2026.7 Release Notes
Release Date: June 2, 2026 | Prepared by: Kryterion Product Team
Executive Summary
This release advances SSO capabilities with a complete OIDC authentication flow, expands Sentinel lockdown browser support to macOS, and introduces the foundation for self-service certification management. Candidates gain new account recovery options via secondary email, and several new candidate UI fixes address branding and navigation issues. Items requiring CSM coordination are noted throughout.
What's New at a Glance
Category | Highlights |
|---|---|
🔐 Authentication & SSO | Complete OIDC authentication flow, SSO configuration validation, JIT provisioning claim mappings |
🖥️ Sentinel Lockdown Browser | macOS launch support, OS auto-detection, keyboard shortcut and virtual desktop blocking |
🧪 Candidate Experience | Secondary email account recovery, 💬 SMS admin visibility, new UI branding and navigation fixes |
🧠 AI & Item Writing | Document upload management UI |
⚙️ Certification Management | Self-service certification type configuration (admin preview) |
🐛 Fixes | 10 issues resolved |
New Features & Enhancements
🔐 Authentication & SSO
OIDC Authentication Flow
Candidates can now authenticate into Webassessor using OpenID Connect (OIDC), completing the end-to-end OIDC login and logout experience introduced in previous releases.
Candidates are authenticated and routed to the correct landing page following a successful OIDC login
SP-initiated OIDC logout properly terminates the session with the identity provider
Applies to both the new and legacy UI paths
Action Required: OIDC configuration requires administrator setup. Contact your CSM for guidance.
SSO Configuration Validation
Admin SSO configuration now enforces consistent validation across all SSO types.
Provider Name, Status, and Allow Create Account fields are now required for SAML and OIDC configurations, matching existing OAuth2 behavior
Attempting to save an incomplete configuration displays a clear validation error
A post-logout redirect URL field has been added to OIDC configuration for controlling the landing page after logout
OIDC JIT Provisioning: Claim Mappings
Administrators configuring OIDC with Just-in-Time provisioning can now define how identity provider claims map to Webassessor user fields.
User and custom field claim mappings are configurable when JIT provisioning is enabled
Mappings are enforced as one-to-one, with duplicate mapping validation
Claim mapping sections are hidden when JIT provisioning is disabled
Action Required: OIDC JIT provisioning configuration requires administrator setup. Contact your CSM for guidance.
🖥️ Sentinel Lockdown Browser
macOS Sentinel Launch Support
Sentinel now supports launch on macOS, extending the secure browser experience beyond Windows.
OS detection determines whether to launch Sentinel (Windows and macOS) or Respondus (Chrome OS) at exam start
The Sentinel download link now automatically detects the candidate's operating system and serves the correct installer
If OS detection fails, candidates are prompted to manually select their platform
Confirmation screen instructions now correctly display "Download Sentinel" for Sentinel-enabled exams on both macOS and Windows
macOS Keyboard and Virtual Desktop Controls
Sentinel on macOS now intercepts key shortcuts that could allow candidates to access unauthorized content during an exam.
Cmd + Q is blocked during an active exam session, preventing unauthorized application exit
Virtual desktop switching and Mission Control access are detected and restricted during exam sessions
Desktop switching events are logged
Note: Some macOS trackpad gestures (e.g., three-finger swipe to activate Mission Control) cannot be fully blocked due to OS-level behavior. This is a documented limitation within the current scope.
🧪 Candidate Experience
Secondary Email for Account Recovery
Candidates can now add an optional secondary email address to their account, providing an additional recovery path if access to their primary email is lost.
A Secondary Email field is available on the Candidate Profile screen, directly below the primary email field
The field is optional and must be unique if provided
The Forgot Password flow now accepts a username, primary email, or secondary email as input
Password reset and notification emails are routed appropriately based on which value is entered
Generic response messaging ensures no account details are exposed during the recovery flow
Admins can view a candidate's secondary email on the Candidate Details and Edit pages. These fields are read-only for admins; only candidates can update their own information.
CSM-Enabled: Secondary email is controlled by a feature toggle and will be activated regionally. Your CSM will coordinate timing.
💬 SMS Reminder: Admin Visibility
Admins can now view candidate SMS opt-in status and phone number directly from the Candidate Details and Edit pages.
