Skip to main content

v1.9.11.0

· 22 min read
Marius Nergård
Marius Nergård
Product owner Breeze @ Sotera

Breeze v1.9.11.0 adds field-level encryption for sensitive Credential data, automatic background removal for Credential photos, a new freight-shipping integration with Axia Frakt, and automatic reminders for pending Duo ID verifications. The release also ships a revamped Home Dashboard, tabbed layouts for Tenant Settings and user profiles, and domain-level sharing for Card Templates.

What this release gives you

Sensitive data protection at the field level. Template administrators can now mark individual Credential fields as encrypted. Unmasked values are visible only to users with the new Sensitive Data Viewer role — everyone else sees a configurable mask. This makes it possible to collect personally identifiable data, such as social security numbers, in Credentials without exposing those values to all administrators.

Axia Frakt freight integration. Warehouse Operators can now create freight consignments, with shipping labels and tracking entries, directly from orders in Breeze. Parcel Profiles let administrators define reusable dimension presets, and per-Tenant sender overrides give partner-connected Tenants their own identity on freight labels.

Duo ID automation improvements. Breeze can now send automatic reminder emails before a Duo ID request expires, reducing the need for manual follow-up. A new Expired Retention status gives administrators a 15-day window to restart a verification after expiry without re-entering data. The cleanup period is now configurable per template — from 2 to 180 days. On the approval side, a new Photo verification mode lets operators check and process many request photos at once instead of one at a time.

Simpler navigation across three key areas. The Home Dashboard is now widget-based — pending approvals, Duo ID reminders, and quick actions are visible the moment you sign in. Tenant Settings moves from accordion panels to eight dedicated tabs, each URL-addressable. User profiles gain the same tabbed treatment, with role editing now done in a side drawer without leaving the profile.

Domain-level Card Template sharing. Domain main Tenant administrators can share Card Templates to other Tenants in the same Domain using an allowlist or blacklist model — one update on the Domain main Tenant propagates to all covered Tenants.

Automatic photo background removal. Template administrators can now enable automatic background removal per Card Template and Mobile Credential Template. When turned on, the background is removed the first time a Credential preview is created — no manual trigger needed, and each photo is processed exactly once.

Production Site device management. Production Sites can now manage their own printing devices under Templates → Devices, with per-device Domain access control.

Summary of Changes

New Features

Improvements

Breaking Changes

Bug Fixes

New Features

Automatic Background Removal for Credential Photos

Template administrators can now enable automatic background removal per Card Template and Mobile Credential Template. When turned on, Breeze removes the photo background the first time a Credential preview is created — no manual trigger needed.

Highlights:

  • New Auto-remove toggle in Background Removal Settings on Card Templates (Advanced tab) and Mobile Credential Templates.
  • Each photo is processed once — re-creating the preview does not trigger a second removal.
  • If the background removal service is temporarily unavailable, Credential preview creation continues without blocking.
  • Off by default on all templates, including existing ones. No migration required.

Why it matters:

Auto-remove removes a repetitive manual step from production workflows. Operators get clean-background Credential photos without remembering to trigger removal each time.

Learn more: Editing Card Templates · Editing Mobile Credential Templates

Sensitive Field Configuration and Display

Template administrators can now mark individual text fields in a Credential Template as sensitive. Once marked, the field value is encrypted at rest and shown behind a configurable mask for anyone without the Sensitive Data Viewer role.

Highlights:

  • Enable the Sensitive (Encrypted) toggle on any text field in the template field editor — no extra permissions beyond the existing template editing role.
  • Choose a mask pattern per field: full mask (******), preset partial masks (for example, Mask last 5 produces 150288*****), or a custom first:N / last:M pattern.
  • A SENSITIVE tag appears on the field in the template field list after saving.
  • In a Credential record, users without the role see the masked value and a lock icon (tooltip: "Sensitive (Encrypted)"); users with the role see the plaintext value in the same position.

Why it matters:

Tenants that collect personally identifiable data, such as social security or passport numbers, can protect those values at the field level without restructuring their Credential Templates.

