizens

OpenSSL 3.5 upgrade

nevisProxy has been updated to use OpenSSL 3.5.4. OpenSSL 3.5 is a significant release as it includes the first NIST-standardized post quantum cryptography (PQC) algorithms, such as ML-KEM for key exchange and ML-DSA for digital signatures, to protect against future quantum computer attacks. This is one of the first early steps from Nevis to prepare for the long-term support of the coming post quantum cryptography era.

SCIM Continuous provisioning

Our existing SCIM provisioning solution mainly consisted of the in and out-bound one time and bulk capabilities so far. With our recent additions, which also covered the PATCH operation support for SCIM, now enables projects to deliver continuous provisioning integration in both directions. Besides this, the SCIM solution was also amended by additional filtering capabilities as well as performance improvements. Further enhancements that ease the integration (like sample client solutions, integration guides) are still to come. But we already paved the way to enable the full power of SCIM based provisioning.

IDM REST APIs — phase I

Nevis has started to fully round up its REST based interface coverage for nevisIDM with the current release cycle. In our phased approach, we’ve started with the login and authentication processes, prioritized by the needs previously communicated to us. The current rolling release and the upcoming LTS26 releases now contain REST endpoints for entities such as the SAML or Ticket credential, also has full OATH credential coverage completion, besides several others. And with our second phase coming next May, all credentials and any other remaining gaps in our other IDM REST coverage (history operations for example) should be closed and delivered.

OpenAPI support

Nevis has standardized it’s API descriptor approach in the current rolling release. OpenAPI / swagger based descriptors are now available for the public REST interfaces of all Nevis components. The documentation is available on https://apidocs.nevis.net/ For quick access of the component documentation, see the links below:

• nevisAdapt
• nevisAdmin4
• nevisAuth
• nevisFIDO
• nevisIDM
• nevisMeta

Performance optimisations — phase I

Nevis is undergoing a rehaul of its approach towards performance, specifically with regards to the amount of SQL statements executed towards the database in different use cases. We follow a phased approach on this topic, and expect to complete in all areas by the May 2026 release. But in the current cycle, we already deliver several relevant changes, with a focus on authentication processing. Below are the areas covered:

• Caching upgrades in nevisIDM and nevisFIDO, e.g. introduction of the IDM policy cache
• Endpoint optimisations, from SCIM through generic credential properties to login-info bulk updates
• Hibernate tuning for endpoints and in general, e.g. enhanced transactionality coverage

In our coming phase II for May 2026 further enhancements are planned, for example, on the authstate and service layers, but additional caching will be included also.

Identity Suite: What’s New in November 2025 was originally published in Nevis on Medium, where people are continuing the conversation by highlighting and responding to this story.

We are FIDO2 certified!

While Nevis already supported FIDO2 and passkeys for a long while, we are happy to announce that we recently successfully obtained the FIDO2 Functional Server Certification. As one of a few vendors, Nevis now provides certified FIDO implementations across both major FIDO variants: FIDO UAF and FIDO2.

OpenID Connect (OIDC) Certification

Nevis is now officially certified at the OpenID Foundation for their OpenID Provider’s (OP) Basic Profile with the Nevis Identity Platform! This milestone marks a major step in our mission to deliver secure, seamless and standards-based digital identity solutions. With OIDC certification, integrating Nevis into modern identity ecosystems is easier and more secure than ever. Whether you’re streamlining customer journeys or scaling your identity architecture, Nevis has you covered. Turn security into an experience — with Nevis, it’s not just possible, it’s certified.

Credential Intelligence

Credential intelligence uses external information sources to detect if the users credentials have been leaked in data breaches and thus unsafe.

Credential intelligence can be used to trigger a password change in case of compromised credentials bringing extra security for our customers. This feature can be utilised in the registration, login, and password change use-cases.

New default login UIs

A fresh new style for the default login widget, available directly in Nevis.

PKCE for the Relying Party

PKCE (Proof Key for Code Exchange) support is now fully available across both the server and client sides of our OIDC/OAuth2 implementation! In line with RFC 7636, we’ve enabled PKCE in OAuth2ClientState, RelyingPartyState, and the Generic Social Login Step, empowering you to build secure, end-to-end authorization flows for public clients and federated login use cases. This upgrade strengthens protection against code interception attacks when Nevis is acting as the client (or service provider), while keeping your integrations smooth and modern.

