auto_awesome What's New
- • Product News system: Tenant admins now see platform updates directly in-app on a dedicated "What's New?" page. No more external blog — updates land where your team already works.
- • Passkey login for super-admins: WebAuthn passkey sign-in is now available alongside the existing email-OTP flow. Faster access, no passwords to rotate.
- • Tenant integrations connectors: four new third-party connectors are now available — Mailchimp, Slack, Telegram, and Discord. Credentials are stored securely per tenant.
- • Rights intelligence capture: Release submission now requires a complete rights envelope — primary rights holder, copyright year, sample clearance status, and composer/publisher details per track. Submissions are blocked until rights data is complete, protecting your catalogue and DSP relationships.
- • Client termination (soft-lock): Permanently lock a client account without deleting their release history or royalty records. Locked clients cannot log in; all data remains intact and queryable.
- • Trust scoring: Assign a trust level (low / medium / high) to any user. Tenant admins see this as a read-only indicator on the users list — useful for ops and flagging accounts that need review.
- • Audio submit gate: Release submissions are now blocked if any track is missing its audio file — preventing incomplete releases from reaching DSPs.
- • Email de-branding: All tenant-facing emails (welcome, OTP, 2FA, password reset, release notifications) now carry only the tenant's brand. No ToneGrid or InterSpace references appear on any plan tier.
- • Admin form styling: Fixed a styling conflict where platform-wide rules were overriding custom admin form styles. All admin pages now render consistently.
- lock MFA for sensitive actions: Password changes and every admin sign-in now require MFA verification — authenticator app (TOTP), email OTP, or a single-use recovery code from your saved set of ten.
- admin_panel_settings Centralised MFA control: Workspace owners manage MFA across their own team — view who is enrolled, reset a lost-device user, and set policy from one panel. White-label resellers also see a Client workspaces table to set a baseline enforcement level for every sub-tenant.
- tune Flexible enforcement: Workspace MFA can be set to Disabled, Enabled (users opt-in individually), or Required (every user is forced into setup at next sign-in until enrolled).
- verified_user MFA at sign-in: A user with MFA enrolled is now prompted for a second factor right after their password — TOTP code, email OTP, or recovery code. Email codes are dispatched automatically before the prompt appears.
- qr_code Self-hosted authenticator setup: The QR code for authenticator-app enrolment now renders in the browser. No third-party QR service touches your secrets.
workspace_premium How It Benefits You
- shield Stronger account security: A leaked password can no longer sign in or change another password on its own, even if a session cookie is stolen.
- workspaces Control without complexity: Apply a consistent security baseline across your workspace without managing users one by one.
- rocket_launch Future-ready protection: Authenticator-app support, recovery codes, and centralised policy establish the foundation as more critical actions get gated by MFA.