Learn more: Sensitive Fields — configuration and role assignment · Data Protection

Sensitive Data Viewer Role

A new task role, Sensitive Data Viewer, controls who can read the plaintext value of a sensitive field. Without this role, all users, including administrators, see only the masked representation.

Highlights:

  • The role is available automatically — no manual setup needed.
  • Assigned through the standard user role assignment flow.
  • Production operators who print Credentials with sensitive fields in the card layout must have this role; the production job cannot decrypt the value without it.

Why it matters:

Access to sensitive field values is now explicit and auditable. Administrators can grant read access to specific users, such as HR staff or production operators, without raising their broader permission level.

Learn more: Roles and Permissions · Audit & Logging

Template Sharing for Card Templates

Card Templates owned by the Domain main Tenant can now be shared to other Tenants in the same Domain. Administrators configure sharing once, with an allowlist or blacklist access control model, instead of copying and maintaining a separate template in every Tenant.

Highlights:

  • A new Template Sharing tab appears in the card template editor when the template belongs to the Domain main Tenant.
  • Choose Allowlist (Selective Sharing) to grant access to only the Tenants you select, or Blacklist (Open Sharing) to cover all Domain Tenants except those you exclude.
  • A confirmation dialog appears before any disruptive change takes effect — enabling sharing, disabling sharing, or switching access control models.
  • Templates on satellite Tenants do not show the Template Sharing tab — sharing is always configured from the Domain main Tenant.

Why it matters:

Organizations managing multiple Tenants previously had to copy card templates to each Tenant and repeat every update across all copies. Template Sharing eliminates that duplication: one update on the Domain main Tenant propagates to all covered Tenants automatically.

Learn more: Sharing Card Templates Across a Domain

Create Freight Consignments from Orders

Warehouse Operators at Production Sites can now create freight consignments (shipping labels and track-and-trace entries) directly from orders in Breeze, without switching to Axia Frakt.

Highlights:

  • Orders in packing, in production, or pending state show a Create consignment button.
  • Select a parcel profile or enter dimensions manually, then choose a carrier and service type.
  • A freight price estimate is shown before you confirm — the displayed amount is Axia's net price multiplied by the configured price add-on.
  • A consignment card appears on the order with a tracking reference, a Print label link, and a Track shipment link.
  • Multiple consignments per order are supported.

Why it matters:

Operators handle the full consignment workflow inside Breeze without opening a second system, reducing errors from copying order details between applications.

Learn more: Creating Freight Consignments

Reusable Parcel Profiles

Tenant Administrators and Warehouse Operators at a Production Site can define named parcel profiles (preset combinations of weight and dimensions) that appear as options in the Create Consignment dialog.

Highlights:

  • Create, edit, and archive profiles under Portal Settings → Delivery Settings → Parcel Profiles.
  • Selecting a profile pre-fills dimension fields in the Create Consignment dialog.
  • Archived profiles are removed from the dialog picker and cannot be restored; create a new profile to replace one.
  • Profiles are scoped to a single Production Site Tenant.

Learn more: Managing Parcel Profiles

Enable and Configure Axia Frakt

Domain Administrators enable Axia Frakt for their Domain via the Domain features drawer. Tenant Administrators then configure the integration per Production Site under Portal Settings → Delivery Settings.

Highlights:

  • Configure API key, consignor ID, carrier ID, import ID, and an optional price add-on per Production Site.
  • The API key is stored encrypted and is not retrievable after saving — an "API key configured" indicator confirms setup.
  • A settings overview panel shows the full resolution hierarchy (Production Site → Domain → ordering Tenant) for every Axia value.
  • Ordering Tenants without their own Domain can set a Tenant-level import ID and consignor ID, so freight labels carry their own sender identity. These override the Domain and Production Site defaults.
  • Disabling the Domain feature flag does not automatically disable Axia Frakt on individual Production Site Tenants.

Learn more: Setting Up Axia Frakt

Production Site Device Management

Production Site administrators can now manage printing devices directly from Templates → Devices — independent of global shared devices.

