Skip to main content

v1.9.10.0

· 16 min read
Marius Nergård
Marius Nergård
Product owner Breeze @ Sotera

Breeze v1.9.10.0 introduces OAuth 2.0 client management for secure API authentication and adds new external data connectors for Norwegian Folkeregisteret (FREG) and custom person lookups. You'll also see major improvements to domain-wide administration, production history tracking, and mobile credential reliability.

What this release gives you

OAuth 2.0 client management is now available directly from the user profile page. Create, rotate secrets, and revoke OAuth clients for machine-to-machine API authentication—with automatic secret expiration for enhanced security.

Stronger audit trails help you meet certification requirements. Template field rule changes are now logged automatically, and rejected Duo ID requests are preserved for compliance audits. Every administrative action is tracked with who, when, and what changed.

Faster Mobile ID issuance. When replacing existing vCards, the system now completes issuance within 20 minutes and automatically proceeds if provider status transitions are delayed—no more indefinite blocking.

Smarter defaults for Mobile Credential Templates. New templates automatically use a conflict resolution strategy that replaces existing vCards with the same email, reducing workflow failures. You can still choose a different strategy if needed.

Two new data connectors streamline Credential ordering:

  • Norwegian Folkeregisteret (FREG) lets operators enter an 11-digit personal identity number to auto-populate Credential fields from the Norwegian National Registry.
  • Breeze ID Connector connects to your own person lookup service to populate mapped fields during ordering. Contact Breeze support for the expected format.

Duo ID approval delegation lets you route approval requests to a specific Tenant per template, centralizing workflows across multiple Tenants.

Domain View for Credentials. Main Tenant administrators can now see and manage all Credentials across sub-Tenants in a single list—no more guessing which Tenant owns a Credential. Set your preferred view as the default.

Production History gives production operators quick access to previously produced Credentials. Filter by date, credential number, or tenant, then take follow-up actions like re-production or carrier-only printing directly from the history view.

Summary of Changes

New Features

Improvements

Bug fixes

New Features

OAuth 2.0 Client Management Interface

System administrators can now create and manage OAuth 2.0 clients for machine-to-machine API authentication through a user-friendly interface integrated into the user profile page. The interface allows you to create, view, update, rotate secrets, and revoke OAuth clients, with automatic secret expiration and one-time secret display for enhanced security.

Key capabilities:

  • Create OAuth clients for users with configurable secret expiration
  • View and filter OAuth clients by status (Active/Inactive/Revoked) and search by name or client ID
  • Update client details including name, description, and status
  • Rotate client secrets for enhanced security with immediate invalidation of old secrets
  • Revoke clients when access is no longer needed
  • One-time secret display with copy-to-clipboard functionality and confirmation requirement
  • Automatic email warnings before secret expiration (30, 14, 7, 1 days before, and on expiry day)

What this means for you:

  • Enables secure API access provisioning for external integrations and automated systems
  • Provides better security through automated secret expiration and rotation capabilities
  • Improves security posture with one-time secret display and automatic expiration warnings
  • Simplifies API authentication management for system administrators

Learn more: OAuth Client Management documentation | OAuth API Authentication guide

Norwegian Folkeregisteret (FREG) Connector for External Data Sources

Portal Administrators can now configure Norwegian Folkeregisteret (FREG) as a connector option for external data sources, enabling automatic person data retrieval from the Norwegian National Registry during Credential ordering. This new connector extends the existing external data source functionality, allowing operators to enter an 11-digit Norwegian personal identity number to automatically populate Credential fields with verified person information.

Highlights:

  • New connector option: Norwegian Folkeregisteret (FREG) for external data sources
  • Automatic person data retrieval from Norwegian National Registry during Credential ordering
  • Reduces manual data entry and improves accuracy by using authoritative registry data
  • Streamlines Credential ordering workflows for Norwegian organizations
  • Requires Level 4 authentication (BankID) for natural person lookups

Benefits:

  • Enables Norwegian organizations to leverage official registry data for Credential ordering
  • Reduces manual data entry errors by using verified person information from Folkeregisteret
  • Speeds up Credential ordering by automatically populating fields with accurate data
  • Improves data accuracy and compliance by using authoritative sources

Learn more: External Data Sources documentation | External Data Lookup guide

Breeze ID Connector for External Person Lookup

Administrators can now set up Breeze ID Connector as an external data source when you want Breeze to retrieve person data from a customer-provided lookup service. Once connected to a Credential Template, operators can search for a person during Credential ordering and have mapped fields filled in automatically.

How it works:

  • Connect Breeze to a customer-provided person lookup service for Credential ordering
  • Reduce manual typing by automatically filling mapped Credential fields
  • Use the same External Data Sources workflow and template mapping you already know
  • Works with organization-specific identifiers and lookup workflows (depending on your connected service)

The value:

  • Lets you reuse existing HR/student/person data services instead of re-entering person details in Breeze
  • Speeds up Credential ordering and reduces data entry errors
  • Supports organizations that need a flexible alternative to built-in registry connectors

Learn more: External Data Sources documentation | External Data Lookup guide

Duo ID Approval Routing

You can now choose a delegated Tenant for Duo ID approvals on each Card Template and Mobile Credential Template. When set, new Duo ID approval requests are routed to that Tenant (instead of the Credential's owning Tenant), helping you centralize approvals in fewer Tenants.