OpenID Connect Seamless Key Rollover

Nevis introduces seamless key rollover support for the OAuth2 /OpenID Connect flows, delivering a new level of operational stability and security agility. With support for overlapping key validities organizations can now rotate signing and encryption keys for ID and access tokens without requiring user re-authentication or interaction. This enables true zero downtime during OIDC certificate updates, even when tokens are actively in use or have already been issued. The update lays the groundwork for a resilient, standards-compliant token lifecycle, addressing the needs of long-lived tokens and high-assurance environments.

Mobile App Attestation

Our latest SDK introduces App Attestation support across both native Android and iOS SDKs as well our Flutter and React Native plugins. App Attestation is a security mechanism provided by Apple and Google that allows backend services to cryptographically verify the authenticity and integrity of mobile applications before processing requests. By implementing this technology, we ensure that only customer-approved applications can interact with our backend services, creating a robust defense against malicious apps attempting to impersonate legitimate clients. This verification process occurs at the application level, where the mobile operating system generates cryptographic proofs that confirm the app’s identity, code integrity, and runtime environment, which are then validated by our servers before granting access to authentication services.

Android Strongbox Support

We’ve integrated StrongBox support for Android devices that feature this hardware-backed security module. StrongBox is Android’s implementation of a Hardware Security Module (HSM), introduced in Android 9, which provides tamper-resistant storage for cryptographic keys within dedicated secure hardware separate from the main processor. When available on a user’s device, our SDK automatically utilizes StrongBox to store sensitive key material, ensuring that cryptographic operations occur within the most secure environment possible. This hardware-level protection makes it extremely difficult for attackers to extract or manipulate keys, even with physical access to the device or sophisticated software-based attacks, significantly enhancing the overall security posture of our authentication process.

Minimal Canary Deployment

When using canary deployments, infrastructure must have enough capacity for both primary and canary needs, potentially requiring double the primary’s peak resources. This can be costly, especially when such deployments are used for configuration testing. To lower costs for multiple projects with canary deployments while maintaining ingress-based traffic control and zero downtime, we introduce an optional inventory item to customize the resource and replica settings for the canary deployment.

Improving Interoperability with FIDO & Generic Credentials

Nevis continuously expands its offering in the FIDO and Passkey areas, adding more and more features to them with every release cycle. The usage of these credentials is also constantly growing. The current solution, which relies on the usage of Generic credentials together with specific FIDO credentials is becoming more and more of a constraint. Nevis has changed this, allowing for parallel usage of FIDO and Generic credentials for both our rolling and LTS24 releases. More changes and flexibility will also be delivered in the coming Nevis releases regarding FIDO and Generic credential usage.

Sources: Cover Photo by Raphaël Biscaldi

Identity Suite: What’s New in May 2025 was originally published in Nevis on Medium, where people are continuing the conversation by highlighting and responding to this story.

What does Related Origin Requests allow

Related Origin Requests allow websites to share passkeys, not just between closely related domains, but also across different brands and domains owned by the same organization. This means a single passkey could potentially be used across all of a company’s online properties. For example, a user could sign in to google.com, google.co.uk, youtube.com, and wallet.google all with the same passkey. It's important to note that this feature has limitations, including a maximum of five 'labels' associated with each passkey.

How to use Related Origins

To enable Related Origin Requests across multiple domains, a .well-known file must be hosted at the root level of the primary website (the Relying Party or RP) where the passkeys are registered. For example google they would host the file at https://www.google.com/.wellknown. This file, known as a domain assertion, allows browsers to verify that other specified domains are authorized to use the same passkeys. By hosting this file, the primary website effectively grants permission to related domains, streamlining the user experience and enhancing security by ensuring only authorized sites can access the passkeys.

As an example:

Let’s say the RP ID for your organization’s main website is example.com. You would host a domain .well-known file on example.com that specifies other related domains, such as example.co.uk, example.shop.com, and example.app.com, are authorized to use passkeys created for example.com.

