Administration release notes

Find out what's new and changed in each version of Administration. This page lists all the releases in the last year, with the most recent release items at the top.


July 18, 2024 (Version 24.6.5)

We updated the Configuration page with a fresh design that aligns with the pages in our other modules. The settings are now organized into tabs, making it easier to find the ones you need to configure. We also enhanced the data validation behind the settings to prevent you from entering invalid details and introduced more messaging to help you resolve such validation errors.

February 26, 2024 (Version 24.2.1)

We now apply a password policy to new user accounts. Passwords must be at least length eight characters long and cannot be the same as the username.


January 8, 2024 (version 23.12.2)

  • We changed the password validation; you can no longer set your password to something that contains your username.

  • You will now receive an email if your account is timed-out following the number of incorrect password attempts specified in your organization’s password policy. The email informs you that your account might be under attack if it wasn’t you trying to sign in. The email includes the option to reset your password, if you want to unlock your account sooner, and remove the timeout on your account if you want to keep your password.

  • You can now create SAML-only users directly from the user maintenance form.

    • If you have enabled Enhanced SAML Security for your organization, an additional checkbox is available on the user maintenance form (below the Username box). When selected, the user is authenticated by a third-party identity provider (IdP).

    • This authentication option behaves similarly to the existing LDAP authenticated? options in that it disables the Autogenerate password and Force password change options in the Password section of the maintenance form.

    • You can only select either the SAML authenticated? or LDAP authenticated? checkboxes, in other words, you can only use one authentication method. If neither checkboxes are selected, the user’s password is automatically generated and the sign in details are sent via email.


November 20, 2023 (version 23.11.1)

New single sign-on (SSO) features

We added new options to the SSO configuration settings that allow Phocas to take action on your behalf:

  • User details sync - Syncs (updates) a Phocas user account with the user’s details from the third-party identity provider (IdP) each time the user signs in to Phocas.

  • User account creation - Creates a Phocas account for an IdP authorized user who does NOT currently have a Phocas account when they try to sign in to Phocas.

  • Template - Applies a template when creating the new user account (used with the above option).

See Enable single sign-on (SSO) and Create a user template for more information on these new options.

Small changes

  • In the case of a locked or disabled organization, or one with an expired trial period, if users try to sign in to the organization’s Phocas site, they now get to a landing page with a descriptive message.

  • Users whose accounts have been locked individually (via the user maintenance form or Users page) are now forced to sign out of their accounts. In the next release, this change will also apply to user accounts that have been locked using the bulk user update tool.


November 7, 2023 (version 23.10.2)

New feature - Enhanced SAML security

We implemented an Enhanced SAML Security option in the Single Sign-On (SSO) feature. When you select this option:

  • The Phocas sign in screen looks different - it promotes the SAML authentication method.

  • SAML users will only be able to sign in to Phocas using SAML.

  • SAML user passwords will not be resettable in Phocas.

  • Non-SAML users can still sign in to Phocas via the link below the Sign in button.

Small change


October 23, 2023 (version 23.10.1)

We made two improvements to user security:

  • When you lock a user account, the user is now signed out from all their sessions. As soon as they move to another page or try to perform an action, they will either be returned to the sign in screen or get the following message:

  • You can now force a user to be signed out from the Users page. Simply select the users you want to sign out, then click More > Force Sign Out.

Coming soon is the ability to quickly (or in bulk) lock accounts from the Users page.


September 2023 - New side menu in Phocas

April 17, 2023 (version 8.1.26)

New and enhanced features

We spent the last few months fine-turning the Bulk user updates feature and we are delighted to release those changes today.

  • We’ve made it simpler to make bulk updates to database restrictions across multiple users. While you access the database restrictions screen in the usual way, you’ll notice it looks different. Its new tab-based interface makes it quicker and easier to move between dimensions, streams and measures to apply restrictions, and a new Data Filters tab gives you more granular control over data visibility within dimensions.

  • It’s also now easier to review and revise changes, and with a more detailed confirmation screen at the end of the bulk update process, so you can be sure you’re updating the right details for the right users. We hope you enjoy the new version of the database restrictions screen in the Bulk Update feature - we welcome your feedback.

Resolved issues and small changes

We resolved several issues.


Back to top