What you can do:

  • Configure a delegated Tenant per template to route Duo ID approval requests
  • Works with both Card Templates and Mobile Credential Templates
  • Centralizes approval workflows by routing requests to designated Tenants
  • Maintains backward compatibility—templates without a delegated Tenant use default routing behavior
  • Card Templates show the Duo ID Approval Routing section even when Duo ID is disabled (with a Disabled indicator)
  • Mobile Credential Templates show the section only when Duo ID is enabled

How this helps:

  • Streamlines approval workflows by centralizing Duo ID requests in designated Tenants
  • Improves efficiency for organizations managing approvals across multiple Tenants
  • Makes it easier to assign approval responsibilities to specific teams or departments
  • Provides flexibility to route approvals based on organizational structure

Learn more: Editing Card Templates | Editing Mobile Credential Templates

Domain-Wide Credential Management View

Main Tenant administrators can now switch between viewing their Tenant's Credentials only and viewing all Credentials across the entire domain from a single unified list. This makes it easier to find and manage Credentials when you don't know which sub-Tenant owns them.

At a glance:

  • Toggle between Tenant View and Domain View directly from the Manage Credentials page
  • Domain View shows Credentials from all sub-Tenants in your domain with a "Tenant - Name" column indicating ownership
  • All existing filters, sorting, and list configuration work the same way in both views
  • Available automatically when you're working in the domain's main Tenant
  • Export is not available in Domain View (use Tenant View if you need to export)

The bottom line:

  • Enables administrators to search across the entire domain without needing to know which Tenant owns each Credential
  • Reduces time spent switching between Tenants when looking for specific Credentials
  • Improves efficiency for organizations managing Credentials across multiple sub-Tenants
  • Makes it easier to find Credentials when you only have partial information (name, number, etc.)

Learn more: Using the Credentials List View

Default Domain View Preference

Main Tenant administrators can now choose whether the Credentials list should open in Domain View or Tenant View by default. This preference is stored on the Tenant and automatically applied the next time the list loads, making it faster to access your preferred view.

Key features:

  • Set Domain View or Tenant View as your default preference for the main Tenant
  • Preference is automatically applied when you or other administrators access the Manage Credentials page
  • "Save as Default" option available to administrators with User Administration permissions
  • Preference persists across sessions and applies to all users accessing the main Tenant's Credentials list

How you benefit:

  • Saves time by automatically opening in your preferred view mode
  • Improves workflow efficiency for administrators who frequently use Domain View
  • Provides flexibility to choose the default view that best fits your organization's needs
  • Makes it easier to maintain consistent viewing preferences across your team

Learn more: Using the Credentials List View

Production History

Production operators can now review previously produced Credentials directly from the Production module. The new Production History dialog lets you filter by production date, credential number, and tenant, making it easier to find specific production events and take follow-up actions.

What's new:

  • Access Production History from the Production page to view past production events
  • Filter by production date range, credential number, and tenant name
  • Sort results by production date, operator, or tenant
  • View paginated results with complete production event details
  • Select one or more Credentials from the history for follow-up actions

Business value:

  • Enables production operators to look up earlier production events without relying on the current production list
  • Makes it easier to find specific Credentials when you only have partial information (date, number, tenant)
  • Improves operational efficiency by providing a dedicated view for historical production data
  • Supports audit and compliance needs by providing a complete production history

Learn more: Production Site documentation

Reproduce Credentials & Print Carrier Only from History

From Production History, you can select one or more Credentials and run follow-up actions without leaving the history view. Choose to re-produce selected Credentials or print carriers only for Credentials that have carriers.

Capabilities:

  • Select one or more Credentials from Production History using checkboxes or row clicks
  • Reproduce Credentials button starts the standard re-production flow for selected items
  • Print Carrier Only button prints carriers for selected Credentials that have carriers (Credentials without carriers are skipped)
  • Action buttons show the count of selected items
  • The history list automatically refreshes after actions complete

Why it's useful:

  • Streamlines operational workflows by allowing you to take action on historical production data
  • Reduces time spent switching between views when handling re-production or carrier printing requests
  • Makes it easier to handle bulk operations on previously produced Credentials
  • Improves efficiency for production operators managing follow-up actions

Learn more: Production Site documentation

Improvements

Template Field Rule Event Logging

Template field rule changes are now automatically logged in the event system, providing a complete audit trail for certification compliance and security monitoring. All changes to template field rules—including creating new rules and updating existing ones—are automatically recorded with complete details about who made the change, when it was made, and what changed.

Mobile ID Issuance Timeout Optimization

Mobile ID Credential issuance now completes faster and more reliably when replacing existing vCards. The system reduces the maximum wait time from 30 minutes to 20 minutes and automatically proceeds with vCard deletion if the provider's status transition is delayed, preventing indefinite blocking of new Credential issuance.