The browser, when encountering a passkey for example.com on one of the related domains, would consult the domain assertion file on example.com to confirm that sharing the passkey is permitted. This process helps prevent phishing attacks by ensuring passkeys are only used within the intended network of related domains and served only via https.

For the above example the .wellknown file for example.com would be stored in https://example.com/.wellknownwould look as follows:

{     
  "origins": [        
                "https://example.co.uk",         
                "https://example.shop.com",         
                "https://example.app.com"     
              ] 
}

Current Limitations and Considerations

While Related Origin Requests offer significant potential, it’s important to acknowledge their are some current limitations due to how cutting edge it is.

As of January 2025 the browsers support is as follows;

• Chrome: supported as of version 128
• Safari: supported as of MacOs 15 and iOS 18 macOS 15+
• Firefox: Currently no support

We have seen that using Chrome 128 or newer on versions of iOS that are below 18 are not compatible. This suggests that iOS is a limited factor when using Chrome.

The Nevis Authentication Cloud support

The Authentication Cloud provides support for Related Origin Requests allowing for organizations with multiple brands to be able to use a single passkey across all of their domains. This is allowing their users to quickly authenticate and access their sites whichever brand or domain they are accessing.

The Path Toward a Seamless Passwordless Future

Related Origin Requests represent a significant stride toward a more user-friendly and frictionless passwordless experience. As broader browser and operating system support emerges, this functionality will further solidify the role of passkeys in simplifying and securing online authentication across all the domains/ brands an organisation has.

Take a look at passkeys.dev for additional details.

Multi-domain support in Passkey: A closer look at Related Origin Requests was originally published in Nevis on Medium, where people are continuing the conversation by highlighting and responding to this story.

The latest release of Identity Suite introduces a comprehensive set of improvements designed to optimise user workflows and bolster security measures. This November 2024 update encompasses key enhancements to the inventory editor, deployment processes, Git integration, and Mobile SDK functionalities. Users can anticipate increased efficiency, reduced manual intervention, and a more streamlined experience across the platform. Continue reading for a detailed overview of the key features and benefits included in this release.

Inventory Editor Improvements

Our improved inventory editor makes your workflow smoother than ever. With the help of the new editor action menu you can easily fold and unfold sections to focus on what matters. Collapsible ranges allow you to organize and review data effortlessly. Open and close validation errors. They’re now highlighted, so you can fix issues instantly. These updates are designed to save you time and reduce frustration, ensuring your inventory stays accurate and stress-free.

Background Deployment

Seamless Updates with Background Deployment

Our new background deployment feature makes the process more efficient and smarter. It allows you to test small updates without manual intervention while continuing your work uninterrupted. Deployments run quietly in the background, eliminating downtime and streamlining workflows. Perfect for efficient testing and reducing delays, it ensures you stay productive during the process. Focus on what matters while your updates take care of themselves.

Improve Git publish UI

The improved Git publish UI gives you more clarity. It allows now to compare the content of pattern attachments (e.g. Groovy scripts or XML files) before committing to Git to easily track changes and ensure accuracy. And we also have the new Git Tagging option. It helps your version management, stay organised and efficiency. These enhancements simplify workflows, reduce errors, and make publishing with Git more productive.

Variable default values

Introducing our new variable default values: a smarter way to set up your processes. From now on you can assign sample or predefined default values to your variables. This means no more adding different values for validation, default values are automatically applied. It saves you time and reducing repetitive manual input. Configuration becomes more productive, letting you focus on optimising.

Single Document for Release Notes

We have revamped our release note structure and developed a comprehensive and more appealing format that focuses on all the relevant changes for the release. This way our clients could obtain release specific information more quickly and easily regardless of technical component. You can read the first version applicable for the November 2024 release here.

Mobile

Fetch Channel

The SDK now retrieves out-of-band operations directly from the backend, offering more flexibility and control. This allows you to provide users with an alternative to push notifications and QR codes when those methods are delayed or unavailable. Alternatively, you can use this as the sole notification method, ensuring the mobile app retrieves the notification for the user. This approach eliminates potential notification delivery failures and puts users in control of their operations.

For more information on how to implement, take a look at PendingOutOfBandOperations (NEVIS Mobile Authentication SDK 3.8.0.1).

