Workday Integration for Self-Service Password Reset

Add Workday as an employee data source option for your SSPR workflows. Community administrators can now configure Workday as the trusted source of employee data for identity verification during password reset workflows.

Key benefits:

  • Trusted Source: Use Workday as the authoritative employee directory for more current employee details
  • API Integration: Configure Workday endpoints with multiple authentication options
  • Enhanced Auditing: Detailed event logging tracks password reset success and failure reasons

How it works:

  • Configure Workday API endpoint and authentication in AdminX under Authentication > Reset Password
  • Set up transformation scripts to map Workday employee data (first name, last name, date of birth) to 1Kosmos attributes
  • Test attribute mapping before deployment to ensure accurate data retrieval
  • Users follow the same password reset flow as with identity document verification, now powered by Workday employee records

AI-Based Behavioral Biometric Authentication for Windows Workstations

We’re introducing an additional authentication method for Windows workstations: AI-powered behavioral biometrics that analyze unique patterns in how users’ type. This innovative approach provides enterprise-grade security without requiring additional hardware, users simply authenticate by typing displayed phrases into their Windows workstation.

New capabilities:

  • Typing Pattern Enrollment: Users register their unique typing rhythm by typing 4-word phrases multiple times during initial setup
  • PIN Authentication: Optional PIN setup for high-assurance authentication scenarios
  • Flexible Configuration: Administrators control enrollment preferences through Windows MFA settings
  • Adaptive Authentication: System evaluates context (user role, device, IP, location) and applies risk-based policies to determine authentication requirements

User experience:

  • Windows workstation login screen presents “Behavior Auth” option alongside traditional methods
  • Users type displayed phrases (system analyzes keystroke dynamics in real-time)
  • Enter enrolled PIN if configured for high-assurance scenarios
  • Administrative reset available if typing patterns drift significantly over time

One-Time IAL2 Identity Verification (Kantara Certified)

We’ve introduced Identity Assurance Level 2 (IAL2) verification, certified by Kantara, to meet compliance and assurance requirements for high-security environments. This feature performs a one-time, robust identity proofing process and securely retains the verification result for future compliance checks.

How It Works

  • Two-Document Verification: Users submit two government-issued identity documents (e.g., passport + driver’s license) for cross-matching.
  • Biometric Capture: Users complete a live selfie check to confirm document ownership and prevent impersonation.
  • SSN Validation: Social Security Number is collected and cross-checked against authoritative sources (name, date of birth, address).
  • API-Driven Sessions: Administrators initiate verification requests via API, embedding them into existing workflows (e.g., onboarding flows).
  • Cross-Device Support: Users can start verification on desktop and complete steps on mobile using a QR code handoff.

Interface & Experience Improvements

Login Options Enhancement The “Devices” tab under My Profile has been renamed to “Login Options” for clearer navigation and better reflects the expanded authentication methods available.

Behavioral Authentication Management

  • View enrolled typing patterns and PINs in centralized Login Options interface
  • Community administrators can delete/modify user PINs
  • Users can self-manage typing pattern enrollment
  • Comprehensive audit trail for all authentication method changes

Enhanced Error Handling Improved error messages and user guidance for:

  • LiveID authentication failures with retry options
  • Typing pattern enrollment issues
  • PIN setup and validation problems
  • Workday integration troubleshooting

Security & Platform Enhancements

Enhanced Event Logging Expanded audit capabilities with new event types:

  • Track method used at each password reset event
  • Behavioral authentication enrollment and removal events
  • PIN management activities
  • Enhanced failure reason tracking for troubleshooting

Authentication Improvements

  • Improved OTP handling for rapid authentication requests (such as Fortigate VPN clients)
  • Enhanced session management with new response status parameters
  • New admin permissions for login options management

Need help implementing these new features? Contact our support team or check out our updated documentation for detailed configuration guides and best practices.