Updates to registration flows, account experience, and login security

Enhanced registration flows

Ory improved the internal implementation for two-step (profile_first) registration flows. Previously, these flows relied on hooks and internal context, which sometimes caused issues with UI control and could result in duplicate fields when users navigated the registration process. This refactoring resolves these issues. It also addresses inconsistencies in how form field groups such as password, default, profile were handled during registration and validation.

This change is internal and maintains backwards compatibility. Existing registration flows continue to function without modification. This update provides a more robust foundation for future features.
No user action is required.

Account Experience updates with organization support

The new Account Experience - currently available in preview - now supports organization login and registration for identifier_first login and profile_first registration. This enhancement allows users to sign up and log in under an organizational context and also includes multiple improvements for edge cases related to organization Single Sign-On (SSO) and visual enhancements to the account experience.

New login security option

Additionally, Ory introduced support for enabling or disabling account enumeration mitigation when using identifier_first login flows. This provides administrators with explicit control over whether the system indicates if an account exists during login attempts, helping to prevent attackers from discovering valid usernames.

These changes are now available in Ory Network and Ory Enterprise License Kratos and will be included in the next release of Ory Open Source.