Focus

Cloud Identity Engine Release Notes

Changes to Default Behavior

Table of Contents

Changes to Default Behavior

Learn about changes to default behavior in the Cloud Identity Engine from prior releases.

The following table details the recent changes in default behavior for the Cloud Identity Engine.

Feature	Change
Enhanced Security for CIE Directory Users	If you configure a new user for the CIE directory after September 2025, the following additional security measures now apply: Users must change their passwords after their first login. If a user fails to log in successfully after five attempts, the user's account is locked for five minutes or until it is unlocked by an administrator. The time that the account is locked is based on the number of unsuccessful attempts; for example, after 20 failed attempts, the account is locked for 20 minutes or until it is unlocked by an administrator. If a user fails to log in successfully after 24 attempts, the user's account is disabled until it is enabled by an administrator.
Risk attribute support in Cloud Dynamic User Groups	Prior to May 2025, if you selected the Collect risky user information from Azure AD Identity Protection option and the sync failed to retrieve that data, the sync would still complete successfully. Now, if you select the Collect risky user information from Azure AD Identity Protection option and the sync fails to retrieve that data, the sync does not complete successfully. A warning message also displays with instructions on how to resolve the error.

Feature

Change

Enhanced Security for CIE Directory Users

If you configure a new user for the CIE directory after September 2025, the following additional security measures now apply:

Users must change their passwords after their first login.
If a user fails to log in successfully after five attempts, the user's account is locked for five minutes or until it is unlocked by an administrator. The time that the account is locked is based on the number of unsuccessful attempts; for example, after 20 failed attempts, the account is locked for 20 minutes or until it is unlocked by an administrator.
If a user fails to log in successfully after 24 attempts, the user's account is disabled until it is enabled by an administrator.

Risk attribute support in Cloud Dynamic User Groups

Prior to May 2025, if you selected the Collect risky user information from Azure AD Identity Protection option and the sync failed to retrieve that data, the sync would still complete successfully.

Now, if you select the Collect risky user information from Azure AD Identity Protection option and the sync fails to retrieve that data, the sync does not complete successfully. A warning message also displays with instructions on how to resolve the error.

Cloud Identity Engine System Requirements

New Features Introduced in October 2025