Security Enhancements

Android Key Attestation

The Android operating system is used by many different device manufacturers, each of whom may implement varying keystore hardware mechanisms. The new Key Attestation functionality ensures that your users’ key hardware stores are approved and secure by Google, providing assurance that the security key is not at risk of being tampered with.

This functionality is only required on Android due to the diverse range of manufacturers, while iOS devices, being solely produced by Apple, have guaranteed keystore security by default.

See Authenticator Attestation (Full Basic / Surrogate Basic) | Nevis documentation

Other enhancements

Elliptical Curve Support: The mobile authentication now fully supports Elliptic Curve Cryptography (ECC) with the P-256 curve for generating new FIDO UAF credentials, replacing the previous use of RSA whenever possible. ECC is considered more resilient to future cryptographic attacks, ensuring long-term security for your applications.

Alphanumeric Password Authenticator: You can now offer users the option of using an alphanumeric password for FIDO UAF authentication. The SDK supports storing and managing basic password validation, such as minimum and maximum length. However, your application is responsible for ensuring the password’s complexity and strength (entropy) to meet your specific security requirements.

See Authenticators | Nevis documentation

Credential Sync

Since users can delete registrations from their devices or through the backend on another device, inconsistencies can arise between stored registrations on the front and back ends. To address this, the Mobile SDK now performs checks and synchronizations to remove any redundant registrations, ensuring users have only valid credentials on their devices and preventing the backend from offering authentication from invalid devices.

Learn more how to add credential sync usingDeviceInformationCheck (NEVIS Mobile Authentication SDK 3.8.0.1) and DeviceInformationSync (NEVIS Mobile Authentication SDK 3.8.0.1).

Wildcard Facet ID’s

To simplify integration during development, the SDK now allows the use of wildcards in FacetIDs for both iOS and Android. This eliminates the need for integrators to generate FacetIDs during the early development phase and permits testing to occur sooner. However, it’s important to note that wildcarding is not permitted in the production SDK.

See Mobile Authentication: Configuration Guide

Passkey and FIDO 2 Credential filtering

The newly introduced credential filtering feature is based on an allow-list concept. Configuring an allow list allows you to restrict FIDO2 authenticators for the registration and authentication ceremonies.

Through the help of this you can limit the FIDO2 security keys allowed to be used to a specific set of keys from a specific vendor. With that many new use cases are being supported, for example, it is now possible to limit that only keys used for registration are possible to be used for authentication. Besides the feature sets supported, this also elevates the level of security that can be provided.

Identity Suite: What’s New in November 2024 was originally published in Nevis on Medium, where people are continuing the conversation by highlighting and responding to this story.

However, the success of passkey implementation goes beyond mere technical integration; it hinges on designing a user experience (UX) that’s intuitive, seamless, and trustworthy.

The UX Challenge of Passkeys

While passkeys eliminate the vulnerabilities of traditional passwords, they introduce a new set of UX considerations. Users need to understand how passkeys work, how to create and manage them, and how to authenticate with them across different devices and platforms. A poorly designed passkey experience can lead to confusion, frustration, and ultimately, user abandonment.

To address this challenge, we’ve created a comprehensive set of Figma templates, based on the FIDO UX guidelines, specifically designed for passkey UX visualization. These templates provide a framework for crafting a user-centric authentication flow that accelerates the integration of passkeys into your existing user interface.

Your UX Accelerator to Passkey Implementation

Our Figma templates offer a visual representation of the passkey UX design flow that covers various scenarios, including:

• Passkey creation: Guiding users through the process of setting up a passkey, explaining the benefits, and addressing potential concerns.
• Passkey authentication: Designing intuitive prompts and interactions for biometric or device-based authentication.
• Passkey management; Aiding users to add, remove and manage each of their passkeys on their current device as well as their others.

These templates not only visualize the user journey but also incorporate best practices for security and usability. They help designers, developers, and product managers understand the nuances of passkey UX and allow them to make informed decisions to optimize the user experience.

Beyond Technical Implementation: The Importance of UX in Passkey Adoption

A well-designed passkey experience is crucial for driving user adoption. By simplifying the onboarding process, minimizing friction, and ensuring clarity at every step, you can encourage users to embrace this new authentication method and enjoy its benefits.