Key changes:

  • Reduced timeout from 30 minutes to 20 minutes for faster completion
  • Automatic vCard deletion proceeds after timeout instead of blocking issuance
  • Prevents indefinite blocking when provider status transitions are delayed
  • Works transparently in the background—no user action required

What this means for you:

  • Faster Mobile ID Credential issuance when replacing existing vCards
  • Prevents blocking of new Credential issuance when provider responses are delayed
  • Improves system reliability and reduces wait times for administrators
  • Ensures Credential issuance workflows complete within a predictable timeframe

vCard Transfer Functionality

All newly created premium vCards through the STid Mobile ID API v3 now have transfer functionality enabled by default. This enables end users to transfer their Mobile Credentials between devices using the STid Mobile ID app.

How it works:

  • Transfer functionality automatically enabled for all newly created vCards
  • Enables end users to move Mobile Credentials between devices using the STid Mobile ID app
  • Works transparently in the background—no additional configuration required
  • Only applies to newly created vCards after this release

Benefits:

  • Improves flexibility for end users who need to switch devices
  • Enables seamless credential transfer when upgrading or replacing mobile devices
  • Enhances Mobile Credential usability without requiring administrative intervention
  • Provides better user experience for Mobile Credential management

Improved Default Behavior for Mobile Credential Templates

Creating new Mobile Credential Templates is now more user-friendly with improved default conflict resolution behavior. When you create a new template, the system automatically uses a strategy that replaces existing vCards with the same email address, rather than causing errors. This reduces workflow failures during template creation and makes it easier to get started with Mobile Credential Templates.

What changed:

  • More intuitive default behavior when creating new templates
  • Reduces workflow failures during template creation
  • Automatically handles duplicate vCards by replacing them
  • Works transparently—no additional configuration required
  • You can still choose a different conflict resolution strategy if needed

How this helps:

  • Makes template creation faster and more reliable for administrators
  • Reduces errors and workflow failures when setting up new templates
  • Provides a better starting point for new Mobile Credential Templates
  • Improves user experience without requiring deep knowledge of conflict resolution strategies

Learn more: Editing Mobile Credential Templates

Duo ID Resend Role Change

Administrators with approver permissions can now resend Duo ID invitation emails without requiring system administrator privileges. The role requirement has been expanded from system administrators only to include administrators with approver task roles, improving workflow efficiency by allowing more users to handle Duo ID resend requests.

Key points:

  • Administrators with approver permissions can now resend Duo ID invitation emails
  • Reduces dependency on system administrators for routine Duo ID resend operations
  • Improves workflow efficiency by expanding access to existing functionality
  • The functionality remains the same; only the permission requirement has been expanded

The bottom line:

  • Allows more administrators to handle Duo ID resend requests without escalating to system administrators
  • Improves workflow efficiency by reducing bottlenecks in Duo ID request management
  • Enables faster response times when Duo ID invitation emails need to be resent
  • Maintains security by still requiring appropriate administrator and approver permissions

Cross-tenant Credential Production Access

Production operators can now produce Credentials when their current Tenant is the Credential's production site, even if the Credential or template owner Tenant is outside their tenant tree. This resolves authorization failures that previously occurred when attempting to produce Credentials across tenant boundaries, enabling production workflows to continue smoothly regardless of tenant tree structure.

What's fixed:

  • Production operators can produce Credentials at their production site even when templates belong to different tenant trees
  • Template details load correctly in Production UI without authorization errors
  • Quality Check workflows work seamlessly for Credentials produced across tenant boundaries
  • Production workflows continue smoothly regardless of tenant tree structure

The result:

  • Eliminates authorization failures that previously blocked production workflows when templates were owned by different tenant trees
  • Enables production operators to work efficiently at their production site without tenant tree restrictions
  • Improves reliability of Production UI and Quality Check workflows for cross-tenant Credentials
  • Reduces workflow interruptions and support requests related to production access issues

Bug fixes

Rejected Duo ID Request Preservation

Fixes a bug where rejected Duo ID requests were not being preserved for audit purposes. When administrators reject a Duo ID submission, the system now automatically preserves the rejected request, ensuring complete audit trails for compliance and accountability.

Duo ID Approval List Refresh Fix

Fixes a bug where approved Duo ID requests remained visible in the approval list after approval, causing confusion and allowing duplicate approval attempts that resulted in errors. Approved items now disappear immediately from the list after successful approval, making the approval workflow more efficient and preventing errors when processing multiple approvals in sequence.

Duo ID Resend Date Fix

Fixes a bug where resending a Duo ID link incorrectly displayed the submission date as today's date, causing misleading "complete" status in the UI. The system now correctly preserves the original submission date when resending links, ensuring accurate status display for administrators.

MFA Email Toggle Display Fix for Admin Roles

Fixes a bug where the MFA email toggle switch on the user account page incorrectly displayed as disabled for admin users, even though MFA is enforced for admin roles. The toggle now correctly displays as enabled (checked) when the user has admin role or higher, regardless of the database setting, accurately reflecting that MFA is active for these roles.