From Browser Takeover Protection to Stronger Governance: Mosaic’s March Updates

Our March release presents new capabilities across Mosaic that strengthen security, expand orchestration flexibility and improve how teams manage identity operations. Highlights include enhanced fraud detection for remote-controlled browser sessions, stronger SSO protections, improved governance of admin access and expanded support for Flutter-based applications.

Highlights

Detect Active Remote-Control Attacks in Web Sessions

Our Fraud Prevention services gained enhanced detection of active Remote Access Trojan (RAT) activity in web sessions, helping teams identify when a user’s browser may be remotely controlled by a malicious actor. Rather than simply detecting the presence of remote access tools, Mosaic can distinguish between installed applications and active remote-control sessions, enabling more accurate risk assessment and stronger protection against account takeover and social engineering attacks.

* Available in sandbox

Flutter Plugins for Authentication and Orchestration Now Available

The Flutter plugins for Authentication and Orchestration are available to external users, expanding support for teams building identity experiences with Flutter. With these plugins, we're offering greater extensibility and flexibility for organizations looking to integrate Mosaic’s identity capabilities into cross-platform mobile applications built with Flutter.

* General availability

Cross-Platform Enhancements

Stronger SSO Security with PKCE Support

The Mosaic Admin Portal currently supports PKCE (Proof Key for Code Exchange) in single sign-on authentication flows, adding an extra layer of protection to the OAuth authorization process. By mitigating the risk of authorization code interception attacks, PKCE strengthens the security of Admin logins and aligns SSO integrations with modern OAuth best practices.

* General availability

Control Emergency Admin Access with Recovery Admin APIs

Our new Recovery Admin Management APIs provide greater control over temporary access to the Mosaic Admin Portal. Organizations can now programmatically create, retrieve and delete recovery admin accounts, enabling secure, time-bound access via magic link when needed.

This enhancement allows teams to grant temporary recovery access for exceptional scenarios while maintaining strict SSO enforcement as the default authentication method. By managing recovery admins through APIs, organizations gain tighter control over administrative access and can quickly revert users back to enforced SSO authentication once temporary access is no longer required.

* Early availability

Recovery Admin Login Activity Tracking

A new admin activity event also tracks when a recovery admin logs in from outside the configured IP allowlist. This makes it easier to identify and audit emergency access without manually cross-referencing large IP allowlists or reviewing raw authentication logs.

With this update, teams gain better visibility into exceptional access scenarios and can strengthen governance and monitoring of administrative activity.

* General availability

JIT Provisioning for Admin Portal Access via OIDC SSO

Just-In-Time (JIT) provisioning is now supported for Admin Portal logins using OIDC-based single sign-on, extending capabilities previously available for SAML integrations. Admins authenticating through OIDC SSO are automatically provisioned on first login, removing the need to manually create accounts in advance and enabling a smoother, more scalable way to manage Admin Portal access.

* General availability

Orchestration

New Integrations Expand Intelligence and Verification in Identity Journeys

The Integration Hub continues to grow with new vendor integrations that extend the capabilities available within identity journeys. Teams can now incorporate services from Google Threat IntelligenceTeleSign and IDDataWeb, enabling additional threat intelligence, communication and identity verification signals directly within orchestrated flows.

These integrations allow organizations to query IP, domain and URL intelligence using Google Threat Intelligence, execute phone intelligence, verification and SMS OTP flows through TeleSign, and enhance identity verification with IDDataWeb. Together, these additions make it easier to enrich identity journeys with external data and security signals.

* General availability

End-to-End Visibility with Sub-Journey Lifecycle Events

Orchestration now emits lifecycle events for sub-journey invocations, providing clearer visibility into how parent and child journeys interact. Teams can track sub-journey initiation, completion and failure events, making it easier to understand execution flow across complex orchestrations.

* Available in sandbox

Customer Identity Management

Deeper Visibility and Control Over User Authenticators

Authenticator management has been significantly expanded, giving teams more precise control over how authentication methods are governed across Mosaic. Administrators and applications can now lock or unlock authenticators at the individual instance level, in addition to broader type-level actions. Manual lock operations support optional reason tracking and are fully logged for audit visibility.

New journey steps also enable lock and unlock actions directly within orchestration flows, offering stronger governance, clearer oversight and more granular control over user authentication security.

* Available in sandbox