Highlights:

  • Create, edit, and delete devices scoped to your Production Site.
  • Set a per-device Domain access policy (No restriction, Allow list, or Block list) to control which Domains can use a device.
  • When deleting a device in use by active Card Templates, a replacement-selection dialog appears before deletion proceeds.
  • Global devices remain fully functional and visible as replacement candidates.
  • The device picker in Card Template settings follows the same Production Site visibility rules, so the picker and the device list stay in sync — no reconfiguration of existing Card Templates needed.

Why it matters:

Production Sites can maintain their own device inventory without waiting on system administrators. The forced-replacement guard prevents Card Templates from being left without a printing device.

Learn more: Managing Production Site Devices

Automatic Duo ID Reminder Emails

Breeze can now automatically send reminder emails to collaborators with pending Duo ID requests — once at the halfway point to expiry, and once near the expiry date. Reminders are enabled per Credential Template and are off by default.

Highlights:

  • Two timed reminders per pending Duo ID request: at the halfway point and near expiry.
  • Available on both Card Templates (Approvals tab) and Mobile Credential Templates.
  • The request lifespan (cleanup period) is configurable per template, from 2 to 180 days with a default of 30. The reminder schedule adjusts automatically to it.
  • Enabling reminders on a template applies to Duo ID requests already in progress.

Why it matters:

Expired Duo ID requests require manual follow-up and often mean starting the credential workflow over. Automatic reminders reduce expiry rates without ongoing admin effort.

Learn more: Editing Card Templates · Editing Mobile Credential Templates

New Credential Status: Expired Retention

When a Duo ID request expires, the associated Credential enters Expired Retention status for a 15-day window before permanent deletion. During this period, administrators can re-send the Duo ID request from the Credential detail view without re-entering data.

Highlights:

  • 15-day retention window after Duo ID expiry — no immediate deletion.
  • Administrators can restart the verification with a single action; existing Credential data is preserved.
  • The original Duo ID link is blocked during retention; collaborators cannot complete the expired request.
  • After 15 days in Expired Retention, the Credential is permanently deleted.

Why it matters:

Previously, an expired Duo ID request meant losing the Credential and re-entering all data from scratch. The retention window gives administrators a recovery path without disrupting the overall Credential record.

Learn more: Credential Statuses

Batch Photo Verification for Duo ID Requests

The Duo ID approval dialog now includes a Photo verification mode. Operators see every waiting request's photo in a grid, select the ones that look correct, and approve or reject the whole selection in one action — instead of opening and processing requests one at a time.

Highlights:

  • A Review / Photo verification toggle in the approval dialog; Photo mode shows each waiting request's photo in a grid.
  • Multi-select photos (with Select all and Deselect all), then approve or reject the selection in one action with a progress indicator.
  • Reject the whole selection with a single shared reason and an optional email notification.
  • Expand any photo card to open the full Credential in a read-only view, then continue from the grid.
  • Requests without a photo still appear with a placeholder, so none are skipped.

Why it matters:

Approving a Duo ID request is usually a quick photo check, because the Credential data already comes from an external source. Verifying many photos in one pass turns a one-at-a-time chore into a single batch — central approval teams clear their queue faster.

Learn more: Handling Duo ID Requests

New Home Dashboard

The Breeze portal home screen has been replaced with a widget-based dashboard. Every user lands on a single page that surfaces pending work, recent activity, and shortcuts to common tasks — no setup required.

Highlights:

  • Pending Approvals widget shows open Credential requests at a glance; approvers can navigate to them in one click.
  • Duo ID Reminders widget surfaces pending verification requests on the home screen, reducing missed completions.
  • Quick Actions widget provides one-click shortcuts to common workflows — ordering a Credential, managing users, and more.
  • Recent Orders and Statistics widgets give administrators an at-a-glance view of Tenant activity.
  • Tips carousel displays guidance and announcements from Breeze.
  • Widget visibility adjusts to your role; widgets with no pending activity do not appear.
  • A single responsive layout replaces the separate desktop and mobile home screens, adapting to desktop, tablet, and mobile viewports with no configuration.