Fields are read-only for admins
SMS enrollment remains candidate-driven only
🧠 AI & Item Writing
Document Upload: File Management UI
A dedicated screen for managing AI source documents is now accessible under Assessments in the Admin module.
Admins can navigate to Assessments to access the document management screen
Upload interface and navigation are available; full AI-assisted item generation from uploaded documents will be enabled in a follow-on release
Note: Document-based item generation is not yet active. This release delivers the file management UI in preparation for that capability.
⚙️ Certification Management
Self-Service Certification Type Configuration (Admin Preview)
A new Certification Management tool is now accessible to System-level administrators, enabling self-service configuration of certification types and renewal logic.
Admins can create certification types through a guided setup covering certification details, renewal logic, lifecycle configuration, notifications, rollout strategy, and exam assignments
Supported renewal logic types include Flexible, Maintenance, Hybrid, and Locked
Lifecycle settings include Active Period, Grace Period, and Recertification Window
At least one exam must be assigned before a certification type can be saved
Accessible under Assessments and visible only to System admins when the feature is enabled
CSM-Enabled: Certification Management is gated by a feature flag and is not active by default. Contact your CSM to discuss enablement.
Fixes & Resolved Issues
Severity | Area | What Was Fixed |
|---|---|---|
High | SSO | Standard SAML SSO login caused a redirect loop in the new candidate UI due to a postLoginParams handling issue |
Medium | Candidate UI: Navigation | Clicking "Go to My Assessments" or "Go to My Exams" from the reschedule/cancellation confirmation page was logging candidates out |
Medium | Candidate UI: Branding | Help link in the new candidate UI was routing candidates to the Kryterion corporate site instead of program-specific help content |
Medium | Candidate UI: Branding | Navigation links were not responding correctly to branding configuration, including removal of Edit Profile and other links |
Medium | Candidate UI | KTN delivery type exams were not displaying Reschedule/Cancel options on the My Assessments page |
Medium | Registration | Progress bar in the new registration UI failed to update correctly after removing an item from a multi-item cart |
Medium | Exam Delivery | When a proctored private center exam with a pre-exam survey was relaunched after a connection loss, time remaining incorrectly reflected the survey duration rather than the exam duration |
Medium | Registration | Retake rules were not consistently enforced when configured at the logic level or at specific exam-level attempt counts |
Low | AI Item Writing | Spacing between fields and question/answer boxes in the AI Item Writing interface was missing, causing UI elements to appear compressed |
Low | Registration | Admin password reset flow now correctly sends reset communications to all email addresses on file |
Rollout & Availability
Feature | Availability | Notes |
|---|---|---|
OIDC Authentication Flow | Available now | Requires OIDC configuration, contact your CSM |
SSO Configuration Validation | Available now | Applies to existing SAML and OIDC configurations |
OIDC JIT Provisioning Claim Mappings | Available now | Requires OIDC JIT provisioning to be enabled |
Sentinel macOS Launch Support | Available now | Applies to macOS Sentinel deployments |
macOS Keyboard and Desktop Controls | Available now | Applies to macOS Sentinel deployments |
Secondary Email for Account Recovery | Gradual rollout | CSM will coordinate regional activation |
SMS Admin Visibility | Available now | Read-only; candidate-driven enrollment only |
Document Upload UI | Available now | Full document-based item generation in a follow-on release |
Certification Management | Not yet active | Feature flag gated, contact your CSM |
All bug fixes | Available now |
Known Issues & Limitations
Document Upload: Item Generation Not Yet Active. The AI Sources document management screen is available, but AI-generated items from uploaded documents are not yet enabled. This capability will be delivered in a follow-on release.
Certification Management: Admin Preview Only. The Certification Management tool is accessible to System admins when enabled, but is not yet available for broader rollout. Contact your CSM for timing.
macOS Mission Control Gestures. The three-finger trackpad swipe gesture to activate Mission Control cannot be fully blocked due to macOS OS-level behavior. This is a documented limitation within the current scope.
Resources & Next Steps
📖 For guidance on new features, visit our Help Center
📬 Questions? Contact your Client Success Manager or reach us at clientsupport@kryterion.com