Our Figma templates empower you to create a passkey experience that is:

• Intuitive: Users easily understand how to use passkeys without extensive instructions.
• Secure: Passkey authentication is implemented with robust security measures to protect user data.
• Consistent: The passkey experience is consistent across different devices and platforms.
• Trustworthy: Users feel confident in the security and reliability of the passkey system.

Find our passkey UX flows in figma communities here

Unlocking the Power of Passkeys: The Crucial Role of UX in Seamless Authentication was originally published in Nevis on Medium, where people are continuing the conversation by highlighting and responding to this story.

Product analytics

Great products aren’t built in a vacuum–you need a continuous process of getting feedback from users to guide your product roadmap and keep the pulse on satisfaction levels.

Product analytics is an excellent source of insights about how the product performs and how it can be further improved. Product analytics helps Nevis to understand what and how users are doing.

As of the 2024 May Identity Suite release Nevis is introducing a new feedback loop — which is an iterative process — whereby insights gathered from customer feedback are implemented into the product development process and used to inform product decisions on a consistent basis. The process repeats indefinitely as new feedback influences new product strategies, and changes may prompt additional feedback from customers.

LTS-24

The release marks a new milestone in terms of functionality and stability, it is cloud ready and it includes support for PostgreSQL, Red Hat Enterprise 9 and OpenTelemetry.

The Nevis LTS lifecycle model follows a fixed release cycle. New features are held back until a new major LTS release version is available, after a predefined and fixed period of time. To ensure highest security at all times, security patches and functional bug fixes are released more frequently. For more details please visit our release support page.

PostgreSQL

New Identity Suite Rolling and LTS releases are now fully compatible with PostgreSQL. For new clients who build their Identity Suite based on Microsoft Azure One-Click deployment, this is the only supported option.

Software Bill of Materials (SBOM)

In an effort to increase transparency and provide quality assurances concerning the security of the software supply chain we are investigating and plan to roll out Software Bill of Materials (SBOM) for the main Nevis components. The supported SBOM format will be CycloneDX and the roll out will begin with the main components for Rolling Releases and LTS releases will follow.

SBOMs are important in modern software development and management to help ensure security, compliance, quality, and efficiency throughout the software development lifecycle.

By having a complete list of dependencies, it can help to identify vulnerabilities within the product and quickly assess their status and related security risks.

Interested in getting an early look at our SBOM? Reach out to us for a preview before the official release.

Single provisioning queue for IDM

Our built-in identity provisioning and synchronization has long been able to integrate with message queue (MQ) solutions. The solution was extended with the possibility to configure external MQ applications. Those supporting XA transaction management can now be integrated easily. But those without XA can also be utilised through the configuration of an external Artemis bridge. While our so far existing current solution also stays available for project implementation, including performance and memory handling improvements.

The default setting stayed the same, using the internal Artemis bridge. though, customers opting for this shall experience greatly lower memory and cache consumption values. In case if an external queue is configured, the internal Artemis bridge is not started. Two major directions exist in this scenario. On one hand, those using XA compatible servers can simply change the destination of the messages to it. On the other hand those without XA support (e.g. Azura Service Bus) can opt for an external Artemis bridge instead. This way allowing for the integration of various external message bus platforms.

Identity Suite: What’s New in May 2024 was originally published in Nevis on Medium, where people are continuing the conversation by highlighting and responding to this story.

Inventory search

We’re excited to introduce our latest enhancement: the search feature has been extended to the inventory level! Now, navigating through your projects’ and inventories’ content is easier than ever. Enter your query and find what you need in no time. With this new update, you can also search for inventory content, secret description, secret file description, file description, secret file name, and file name.

Mobile authentication project template

This project template elevates security by providing multi factor authentication (MFA) for login and self registration cases out of the box, based on FIDO UAF standards. Security and convenience at the same time is realised through the use of public key cryptography and multi-factor authentication on mobile devices.

The template is by default configured to connect with the native (iOS or Android) Nevis DEMO mobile access application to support complete sign-up and sign-in scenarios.