Why it matters:

Administrators and users reach their pending work immediately on sign-in, without navigating through menus. Duo ID verifications are easier to catch before they expire.

Learn more: Home Dashboard

Improvements

Invitation Notification in the Avatar Menu

Users with pending Tenant invitations now see a badge on the avatar icon showing the number of invitations waiting. Opening the avatar menu shows a notification bubble — click View to open the Invitations dialog, or Dismiss to suppress the prompt until new invitations arrive.

Highlights:

  • Badge count on the avatar icon signals pending invitations at a glance.
  • Dismiss persists across page refreshes; the prompt returns automatically when new invitations are added.

Tabbed Layout for Tenant Settings

The Tenant settings page now uses a tabbed layout. Eight tabs replace the previous accordion panels, so each configuration area is one click away: General, Addresses, Delivery, Features, User Management, Production, Security, and Approvals.

Highlights:

  • Each tab is URL-addressable — bookmark or share a direct link to a specific settings area.
  • Tabs for Features, User Management, Production, Security, and Approvals are visible to Super Admins only.

Learn more: Tenant Settings

Tabbed User Profile Layout

The user profile page now organizes content into five tabs: General, Addresses, Roles, Management, and Security. Administrators can jump directly to the section they need without scrolling through a combined page. Detail rows are rendered consistently across all tabs.

Learn more: Managing User Profiles

Role Editing via Drawer

Editing a user's roles has moved from a modal dialog to a side drawer on the Roles tab. The drawer slides in beside the profile instead of covering it, so administrators can assign or remove base roles and task roles while the rest of the profile stays in view. The Roles tab updates immediately after saving — no page reload required.

Learn more: Managing User Profiles

Large-Batch Credential Loading in Production

The Production module now loads Credentials in batches as you scroll instead of fetching the whole selection in one request. Large Credential selections no longer cause timeout errors, and operators no longer need to split them.

Highlights:

  • The first batch appears in seconds; additional rows populate as you scroll.
  • Full Credential details are fetched only when you open a Credential to start production.
  • Check photos and Remove backgrounds operations are unaffected by batch size.

Order Search Now Includes Local Production Sites

Quick Actions order search (Ctrl+B → Orders tab) now returns orders from local Production Sites (sub-sites) linked to the user's main Production Site, in addition to orders from the main site itself. Production Site administrators with access to multiple sites can find any order across their full site hierarchy from a single search — no extra steps or configuration needed.

Clearer Order Page Layout and Status Display

The Order detail page has a cleaner, more consistent layout, and the order status badge is easier to read at a glance. Order details and status now sit in a more readable structure, with no change to how orders work.

Faster Address Deletion Confirmation

Deleting a Tenant address still asks you to confirm by matching the address, but you no longer have to retype it. Double-click the address shown in the confirmation dialog to fill the confirmation field, then delete. The safety check is unchanged — the text must still match before the delete button enables.

Attention Line in Checkout Address Dropdown

When you select an address during checkout, the dropdown now shows the attention line (Att: …) for any address that has one. This makes it easier to pick the right address when several entries share the same street address but go to different recipients.

Portal Name in Multi-Factor Sign-in Emails

Multi-factor sign-in emails now name the Tenant you are signing in to — in both the subject line and the body. When you have access to more than one Tenant, you can tell at a glance which one a verification code belongs to.

Activation Emails Follow the Domain Language

Activation and welcome emails now use a single language for all of their text, taken from the Domain's language setting. Previously, partial language settings could produce emails that mixed two languages in one message — for example French and Norwegian together. To control the language of these emails, set the Domain's language.

Redesigned Password Reset Email

The password reset email has been rebuilt to match the branded, localized template used across other Breeze emails. It now follows the recipient's Tenant and Domain branding and language.

Pagination and Saved Filters for Credentials Ready for Production

The Credentials Ready for Production list now handles large queues more comfortably. It pages through long result sets, remembers filter combinations you save, and lets you select a range of Credentials in one action.

