Skip to main content

Indeavor 23.0.0 (5/25/2023)

Tara Hunt
  • Updated

ENHANCEMENTS

Roles App 

  • New 'Bypass MFA' client credentials setting. When this setting is checked and the credential is added to a Kiosk device, users can login without using MFA.

Identity

Updates to Multifactor Authentication:

  • Add a QR code for those enrolling through Web.
  • Able to disable MFA, if not mandated.
  • Add a new Account Settings page to the Home App, where users can manage their MFA settings.
  • Implement a way to bypass MFA at a selected Kiosk location.

Indeavor API

  • Volunteering API performance improvements within our Engage Mobile Application.

Home App 

  • Add compatibility with an upcoming early access application, User Management. User Management will be inaccessible for the majority of users and customers should not expect any significant impact.

User Management App 

New User Management App. This application is in beta and is not yet generally available. All users will be prevented from accessing the application, unless given early access by Indeavor personnel to validate the new qualification flows contained within the release.

Please reach your to your CSM if you are interested in learning more about our plans to improve qualification flows and add Skill Management to the application.

BUGS RESOLVED

Reporting & Analytics App

  • Connection issues when navigating to Reporting & Analytics App from Home page are addressed in this release - The users should no longer be logged out when going to the R & A application.

**Some customers will experience a breaking change in app authentication. Please see CUSTOMER COMMUNICATION section below for more details.

 

 

Versioning (User Management App v1.0.0, Roles App v1.6.0, Rights API v3.1.0, Identity v2.0.0, Indeavor API v3.2.0, Home App v0.9.0, Reporting & Analytics App v2.4.2)

 

CUSTOMER COMMUNICATION

Attention Indeavor API Users,

We are releasing substantial improvements to the authentication process, with sign-ins and initial load speeds of authorization within applications being significantly improved. Also included are: 

  • Enhanced Security
  • Refined authorization flows

In order to facilitate these improvements, changes to the API are required which may affect a small number of users.

On May 23rd, 2023 Indeavor will begin enforcing our previously established security standards of leveraging x-www-form-urlencoded headers when using identity authorization. This update only requires changes for users who are leveraging identity-based login within integrations.  For the majority of users no change will be needed.

Please review and have your technical Integration resource confirm the breaking change information below to verify if you will be affected by this change.

_________________________________

Breaking Change Information

An upcoming release requires action to ensure your integrations between Indeavor and third-party systems continue to operate without issue.

As of May 23rd, 2023, Indeavor will be enforcing the following changes in our authentication methods:

  • Indeavor will no longer support form-data values within requests within our https://identity.{environment}.indeavor.com/connect/token endpoint. Users must update their requests to use x-www-form-urlencoded requests in order to continue leveraging Indeavor integrations via our Identity system.

Identifying if changes are needed to your integrations

In order to determine if your site is affected by this change, you will likely need to consult with your internal IT resources. The first important determination to make is which endpoint you and currently leveraging in your integrations. The most frequently used endpoints are:

  1. https://interop.{environment}.indeavor.com/current/Session/SessionHandlerWS.asmx/Login
  2. https://identity.{environment}.indeavor.com/connect/token

Endpoint 1 is our most commonly leveraged authentication method. If your facility is leveraging endpoint 1, no changes will be needed.

Endpoint 2 is our other commonly leveraged endpoint. If your facility is leveraging this endpoint, the request of your call should be evaluated.

If your facility is not leveraging either of these endpoints, or you are unsure how to determine what endpoints you are using, please reach out to the Indeavor Service Center.

Prior to this release, the following header types were accepted:

  1. x-www-form-urlencoded
  2. form-data

Format 1 has been and continues to be our recommended standard for integration. If your facility is leveraging this format, no changes are needed.

Format 2 is officially becoming unsupported with this release. If your facility is leveraging this format, the user responsible for your integration must update this format to be “x-www-form-urlencoded”.

Testing your changes

In order to test this change, submit the authentication call with the new Header format. If a token is returned after making this change and submitting your call(s), the change was successful, and should be implemented in your production authentication calls prior to the change date of May 23rd, 2023.

 

If your change was unsuccessful, the following error message will be returned.

 

All changes must be in place by May 23rd, 2023 in order to ensure continued operations of integrations.

If you are unable to receive an access token via your updated call, or have any questions, please reach out to the Indeavor Service Center at support@indeavor.com 

 

Related articles