153 results found
-
Website User 'Approver' shows GUID value, not readable ID/name
Website Users>Details show GUID in 'Approver' field, however, export of users correctly shows ID/name of the 'Approver'. As an administrator of user accounts, I need ability to see 'Approver' ID/Name on the user Details page, instead of requiring export of all users to view the identity of the Approver.
17 votes -
MFA/2FA for Admin Console Access Across All Domains
Hi Team,
Referring to tickets #1676413, #1498526, #1492633 and #1721382 —
The Brasseler client is looking to enable multi-factor authentication (MFA) specifically for the admin account. Could you please confirm if this is supported by Optimizely?
We reviewed the documentation provided for Set up multi-factor authentication, but it appears to apply at the Opti ID level, whereas the client is specifically looking for MFA enforcement at the admin account level and at Admin site. This request has come from their internal security team.
We would appreciate your guidance on this.
Thanks for your support.
11 votes -
Ability to force website users to sign in
When Remember Me/Keep Me Signed In is enabled for the website, and the user selects the Remember Me/Keep Me Signed In option when signing into the Website, there is nothing that forces them to sign in again if their role has been changed. They can return to the website based on their cookies, even though their role has now been changed (example: from Buyer3 to Buyer1). As a result, they can place an order without approval.
Please implement a function to force website users to sign in again when their role has been changed.
5 votes -
Increase job's parameters to nvarchar(max)
Increase job's parameters to nvarchar(max) so we can have larger values such as JSON. We are using custom properties to suit our needs, which is not the best approach.
Tables:
IntegrationJobParameter
JobDefinitionParameter
JobDefinitionStepParameter4 votes -
website users filteraccessible fields
We need to show assigned customers and roles as column/exportable fields from the admin console. these fields could be delimited as possible multi value but currently cant access those fields at all without going into each individually
3 votes -
Cloudflare WAF Rules
Please help with implementing below security features ASAP. There are so many frequent attacks on the website that causes the websites to go down.
- Geographical Rate Limiting - Add rules with rate limiting for traffic outside of specific countries (Challenge beyond the primary range/limit and block beyond the secondary range/limit)
- Basic Rate Limiting - Can we add a rule with rate limiting to block DoS attacks
- Bot Protection - Challenge suspected bots to confirm user authenticity
- Bot detection with javascript to identify headless browsers
- Captcha functionality - when users initially come into the site or users are starting an order…
3 votes -
Prevent bot spamming logs
We often see a lot of errors in the application logs related to bots spamming the website with URL requests that do not even exist, quite often these end in .php extension; example: https://[ConfiguredCommerceURL]/admin/function.php. These seem to be attacks that try to find vulnerabilities on the website. While often times these are harmless, they do pollute the application logs, making it harder for developers to find actual errors that are worth reporting. This feature request is to simply capture that kind of spam requests and simply block them, without processing anything else (these often come with errors such as 'Unity.Exceptions.InvalidRegistrationException'…
10 votes -
Request for an out of the box configuration setting for when sessions are fully expired
Request for an out of the box configuration setting for when sessions are fully expired:
• Session Expiration and let the client decide if they would like to redirect to Session Expired Page, or use Overlay with Session Expired Modal on same page.
• In this setting we could also provide additional sub-setting with ability to enable a session expiration warning (admin can set the number of minutes)Incomplete Client-Side Inactivity Timeout: We have two different issues with this vulnerability,
• If a customer steps away from their system without an automatic logout after a period of inactivity, there is…6 votes -
Control Panel Scheduler Must take Time Changes into account without re-scheduling jobs twice a year.
1) Goals
• Users can schedule jobs using their local date/time and time zone, and the job will run at the correct absolute instant even across DST and zone changes.
• This must take into account Daylight Savings time changes in the Spring and Fall
• The current Opti control panel only allows one time zone to be used (UTC). Need the ability to handle more than one.
• User should not have to manually re-schedule jobs two times per year when clocks change
• Admins and integrators can display and manage schedules in any time zone, and any time…2 votes -
Better extensibility options for Search V2 Indexing
We have a requirement on our project that requires us to change the behavior of the search indexing v2. In trying to do so, our development team ran into an issue where the class we needed to extend was not extensible (internal, sealed, or non overrideable methods).
Basically what we are trying to do is remove the condition that excludes child products when fetching indexable products that is in line 896 of class Insite.Search.Shared.DocumentTypes.Product.Index.SearchV2.Models.Product (this is in version 5.2.2412.1705)
What we would like to see changed is:
1 - Make the SearchV2.Models.Product public instead of internal and remove the sealed…
7 votes -
PIM - User Roles Don't Work
Optimizely confirmed the existing PIM roles do not work but asked me to enter it as feedback instead of a bug. A user must be an Admin to update an image, which is not optimal. There are existing PIM roles with Edit permissions for items and images, but they do not work. Fix the existing roles, or custom roles and permission so a user doesn't have to have full admin authority to edit an image or an item field.
2 votes -
Many customers change their SKU and it's not really supported in Configured Commerce
We have several client which rename SKUs in their ERP instead of deactivating and create a new one for multiple reasons. Recently one of them ask us to create a "Master UID" for them to map and update our products, but this field is internal only and not visible to the customers, so it's an internal ID used between the ERP, PIM and Configured Commerce to update the product.
Can such a field be added and could be used as an alternate natural key to simplify everything? Seems to us like a common issue.
