Product Updates - Aug 13, 2024

Authentication​

Non-email usernames​

With this update, we allow users to register with any alphanumeric username. Previously, with email address being the only option for a username, it made Personally Identifiable Information (PII) unnecessarily required. A user can still use their email address if they prefer but they can use something more unique and less distinct.

This is enabled for all Pangea orgs and does not require any configuration.

Password Expiration​

At Pangea, we believe that signals about the context and state of the user can come from numerous sources at any time. With this release, we rolled out Password Expiration to allow a Pangea Admin to expire a password individually or at scale. At the user’s next successful login - using their existing password and any secondary authenticators - they will be forced to set a new password. This

An Admin can expire a password via the Pangea User Console for individual users or automate the process via the AuthN User API.

Custom Profile Fields​

With the addition of Custom Profile Fields, you can design your user profiles to meet your project requirements. Further, you can specify which fields are optional or required and which are presented at registration. Out of the box, we include two-click access for many of the OpenID Connect (OIDC) fields but you can add your own in seconds. This gives you a seamless integration for Pangea to integrate with a social auth provider or become one for any application.

In addition, the existing Import Users functionality will automatically detect any additional fields and allow you to select them when you import.

App Passwords for SMTP Providers​

While some SMTP servers allow you to use a user’s SMTP credentials to send email, more providers require App Passwords. This gives you clear separation between users and applications. With this update, we added documentation on configuring Google or Office 365 to send email so your users have a seamless, consistently branded experience.

Vault​

Format Preserving Encryption (FPE)​

Vault now supports Format Preserving Encryption (FPE), which preserves the character formatting of the input data in the encrypted output. An FPE encrypted phone number still looks like a phone number. FPE can be useful when data needs to be encrypted, but the length or character types cannot be altered; for example, if you need to encrypt data, but it has to be stored in a legacy database whose schema can’t be changed. Vault supports 128-bit and 256-bit encryption using the FF3-1 NIST approved FPE algorithms and you can start using them now!

Pangea CLI​

Brew and Winget Support​

The Pangea CLI can now be installed using brew and winget!

MacOS:

brew install pangeacyber/cli/pangea

Windows:

winget install pangeacyber.pangea

Vercel​

The pangea CLI has new functionality to sync with Vercel Environment Variables:

pangea sync vercel --help
Sync environment variables from your local .env file to Vercel.

Usage:
  pangea sync vercel [flags]

Flags:
  -b, --branch string    Which git branch to allow access to this variable, target must be set to 'preview'.
  -h, --help             help for vercel
  -p, --project string   Vercel project ID
  -x, --target string    Comma separated list of vercel environments to push to, defaults to 'development' (default "development")
  -t, --token string     Vercel API token

Redact​

Integration with FPE​

Redact now supports the use of Format Preserving Encryption (FPE) as a redaction method. Since FPE preserves the characteristics of the data being replaced, an FPE redacted credit card number still looks like a credit card number and a redacted Social Security Number still looks like a Social Security Number.

Unredact Functionality​

FPE redaction is reversible using the new unredact endpoint, so you can recover the original text using the FPE context.

Learn more about how to redact and unredact with FPE here.

FPE Integration with Secure Audit Log​

Since you can use the integration with the Redact service to redact Secure Audit Log records, FPE redaction is now also available for Secure Audit Log! It is possible to recover the unredacted log messages using these instructions.