Passkey project template

This project template represents a strong & secure user authentication — for login and self registration cases out of the box — based on FIDO2 standards. Passkey is in fact a replacement for password. It is easy to use, resistant to threats (phishing, credential stuffing, other remote attacks) & works across most of the user’s devices. Users do not need to enrol a new FIDO credential on each service or each new device.

…and more

See our release notes for more.

Identity Suite: What’s New in February 2024 was originally published in Nevis on Medium, where people are continuing the conversation by highlighting and responding to this story.

It can be a self explanatory reaction to solve the problem described above to elevate the lifetime of the refresh token to tackle the issue of the frequent reauthentication. However this also carries significant risk because if an attacker steals a refresh token, they can easily access the protected resources and act on the user’s behalf for a prolonged period of time.

Refresh token rotation solves the aforementioned problems by replacing the refresh token every time a new access token is issued and also invalidating the old one. The new refresh token’s lifetime will be the same as the invalidated one. That means in practice that if the old refresh token’s lifetime was 30 days than the new refresh token’s lifetime will be also 30 days starting from the day of issuance.

In scenarios, where more than one client implementations or parallel processes share refresh tokens, these clients and processes have to ensure synchronization of the refresh tokens across them. Upon every usage of the refresh token, this replication has to happen, before the other client(s) trying to use their expired version of the refresh token.

Advantages of refresh token rotation

• Better user experience: Refresh token rotation simultaneously elevates security and enhance user experience by reducing the number of reauthentication requests.
• Reducing the number of long lived tokens: Refresh token rotation allows the replacement of long lived refresh tokens, reducing the reliance on long-lived credentials and promoting a more secure infrastructure.
• Regulatory compliance: The feature can help companies to adhere to security and regulatory standards that require the implementation of certain measures, such as token rotation.
• Enhanced security: Refresh token rotation adds an additional layer of security to the authentication system, making it more resilient against token-related attacks.
• Additional alerting: In case a refresh token is compromised and utilized, the rightful owner of the refresh token will be required to reauthenticate upon next use. Such reauthentication events, not due to expired token status, but due to usage of an already invalidated token, could raise immediate security alerts in the operator’s systems.
• Minimizes attack opportunity: Regular rotation minimizes the window of opportunity for attackers to misuse a compromised refresh token.

As of 2023 May Nevis supports refresh token rotation in the Identity Suite. Implementing this feature can add an extra security layer for your OAuth 2.0 implementation with unchanged or even better user experience.

Refresh token rotation was originally published in Nevis on Medium, where people are continuing the conversation by highlighting and responding to this story.

As Nevis utilises push notifications for it’s push authentication, it’s critical to us to ensure your data remains secure and private. In this article we discuss the actions we take protect our customers and your users.

Decoupling the Push Message from Sensitive Data

Our first line of defence involves separating the push message from the actual encrypted payload. This approach ensures that even as the notification traverses through Apple or Google’s push notification servers, it remains devoid of any user IDs, personally identifiable information (PII), or confidential data.

• With the Authentication Cloud, you can additionally provide a notificationMessage in your API calls to separate the encrypted payload (message) from the push notification in a transaction confirmation, as detailed in our Sign Transaction with Push documentation.
• We use RSA or ECDH-ES for the encrypting the payload.

Offering Alternatives to Push

Flexibility is key in digital security. Recognising this, we offer alternatives to push-based authentication. Users can opt for QR code or deep-link based authentication methods. These alternatives not only provide additional layers of security but also cater to varied user preferences and needs.

• Simply set "channel": "app" for your operations in the Authentication Cloud, see the docs.
• For Identity Suite, refer to the Channel option in the mobile authentication patterns.

Innovating with Backchannel Authentication

Looking ahead, we are introducing an additional option in Q1 2024. This method will introduce a backchannel directly to users, enhancing the user experience and reducing dependency on central services from Apple and Google. The “pull to authenticate” feature is a step towards greater autonomy and security in the authentication process. Supporting similar user experience people know from push authentication, also in areas where Google or push services are blocked.

