Learn how the Sign-In Widget changes after the upgrade.
There’s no security image. The Remember me and Don’t prompt me again checkboxes are replaced with Keep me signed in. End-user enrollment now occurs entirely in the Sign-In Widget when the user attempts to sign in to their org or to a specific app.
In Classic Engine, Remember me populates the Username on the Sign-In Widget. You can configure it so that users' sessions continue after they close and reopen their browser. In Identity Engine, these features are separate. To configure them, go to Security > General > Organization Security:
Remember user on sign in populates the Username field on the Sign-In Widget. The end user is still required to authenticate. It doesn't remember recent MFA authenticators or previous sessions.
Keep me signed in enables a session that extends beyond browser lifetimes. It also remembers MFA authenticators from previous sessions for the amount of time defined in the global session policy.
The sequence of a sign-in flow depends on the authentication requirements that you set in your global session policy.
Password-first flow: If the user session is established with a password, the password field appears on the same page as the username field. This is the traditional flow found in Classic Engine. Only the Keep me signed in checkbox is different.
Identifier-first flow: If the user session is established with any factor used to meet the authentication policy requirements, the username prompt appears first. This flow is new to Identity Engine.