Collect mandatory and optional profile fields during user registration.

A set of framework-agnostic web components that can interact with Account API.

Then no password is required for sign-in.

Support multiple custom domains and render different sign-in experience brandings according to the domain.

Trigger MFA according to the current risk level, e.g. a new device.

Customize policies to control authentication, such as username rules, IP blacklist / whitelist, verification code expiration, etc.

Duplicate dev tenant configurations (connectors, roles, resources, etc.) to a new production tenant.

Simplify wording when no matching account is found during sign-in experience.

Allow verification code flow for SSO-provided unverified emails.

Option to allow both Google Workspace and Google social logins for the same account.

Directly register via forgot password instead of prompting for another round of verification.

Allow to reset sign-in verification lockouts.

Authenticate users via API. No redirect needed.

Support RFC 8628: OAuth 2.0 Device Authorization Grant.

A set of framework-agnostic web components that can interact with Experience API.

Allow to use code-based configuration to provision role-based access control, for example, a YAML file.

An out-of-the-box solution that allows org admins to manage identities, organization profiles, and set up enterprise SSO themselves.

System for cross-domain identity management APIs.

Support Client Initiated Backchannel Authentication (CIBA) Flow.

Block users at the login stage if they come from a specific app. This will essentially enable app-level authentication (beyond just branding).

Implement RFC 9396 and provide some useful feature around it.