Identity Administration Release Notes

Release 23.9 (available September 8, 2023) introduces the following changes.

See Identity Administration Release Notes - Previous Versions for changes in previous releases.

What's new

The following new features are now available.

Secure Web Sessions

See What's New for details on upgrade notes specific to SWS.

Identity Compliance

See CyberArk Identity Compliance Release Notes for details on upgrade notes specific to Identity Compliance.

Improvements and behavior changes

This release includes the following product improvements.


Improvements to authentication features



Changed the default behavior for continuing with authentication challenges and notifying users after a failed challenge.

Previously, by default we allowed users to proceed with authentication challenges even if they failed an authentication challenge. After the last relevant MFA challenge, we notified users of their failed authentication without identifying the failed challenge. This made it more difficult for bad actors to gain access; however, it also made it more difficult for users to sign in.

Identity Administration security is robust, so hiding the failed challenge is not necessary. Starting with release 23.9, the default behavior changes to immediately notify users when they fail an authentication challenge. This improves the user experience without compromising security.

The following policy settings control this behavior. The default values for both settings are false starting with 23.9.

  • Authentication Policies > CyberArk Identity > Continue with additional challenges after failed challenge

  • Authentication Policies > CyberArk Identity > Do not send challenge request when previous challenge response failed

Values in your saved policy sets remain unchanged. This change only impacts the default policy set and any new policy sets.

See Notify users of a failed MFA challenge for more information.

Fixed issues

This section lists the issues fixed in this release.

Core Services

Issue Resolution

Retrieval of groups using the group email Id was not supported for Google directories.

This is fixed.

The Identity browser extension did not automatically sign in if you have a custom domain that includes the country code in the top-level domain (for example,

This is fixed.

Component versions

The following table lists the latest component versions.



Identity Administration


Identity Security Intelligence


Browser Extension - Chrome


Browser Extension - Edge Chromium


Browser Extension - Firefox




System requirements

See System requirements and supported browsers for more information about browser and device support.