---
title: Release notes | Access Control
description: Learn about the new features and improvements implemented in Access Control
documentId: access-control-release-notes
locale: en-US
---

For previous years, see:

- [2025](/docs/access-control/access-control-release-notes/access-control-release-notes-2025)

---

## June 2026

<Accordion title="June 02, 2026">

- **Deactivation due to failed login attempts**

  To strengthen access security, the account is now automatically deactivated after several failed login attempts. The rule applies to both local and federated users.

  To regain access, an administrator must reactivate the user. Learn more in [Login](/docs/access-control/access-control-users/access-control-login#deactivation-due-to-failed-login-attempts).

</Accordion>

## May 2026

<Accordion title="May 19, 2026">

- **New Client Apps feature**

  Access Control now supports independent Machine-to-Machine (Client Apps) credentials for system integrations.

  With this, credentials now have their own permissions and status, eliminating the need to link automations to named platform users.

  New endpoints for generating and validating M2M tokens have also been made available, along with governance controls for creating, editing, viewing, and removing these credentials.

</Accordion>

## April 2026

<Accordion title="April 29, 2026">

- **Federated login improvements**

  When a federated login configuration is deleted, users who were active at that time will become local Access Control users and will need to reset their password.

  Before deleting the federated login configuration, you will be asked whether you want to send a password reset email to all users who are active at that moment. If you choose not to send it, each user will need to manually request a password reset.

</Accordion>

## March 2026

<Accordion title="March 19, 2026">

- **Improvements**

  It is now possible to immediately disable a newly created user, even when in the PENDING state (awaiting activation).

  Federated users cannot reset their password through the Access Control interface. Password management remains the responsibility of the IdP (Identity Provider).

</Accordion>

<Accordion title="March 04, 2026">

- **Security improvement**

  Limitation for federated login: to strengthen access governance and platform security, each environment now supports only **one active Identity Provider (IdP) at a time**. The use of multiple providers simultaneously has been discontinued.

</Accordion>