Summary

While it’s important to be aware of the risks associated with push notifications, it’s equally crucial to focus on the available solutions and advancements. Our approach at Nevis is to offer a secure, flexible, and user-friendly authentication experience, free from over-dependence on any single service provider. Stay tuned for more updates, as we continue to prioritize your digital security and privacy.

With Nevis, push authentication is both secure and convenient.

Want to read more on push authentication security? Learn about number matching.

Enhancing Push Authentication Security with Encryption was originally published in Nevis on Medium, where people are continuing the conversation by highlighting and responding to this story.

New Rolling Release Lifecycle

Starting in May 2024, the Nevis Identity Suite will switch to a six-month Rolling Release cycle, with releases in May and November. In short, fewer releases and longer support.

What does this mean?​

• Rolling Release “Full support” period will increase from 3 to 6 months.
• Rolling Release “Fade-Out support” period will increase from 4 to 7 months.
• Customers will have 12 months to upgrade to the next Rolling Release version.
• Customers will have to upgrade at least once per year to stay supported instead of twice.

The definitions of “Full support” and “Fade-out support” remains unchanged. See Rolling Release (RR).

Long-Term Support (LTS)​

Except for the extension of LTS-21 support, the Identity Suite LTS lifecycle will remain unchanged. See Long Term Support (LTS).

Java 17 upgrade

Nevis upgrades the runtime of all Java-based components from Java 8 to Java 17. The support of Java 17 is a major change with significant technological differences. We are committed to make the upgrade process as smooth as possible for all customers. For this reason, we will adjust the regular life cycle of the following Nevis releases.

What does this mean?​

• We will release the first Nevis rolling release version with Java 17 in November 2023.
• We extend the life cycle of the August 2023 rolling release with Java 8 to facilitate the upgrade to Java 17.
• There will be no LTS-23 release in November 2023.
• We will release the first Nevis long-term support version with Java 17 in May 2024.

Java 17 is the latest released long-term support (LTS) version of Java. Nevis components will benefit from various improvements, security enhancements, and bug fixes that come with the upgrade to Java 17.

Do not hesitate to consult your Nevis Value Added Reseller if you have questions about how to plan and implement the Nevis upgrade to Java 17.

Read more info at Java 17 Upgrade Announcement | Nevis documentation

Adaptive Authentication Project template

It supports out-of-the-box Adaptive user authentication during the login process. You no longer have to decide between security and user convenience, as you can dynamically react during login flows, depending on underlying contextual information or business rules.

The template primarily features username / password login infrastructure as first authentication step and further, additional security elements (silent e-mail notification, step-up authentication) according to the risk evaluation performed.

Social logins templates

This project template implements single-factor user authentication (SFA) based on social platform credentials. Platforms supported out-of-the-box are as follows: Apple, Google, Facebook, Microsoft.

Social login allows users to log in using their existing accounts from social identity providers.

Inventory Diff

It become possible to compare your inventories to each other with the new inventory difference view. With its help you can compare different environments and you can also made modifications on your primary inventory based on the comparison.

Project Search

From now on with this new function you can search for project related contents like property values, project description, variable names, pattern names, pattern notes, attachment names, attachment content, within the “Project Search” dialog. It will help you to find where your different configurations are used. To specify your results you can search in all project or select one project, and you can narrow the result for categories. We are planing to increase this function to other parts of the application as well.

New notifications on nevisAdmin4

Introducing real-time notifications for enhanced collaboration and transparency. Stay informed when others make changes to projects and know about ongoing deployments. This feature ensures everyone is on the same page, improves communication, and boosts productivity.

FIDO UAF Java test client library for automated testing

The mobile authentication test client library can be used in Gatling simulation projects to support writing Java based load testing scenarios for FIDO UAF, which can be run against a running Nevis Mobile Authentication setup. Gatling is a highly capable load testing tool which comes with excellent HTTP protocol support out of the box. Writing passwordless load tests using Gatling however requires additional comprehensive knowledge of the FIDO UAF protocol and operations. The purpose of the test client library is to help fill this gap by providing high level helper methods which can be easily integrated into a Gatling scenario. Please note, this solution only supports FIDO UAF but not FIDO2 based credential testing.

Identity Suite: What’s New in November 2023 was originally published in Nevis on Medium, where people are continuing the conversation by highlighting and responding to this story.