Product Updates - Oct 25, 2023

Authentication​

General Availability!​

The AuthN service is now GA. With this release, we focused first on the essential building blocks for a secure AuthN service and second, making them easily integrated into your apps. Now you can use multi-factor authentication (MFA), hosted login pages, custom domains, social auth, customizable branding, and more in your production applications in minutes.

Service Config Navigation​

The left hand navigation has been reorganized to separate day to day management tasks from setup and less common configuration management. The top half of the navigation is where you create and manage users, review and revoke sessions, and find a direct link to your Hosted Login page. The bottom half is where you define and configure the AuthN service, which authenticators to allow, configure your captcha, and more.

Login Flow Builder​

There is a new Log in / Sign up flow configuration screen that makes it easy to define and prioritize your MFA combinations for your users. As you select different primary authentication methods, the builder will automatically identify which secondary methods are available based on their strength compared to the first methods. This ensures your users start and finish in a secure state.To learn more about MFA in Pangea’s AuthN, check out the documentation.

Flow APIs​

Behind the Login Flow Builder are the Login Flow APIs themselves. Using these APIs, you can build a custom login experience directly into your app in the framework and tech stack of your choice. These APIs let you start the authentication flow and move through each state to meet its requirements - password, TOTP authenticator, agreement acceptance - and move into the next state towards completion. This ensures the authentication flow is both flexible in requirements and normalized at completion.

Agreements and Disclaimers​

Under the General Settings area of the AuthN service page there is a new section called ‘Agreements and Disclaimers’. This section allows you to set up various legal agreements that you can present to new registered users in your application and require acceptance. There is a configuration for an End User License Agreement (EULA), a Privacy Policy, and other general disclaimers. With each agreement, there is also versioning so that you can roll back to older versions of the agreement if need be.

Domain and IP Access Control Lists (ACLs)​

Under the Security Controls section of the AuthN settings, there is now a Domain Access List that allows you to permit or deny registrations based on the domain of the registering email. The behavior for both Domain and IP are identical, with exception to the subject being evaluated (incoming IP address vs incoming domain).

Domain Intel​

Whois Beta​

The Whois endpoint is now available in the Domain Intel service. With this API you can extract historical domain information to identify newly-created and short-lived domains that are often associated with scams, malware distribution, and phishing attacks. The data provider behind this API is WhoisXML, where over 565 million domains are tracked and over 16.7 billion Whois records are stored, all of which are accessible through this API now.

File Scan​

General Availability​

The File Scan service is now generally available and ready for use in production applications. This service allows a user to upload file objects and execute a malware scan using either CrowdStrike or ReversingLabs as the provider. File scanning is different from File Intel in that scanning uses static analysis engines against the file object to determine the intent and capabilities of that file object, whereas File Intel can only tell you the reputation of a previously known file. Scan time varies depending on the object size and complexity, however this is a more comprehensive and sophisticated method of uncovering malware.

If you have questions, don't hesitate to contact us on our Discourse community. Our engineering team and several community developers are available online to respond to your inquiries.