This winter, we are enhancing web safety controls, strengthening authentication on managed devices, and expanding identity synchronization capabilities across systems.

  1. Google SafeSearch for iOS and macOS Devices via Veltar SWG

With Veltar Secure Web Gateway, you can now enforce Google SafeSearch on both managed and unmanaged iOS and macOS devices. You can leverage uniform browsing policies on your Apple devices and overcome the current limitations of Google’s native app-level controls to enforce SafeSearch across Google Search and YouTube.

This is especially important in educational and shared-device environments.

With this update: 

  • Enforce SafeSearch across Google Search, YouTube, and Bing Search using network-level controls.

  • On managed devices, SafeSearch policies apply across all applications.

  • On unmanaged devices, policies apply only to managed applications.

  • On unsupervised devices, users may choose to turn off SafeSearch at the device level.

  1. Multi-Factor Authentication on Managed Devices

You can now enforce multi-factor authentication (MFA) even on managed devices, adding an extra layer of assurance beyond device compliance checks.

This setting can be enabled from SSO Configurations → General Settings.

What’s new

MFA is enforced after successful device compliance validation and Users can authenticate using:

  • An OTP from another managed device

  • An OTP from a third-party authenticator app

  • An OTP that is sent to their mobile phone (when Twilio is configured)

If no secondary device is available, users are guided to set up a third-party authenticator to complete authentication.

  1. SCIM-Based Outbound User and Group Sync

Extending our flexibility in handling multiple identity source, OneIdP now supports SCIM outbound provisioning, allowing you to sync users and groups created in OneIdP to external systems and position OneIdP as a centralized identity governance layer.

What’s new

  • Sync users and groups from OneIdP to external platforms such as HRMS tools, ABM/ASM, and cloud services using SCIM v2.0.

  • Any system that supports SCIM v2.0 can be configured to receive user and group updates automatically.

With this release, Scalefusion now supports both SCIM import and export, making the platform fully SCIM v2.0 compliant.

Some common use-cases include:

  • Apple Business Manager / Apple School Manager: Create and manage Apple Managed IDs using SCIM. Authenticate users across applications using SSO with device and user compliance enforced by OneIdP.

  • Amazon Web Services: You can provision and manage AWS users using SCIM and enforce authentication based on device and identity posture.