2 votes -
Add the ability to grant impersonate permissions to custom roles
I want to be able to create a custom role for the admin console users that while given limited permissions through the Application Dictionnary would also be granted the ability to impersonate website users. Currently, the impersonate feature is limited to 4 roles: ISCSystem, ISCImplementer, ISCAdmin, ISCUser. Being able to customize the CanCurrentUserImpersonateAnotherUser method used by the AccountController would give more flexibility.
5 votesOur development team is currently working on this item, and it’s likely to be added to the roadmap soon - pending any technical challenges
-
Optimize Wishlist Updates: Refresh Line Item Only, Not Entire Page
Optimize Wishlist Updates: Refresh Line Item Only, Not Entire Page.
Current Behavior (for customers using live inventory and price via API):
In Configured Commerce, when a user updates a product within a list or quote (e.g., changing quantity or removing an item), the entire list page refreshes. This results in longer load times and a less efficient experience, particularly for large lists.Requested Enhancement:
Modify list/quote functionality so that updates apply only to the specific line item being changed, rather than forcing a full list refresh (must also adjust the product total). Ideally, this would be handled via an asynchronous…2 votesThank you for submitting this request! Currently in order to handle the complexity of keeping the data consistency between the My List Details and My Lists Page(s) across the wide customer base we require resetting the state after updates on the line item(s) within Lists.
While we do not have any changes planned to alter this behavior on base please feel free to continue sharing feedback and impact.
-
Send order confirmation as pdf attachment
Our customers want to receive their order confirmations as a PDF attachment. Many still want to print them, attach a digital copy to their ERP, or save a digital copy. PDF's make this much easier.
Many won't order online since they don't like the order confirmations. Others require us to manually send a PDF version out of our ERP after they have placed their order.
2 votesThank you for submitting this request! Our team is currently reviewing this feature, particularly with consideration of our wide client base. We will update this ticket once we have completed this investigation.
-
Order checkout rules
We received requests from several customers that their business required users to fulfill certain conditions before they can checkout. For example:
- Minimum order amount.
- Shipping carrier is required.Please implement the capability of creating checkout rules to provide customers with controls over their incoming orders.
2 votesThank you for submitting this request! We have added this item to our backlog for future consideration and prioritization.
If there are more details regarding the desired experience for these storefront customers who do not meet the rules that would also be appreciated.
Would there be a goal to encourage users to shop their MyLists or have selection of recommended products for example or would the desire be to simply disable the ability to checkout with appropriate messaging as to the rule that needs to be met to continue?
-
HTTP Security header support
We need the Optimizely platform to support the following HTTP security response headers:
-Permissions-Policy
-Content-Security-Policy
These headers are essential for instructing browsers on how to handle website content securely. They enhance overall security by enforcing specific rules, such as preventing cross-site scripting (XSS) and clickjacking attacks.
Our cybersecurity provider is now requiring that these policies be implemented on all public-facing web servers. As such, support for these headers is a critical requirement moving forward.
Please advise on the platform’s capability to support and configure these headers.
2 votesThis change request would increase the risk of site failures occurring if the CSP/header size is too large and require detailed review to help ensure proper guardrails exist.
We have added this item to our backlog for future consideration and prioritization.
-
Add Custom Field Names as Filter and Column in Customer Selection Pop-up (Admin Console)
We would like to request an enhancement to the Customer Selection pop-up within the Admin Console—specifically when assigning customers to users. This is for the Configured Commerce product.
Current Behavior:
Currently, the Customer Selection interface only allows filtering and viewing based on standard fields (e.g., customer name, ID, etc.). Custom fields that have been defined are not available as filter options or visible columns in the selection grid.Requested Enhancement:
Add the ability to filter by custom field values in the Customer Selection pop-up.
Add the option to include custom fields as visible columns in the grid view to aid…
3 votesThank you for submitting this request! Our team is currently reviewing if and how we may implement this enhancement to filtering within the Admin Console, particularly with consideration of our wide client base. We will update this ticket once we have completed this investigation.
-
Inherit Product Assignments in Category Hierarchy for Rule Engine
Current Behavior: In Optimizely, products are currently assigned only to the most specific (end-node) category within a 3-level taxonomy.
For example, if the category tree is:Power Tools > Drills > Cordless Drills
Then a product like a cordless drill is assigned only to the "Cordless Drills" category, and not to "Drills" or "Power Tools".
Problem: This structure causes significant limitations when using the rule engine—specifically the “Product In Category” rule. Since products are not assigned to higher-level categories, those categories cannot be used effectively in rules.
This creates a major pain point when building dynamic catalog restriction groups. Users…
5 votesThank you for submitting this request! We have added this item to our roadmap. Although we cannot guarantee a release date, we expect this feature to be available within the next 12 months.
-
Reintroduce or Provide Alternative Method to Restrict Access to the Admin Console in Configured Commerce (V3)
As part of our recent internal security audit, we identified a vulnerability related to unrestricted access to the Optimizely Configured Commerce Admin Console.
In the legacy V1 architecture, administrators could restrict Admin Console access by domain or IP range using configuration updates (as described in the Optimizely documentation: https://docs.developers.optimizely.com/configured-commerce/docs/restricting-access-to-admin). However, in the V3 architecture, this capability is no longer supported or configurable within the managed environment.
Our support engagement (Ticket #1788512) confirmed that this feature was not migrated to V3 due to complications with the impersonation feature and has since been deprecated. As a result, customers currently have no…
1 vote
- Don't see your idea?