: New Features Introduced in October 2025
Focus
Focus

New Features Introduced in October 2025

Table of Contents

New Features Introduced in October 2025

Learn more about the new features introduced for the Cloud Identity Engine in October 2025, including the secrets vault.
The following table provides a snapshot of new features introduced for the Cloud Identity Engine app in October 2025. Refer to the Cloud Identity Engine documentation for more information on how to use the Cloud Identity Engine.
FeatureDescription
Secrets Vault
While it was often used for simplicity during the early days of computing, storing critical information (such as passwords and cryptographic keys) using unsecured methods like sharing passwords with coworkers or storing administrative information in plaintext can result in consequences such as security breaches or misuse. Storing this type of information in a secrets vault provides a much more secure method for storing and sharing this information. The Cloud Identity Engine now supports a secrets vault so that you can responsibly share this information with users who require it.
CIE Directory Enhancements
The Cloud Identity Engine now supports the CIE directory in the authentication profile. This allows you to use the CIE directory with an authentication type so that you can expand the deployment possibilities for your Cloud Identity Engine configuration.
Additionally, to reduce risk and vulnerability, the following security measures now apply for CIE directory users:
  • Users must change their passwords after their first login.
  • If a user fails to log in successfully after five attempts, the user's account is locked for five minutes or until it is unlocked by an administrator. The time that the account is locked is based on the number of unsuccessful attempts; for example, after 20 failed attempts, the account is locked for 20 minutes or until it is unlocked by an administrator.
  • If a user fails to log in successfully after 24 attempts, the user's account is disabled until it is enabled by an administrator.
Okta Directory Support for Log Forwarding to Strata Logging Service
The Okta directory now supports log forwarding to the Strata Logging Service for storage and auditing purposes. If you enable this option, the Cloud Identity Engine forwards the logs from the previous 24 hours to the Strata Logging Service. This helps meet compliance requirements, store logs for future reference, and track activity for auditing purposes. This also allows the Cloud Identity Engine to share the logging information with other Palo Alto Networks applications that you use in your network.