The Cloud Identity Engine now supports access in the South Korea (KR) region for customers who must store the data that the Cloud Identity Engine synchronizes from their directories in that region to ensure compliance with their local data regulation requirements.

For more information on regions, refer to Regional Data Storage Requirements in the Cloud Identity Engine System Requirements.

For more information on how the Cloud Identity Engine manages the data you allow it to access, including transfer, retention, and security, refer to the Cloud Identity Engine Solution Brief or the Cloud Identity Engine Privacy Datasheet.

The Cloud Identity Engine now supports Security Risk, a unified framework designed by Palo Alto Networks to allow you to more easily detect, investigate, and manage risky users and devices within your network. With so many sources of risk information, it can be difficult and time-consuming to manage, interpret, and address these potential security threats. Security Risk for the Cloud Identity Engine makes it easier to not only collect but also to analyze and control sources of high-risk users and devices by providing adaptive access control for users and devices.

By configuring an Azure directory to collect user risk information in the Cloud Identity Engine, you can now create groups of users who have exhibited risky behavior based on dynamic risk information. You can also optionally configure a SentinelOne Endpoint Detection and Response (EDR) agent to provide information on risk signals from devices in your network and add devices to your quarantine list.

Security Risk automatically enforces access restrictions by moving users or devices that exhibit risky behavior into custom, administrator-created groups. After risk remediation, when the users or devices no longer meet the risk criteria you define, Security Risk removes them from the group so the user can once again access resources, enabling closed loop automation and simplifying user management.

By using telemetry and risk score information from the risk information sources you configure, Security Risk for the Cloud Identity Engine provides simplified management for your risk sources.

The Cloud Identity Engine now supports OpenID Connect (OIDC) as an authentication type for:

OpenID Connect (OIDC) provides additional flexibility for your Cloud Identity Engine deployment. By supporting single sign-on (SSO) across multiple applications, OIDC simplifies authentication for users, allowing them to log in once with the OIDC provider to access multiple resources without needing to log in repeatedly.

When you configure OIDC as your authentication type, the Cloud Identity Engine uses OIDC to communicate with your IdP and collect attributes for Security policy enforcement. Enabling OIDC authentication for the Cloud Identity Engine improves the authentication experience for users, since they won't need to reauthenticate as many times to access resources.

Multiple improvements are now available for the IP-Tag Connection capability, including: