Raising the Bar: Top-Tier Security and Frictionless Identity Journeys

This month, we’re introducing powerful new capabilities to raise the bar on security while delivering frictionless identity journeys across the Mosaic platform. From advanced fraud prevention with Face Blocklist enhancements to seamless transaction signing with passkeys and biometrics, these updates help organizations stay ahead of evolving threats while ensuring a smooth, intuitive user experience. In addition, new identity verification tools, admin controls and orchestration improvements provide greater flexibility and efficiency in managing user journeys. Let’s dive into what’s new!

Highlights

Platform Navigation Revamp: Solutions-Based Menu for Easier Access

Mosaic’s platform UI and developers’ documentation have transitioned from a Services approach to a Solutions approach, introducing a more intuitive and efficient way to navigate the platform. Instead of organizing features by technical service types, the new interface structures everything around real-world solutions, making it easier to configure identity experiences without jumping between multiple sections.

This shift means that instead of configuring different aspects of identity workflows across separate service categories — such as Identity Management, Authentication and Orchestration — you’ll now find everything grouped by business use case. For example, the B2C Identity section now consolidates all necessary settings in one place, streamlining setup and management.

* Available in sandbox.

Introducing Auto-Capture for a Smoother Verification Process

We’re enhancing the identity verification experience with Auto-Capture, a feature designed to improve accuracy while reducing manual effort. The system automatically detects when an ID document or selfie is correctly positioned and captures it instantly, eliminating the need for users to manually take photos.

This enhancement ensures clearer and more accurate images by reducing issues like glare, blur, and improper framing. Auto-Capture supports a wide range of documents, including passports and ID cards, while maintaining high verification standards. For users who prefer more control, a manual capture option remains available. By streamlining the verification process, Auto-Capture minimizes retries and enhances overall efficiency.

* Available in sandbox.

New Face Blocklist Features for Stronger Fraud Prevention

We’re introducing powerful capabilities to the Face Blocklist, enhancing fraud prevention and identity verification.

• Manual upload and block selfies: Admins can now upload selfies or portraits to instantly block fraudulent attempts in real time.

• Similarity-based detection: Instead of relying on a single image, our system groups similar fraudulent selfies, automatically flagging and blocking new sessions that resemble known fraudsters.

• Enhanced tagging & search: Analysts can quickly tag and search blocked selfies for improved fraud analysis and case management.

These upgrades empower fraud analysts to efficiently manage, track and act on fraud attempts, strengthening security while maintaining a seamless user experience.

* General availability.

Customer Identity Management

New Azure AD B2C + Mosaic Passkeys Integration Guide Now Available

A new guide for integrating Azure AD B2C+Mosaic Passkeys is now available in our Developer Portal. While our previous documentation already covered a flow that redirects users to our hosted solution, this new guide provides an alternative implementation that keeps the authentication process entirely embedded within the Azure AD B2C-managed application. This non-redirect flow enables in-app passkey authentication, enhancing user experience by eliminating external redirections and maintaining a seamless, secure authentication process.

Seamless Web-to-Mobile Authentication with Mosaic

The Mosaic platform now enables a seamless "web to mobile" authentication and approval flow, leveraging mobile devices for secure authentication into web applications. By adopting this flow, instead of completing the authentication process solely within the web browser, users will receive a push notification on their preregistered iOS or Android device. They can then authenticate and approve the action directly within the mobile app.

* Available in sandbox.

Enhanced Password Security Options for Top-Tier Protection

Mosaic introduces new password security enhancements to ensure maximum protection for your customers. Admins can now block specific words from passwords using a prohibited dictionary setting, preventing users from selecting weak or predictable passwords. Additionally, organizations can enable "Check Password Updates Against HIBP (Have I Been Pwned)" to prevent the use of passwords exposed in data breaches, reinforcing security policies.

To further enhance transparency, admins can also enable email notifications for password updates, keeping users informed of any changes — whether initiated by the user or an administrator.

* General availability.

Support for Signing SAML Assertions

Mosaic now supports signing SAML assertions in addition to signing the entire response. This enhancement provides greater flexibility for security and compliance requirements. Admins can enable this option via a new checkbox in the advanced SAML settings, ensuring stronger protection and alignment with industry standards.

* General availability.

PAR Enforcement for OIDC Clients in Regulated Environments

PAR enforcement is now available, ensuring that OAuth 2.0 Pushed Authorization Requests (PAR) are mandatory for authorization requests. This feature provides greater control and compliance for OIDC clients operating in highly regulated environments, enhancing security and adherence to industry standards.

* General availability.

Use Temp Code Authentication for Account Recovery

Users now have a secure way to regain account access with temporary, time-limited codes generated by a backend operation. This method provides an additional authentication option for recovering accounts safely and efficiently. Temp Code Authentication shares its settings with classic OTP and can be easily managed via the Admin Portal.

* General availability.

New Roles in the B2B Org Admin Portal: ROA & RSO

Mosaic introduces two new roles in the Hosted Org Admin Portal to provide controlled access and structured admin management. The Restricted Org Admin (ROA) role allows administrators to manage regular app users, ensuring operational efficiency without overextending administrative privileges. Meanwhile, the Restricted Security Officer (RSO) role is designed to manage ROA members exclusively, without access to app users, reinforcing security controls.

* General availability.

Introducing B2B Org/App-Level User Suspension

We're offering the ability to suspend users at both the organization and application levels within the Hosted Organization Admin Portal. This feature provides administrators with greater control over account access by allowing them to temporarily disable user access when necessary while preserving account data.

By implementing user suspension capabilities, organizations can better manage access security, enforce compliance policies and respond swiftly to security concerns without permanently deleting user accounts.

* General availability.

Orchestration

Transaction Signing with Passkeys Step Now Available in Journey Builder

Transaction Signing with Passkeys (WebAuthn) is now natively integrated into Mosaic’s Orchestration service through a new journey step. This enhancement enables secure, phishing-resistant approvals within authentication flows, ensuring a seamless and built-in experience for passkey-based transaction signing.

* General availability.

Transaction Signing with Mobile Biometrics

Mosaic enables users to authenticate and sign transactions using their device’s biometrics, providing a seamless and secure experience. This enhancement ensures strong identity verification while maintaining convenience, allowing users to approve transactions quickly and securely with fingerprint or facial recognition.

* General availability.

Localized Text in Journeys for a More Accessible Experience

We've enhanced journeys with support for text localization within user-facing journey steps, such as login forms, authentication screens and input fields. This enhancement allows interfaces to dynamically adjust based on the end user's browser language or locale settings, ensuring a more accessible and user-friendly experience across different regions.

* Available in sandbox.