Sign-In Widget

Identity Engine: There’s no security image. The Remember me and Don’t prompt me again checkboxes are replaced with Keep me signed in. End-user enrollment now occurs entirely in the Sign-In Widget when the user attempts to sign in to their org or to a specific app.

In Classic Engine, Remember me populates the Username on the Sign-In Widget. You can configure it so that users' sessions continue after they close and reopen their browser. In Identity Engine, these features are separate. To configure them, go to Security > General > Organization Security:

• Remember user on sign in populates the Username field on the Sign-In Widget. The end user is still required to authenticate. It doesn't remember recent MFA authenticators or previous sessions.

• Keep me signed in enables a session that extends beyond browser lifetimes. It also remembers MFA authenticators from previous sessions for the amount of time defined in the global session policy.

The sequence of a sign-in flow depends on the authentication requirements that you set in your global session policy.

• Password-first flow: If the user session is established with a password, the password field appears on the same page as the username field. This is the traditional flow found in Classic Engine. Only the Keep me signed in checkbox is different.

• Identifier-first flow: If the user session is established with any factor used to meet the authentication policy requirements, the username prompt appears first. This flow is new to Identity Engine.