Widget

Learn how the Sign-In Widget changes after the upgrade.

Change summary There's no security image. The Remember me and Don't prompt me again checkboxes are replaced with Keep me signed in. End-user enrollment now occurs entirely in the Sign-In Widget when the user attempts to sign in to their org or to a specific app.
Admin experience

In Classic Engine, Remember me populates the Username on the Sign-In Widget. You can configure it so that users' sessions continue after they close and reopen their browser.

In Identity Engine, these features are separate. To configure them, go to SecurityGeneralOrganization Security:

  • Remember user on sign in populates the Username field on the Sign-In Widget. The end user is still required to authenticate. It doesn't remember recent MFA authenticators or previous sessions.

  • Stay signed in enables a session that extends beyond browser lifetimes. When a user selects this option during authentication, they won't be prompted again for MFA for the amount of time defined in your global session policy. Stay signed in can be configured to appear as a post-authentication prompt for users who sign in with an IdP.

User experience The sequence of a sign-in flow depends on the authentication requirements that you set in your global session policy.
  • Password-first flow: If the user session is established with a password, the password field appears on the same page as the username field. This is the traditional flow found in Classic Engine.

  • Identifier-first flow: If the user session is established with any factor used to meet the authentication policy requirements, the username prompt appears first. This flow is new to Identity Engine.

Related topics Organization Security