Built for the Future of Identity: Secure, Compliant, and Passwordless

This release is all about elevating identity infrastructure by making it more secure, flexible and intelligent by design. From our recent FAPI 2.0 certification to a smartly redesigned journey step library, we’re helping teams stay compliant while simplifying secure access across platforms. You’ll also find powerful tools for building smarter orchestration flows and action-level consumption metrics that improve visibility and control. Whether you're fighting fraud, fine-tuning access, or scaling global experiences, this release gives you the building blocks to do it better.

Highlights

FAPI 2.0 Certified: Built for Trust, Ready for Compliance

Mosaic by Transmit Security is now officially FAPI 2.0 certified, reinforcing our commitment to the highest standards of security, interoperability and compliance in identity.

As one of the first platforms to adopt the finalized FAPI 2.0 specification, Mosaic is uniquely equipped to support highly regulated industries and use cases like Open Banking, where secure data sharing, strong customer authentication and consent-driven flows are non-negotiable.

To make adoption seamless, we’ve introduced a toggle-based configuration within the Mosaic Console. With a single click, you can enable FAPI 2.0 compliance at the client level, automatically applying all required settings so you can focus on building secure, standards-aligned experiences without the manual overhead.

* Available in sandbox

Smarter Detection With Face Blocklist Management

Fraud analysts can now group similar fraudulent selfies under a single blocklist group, making it easier to identify repeat attackers, manage context-rich profiles and take decisive action in real time. This update brings several new capabilities to the Face Blocklist feature:

• Group visually similar images under one fraudster profile

• Add tags and descriptions to enhance search and investigation

• Filter more effectively within the blocklist

• Create, update or link profiles directly from Verification or Blocklist views

• Review matching faces before confirming a block

• Manage and refine image sets within each fraud group

Coming enhancements also include historical search and backward matching to detect previously unidentified fraudsters, along with profile-based blocking using attributes like name and date of birth for added protection beyond facial similarity.

* General availability

Redesigned Step Library With Featured and Pinned Steps

The ‘Add Step’ experience has been redesigned to make building journeys faster and more intuitive. Users can browse featured steps, pin frequently used ones for quick access, and search more efficiently within a streamlined interface that improves usability and discoverability.

* General availability

Fraud Prevention

Saved Views: Focus Instantly on What Matters

Views make it easy to return to the exact filters, time range, and data layout you care about on the Recommendations page, so you can skip repetitive setup and dive straight into the signals that matter.

Here’s what you can do:

• Save and name any filtered view, like “Suspicious login locations (24h)” or “High-risk card transactions”

• Reopen views instantly from the filter-bar selector, with filters, default timeframe and relevant data columns intact

• Set a default view so your preferred lens loads automatically every time you open Recommendations

This feature is part of our broader mission to help fraud teams work faster and smarter, improving investigation workflows while keeping the business aligned on real threats and legitimate behavior.

* General availability

Getting Identity Right: Best Practices for User Identity Integration

Accurate detection starts with consistent identity. The new User Identity Integration Best Practices Guide shows developers how to wire Transmit Security SDKs and backend APIs so every action is tied to the correct user, from first interaction to final transaction.

With identity stitched into the journey, risk assessment becomes more effective, helping detect sophisticated fraud patterns while minimizing friction for trusted customers.

* General availability

Customer Identity Management

Support for PKI-Based mTLS Client Authentication

Mosaic now supports PKI-based Mutual-TLS (mTLS) Client Authentication, using a certificate chain as defined in RFC 8705, Section 2.1. This enhancement aligns with customer expectations and industry standards for secure, certificate-based identity verification, enabling strong mutual authentication in high-assurance environments.

* General availability

Backend-Based Authentication for Social Logins

Backend-Based Authentication APIs are available for popular social login providers such as Google, Facebook and Apple. This feature expands backend authentication capabilities, making it easier to integrate social logins while preserving control and consistency across custom implementations.

* General availability

Authenticate Users With TikTok

TikTok-based authentication is now part of the backend authentication suite, allowing customers to integrate TikTok as a login method through the Backend-Based Authentication API. This feature makes it easy to offer users a seamless and familiar sign-in experience using one of the world’s most popular social platforms.

* General availability

New Management Client Type for SSO Service

A new management client type is now available within the SSO Service app. This client supports use cases that don’t rely on the SSO login journey, such as direct access to Mosaic APIs for administrative or integration purposes. Access is controlled through the same client-level RBAC mechanism, ensuring secure and scoped usage. Learn more about configuring management clients in the SSO Service.

* General availability

Understand Passkey Providers With WebAuthn AAGUID Mapping

WebAuthn-related APIs include both the AAGUID and the mapped authenticator name, using FIDO2 metadata to identify which passkey provider was used during registration. This added context helps customers and users better understand authenticator behavior and improves transparency in device-based authentication.

* General availability

Flexible ACS URL Enforcement for SAML Authn Requests

A new configuration option allows customers to decide whether the Assertion Consumer Service (ACS) URL is required in SAML authentication requests. When enabled, the system accepts requests without an ACS URL while still validating it if one is provided.

* General availability

Export Member Records to CSV in the Org Admin Portal

Org Admins can export member records to CSV directly from the Admin Portal, making it easier to support reporting and operational tasks. Exports can be customized by filtering members using advanced search with SCIM syntax and selecting which attributes to include before generating the file.

* General availability

Orchestration

New Journey Steps for Session Management and Messaging

Three new steps have been added to the journey builder to extend your orchestration options:

• SSO Session Keep Alive and SSO Session Termination under the Session Management category allow you to programmatically extend or end SSO sessions, either for a specific session or all sessions of a user.

• The Send SMS step enables integration with external SMS providers via REST APIs, giving you more control over messaging flows.

* General availability

Cross-Platform Enhancements

SAML SSO Now Available for Mosaic Console Admins

Admins can now log in to the Mosaic Console using their organization’s SAML SSO provider. This update supports centralized authentication, streamlines access control and reinforces enterprise-grade security across admin workflows.

* General availability

Just-In-Time Admin Provisioning With SAML SSO

With Just-In-Time (JIT) provisioning enabled, new admin users are automatically created in the Mosaic Console upon their first SAML SSO login. This removes the need for manual onboarding and ensures role-based access is applied from day one. Learn how to set up JIT provisioning.

* Phased rollout

Turn Visibility Into Value With Granular Consumption Metrics

Mosaic now offers detailed, action-level usage metering across the platform. With the new consumption reporting dashboard, you can see exactly how identity services are being used, giving your team the visibility needed to monitor usage and optimize based on real activity.

* Phased rollout