Highlights:

  • Pagination for large result sets, so the list stays responsive.
  • Saved filter combinations you can reapply without rebuilding them.
  • Shift+click to select a range of Credentials at once.

Card Order Date Available in AMR Transfer Templates

AMR Transfer templates can now reference the card order date when building transfer field mappings. The field appears in the available fields list alongside other Credential data, so you can include order date in transfer expressions without manual workarounds.

Breaking Changes

Existing Field Data Is Not Retroactively Encrypted

Marking an existing text field as sensitive encrypts values on create and update going forward, but does not encrypt values already stored for that field. Until an operations-team migration runs for the affected template, existing values remain unencrypted at rest. The UI displays them as masked once the field is marked sensitive, but the underlying data is not yet protected.

What to do: After marking a field as sensitive in the template editor, contact the operations team with the template ID to request the encryption migration. There is no UI trigger for this migration in Breeze.

Learn more: Sensitive Fields · Data Protection

Removal of Standalone Edit User Page

The standalone Edit User page no longer exists as a separate navigation destination. All user editing, including role assignment, now takes place within the tabbed user profile and the role-editing drawer.

Who is affected: Administrators who bookmarked or directly linked to the old Edit User page. There is no automatic redirect — visiting a saved bookmark will result in the page not loading.

Migration:

  1. Remove or update any bookmarks pointing to the old Edit User page.
  2. To view or edit user information, open the user's profile from User Administration and use the appropriate tab.
  3. To assign or remove roles, open the Roles tab and use the role-editing drawer.

Learn more: User Administration

Bug Fixes

Sign-in Redirect With One Active Tenant

Fixes an issue where multi-tenant users with only one remaining active Tenant could get stuck on an infinite loading screen after sign-in. Breeze now sends them straight to that Tenant.

Security Tab — Edit Buttons Now Responsive

Fixes an issue where the edit buttons in the Security tab's edit view were unresponsive. Super Admins can now open the security settings edit dialog and save changes reliably.

Delivery Tab — Unsaved-Changes Prompt

Fixes an issue where navigating away from the Delivery tab with unsaved changes gave no warning. Breeze now shows an unsaved-changes dialog, letting you discard changes or return to the tab to save them.

Required Field Indicators in Cart Address Form

Fixes an issue where the cart address editor only showed the required-field asterisk on the Recipient field, while Address, Postal Code, and City, which are also mandatory, were missing their indicators. All four required fields now display a consistent asterisk.

"Remember Me for 7 Days" Now Persists Sign-in Across Browser Restarts

Fixes an issue where selecting Remember me for 7 days at the Breeze sign-in page had no effect — users were prompted to sign in again after every browser restart. From v1.9.11.0, the option correctly keeps users signed in for up to 7 days from the original sign-in.

SSO Sign-in Session Renewal

Fixes an issue where signing in through SSO did not renew the user's session as expected. SSO sessions now refresh correctly, so users are not signed out earlier than intended.

Required Photo Enforced After Removal During Ordering

Fixes an issue where you could continue ordering a Credential after adding and then removing a required photo. Breeze now blocks the order until a required photo is provided.

Clearer Sign-in Error When the Service Is Unavailable

Fixes an issue where a temporary service outage during sign-in showed the same "account not found" message used for unknown email addresses. Breeze now shows a distinct service-unavailable message, so you know to try again rather than assuming the account is missing.

HoloKote Setting Now Copied With Card Designs

Fixes an issue where the HoloKote setting was not carried over when copying a card design. A copied design now keeps the original's HoloKote setting.

Card Templates Without an Order Type Now Load

Fixes an issue where a Card Template with no order type could trigger an error instead of loading. These Card Templates now open correctly.

Shipping Estimate for Accessory-Only Orders

Fixes an issue where orders containing only accessories showed an estimated shipping date two business days out instead of three. Accessory-only orders now use the correct three-business-day estimate.

Product Selections Now Persist on Save

Fixes an issue where the Product Group, Product Type, and Producible selections were reset to their defaults when saving a product. These selections are now saved as chosen.