Synapse Docs
Synapse Docs
Breadcrumbs

stack-575 Release Notes

Summary

This release advances one of our roadmap features for 2026: Account Realms. Account Realms is a new isolation boundary feature we’re adding to support private data management and governance for organizations that request to use their own Identity Provider(s). This enables us to bring the strong data curation, governance and sharing features in Synapse to a new audience, while remaining focused on our mission of Better Science, Together.

Unless you’re a member of one of the organizations that utilizes Account Realms, you won’t notice it. All current Synapse users will be in the default realm, where data governance, sharing and reuse are paramount in our mission.

We also released Virtual Tables feature from Experimental Mode and exposed it in Synapse in the “Add Table or View” UI.

  • What’s delivered:

    • Virtual Tables released (SWC-7663); realm-aware authentication flows restricting password/OAuth sessions to allowed realms (PLFM-9326); realm-aware account management limiting email/password operations to realms where Synapse is the IdP (PLFM-9325).

  • Why prioritized: Reduces security exposure, clarifies governance boundaries across identity providers, and brings a high-demand data feature (Virtual Tables) into supported status for researchers and data engineers.

  • Impact: Security and governance stakeholders see tighter policy enforcement; integrators must ensure their login and account flows align with realms; advanced data users gain a stable, supported Virtual Tables feature. Day-to-day portal users should see little to no change.

Issues completed: 3 (SWC-7663, PLFM-9326, PLFM-9325)

Affected Users & Systems

  • Advanced data users and data engineers: Benefit from Virtual Tables now being supported for production workflows.

  • Security/governance and compliance stakeholders: Clearer enforcement of realm policies for authentication and account settings.

  • App integrators and admins: Must verify that login endpoints and account management operations align with each realm’s configured identity provider.

  • Systems impacted: Synapse authentication endpoints (/login2, /oauth2/session2), account management endpoints (/email, /user/password/reset, /user/changePassword, /account/{id}/emailValidation), and Synapse Virtual Tables in SWC.

New Features

  • Virtual Tables released (SWC-7663): Removed from Experimental; now supported for production use. Enables flexible, query-based views over data without materializing copies—useful for complex analytical workflows and cross-project data access patterns.

  • PLFM-9326 – Authentication with realms: /login2 limited to users whose realm allows Synapse as IdP; /oauth2/session2 limited to providers allowed by the user’s realm. Clarifies and enforces security boundaries across realms.

  • PLFM-9325 – Account management with realms: Email/password operations restricted to realms where Synapse is the IdP. When an external IdP is used, those settings are managed externally. Reduces confusion and prevents unsupported state changes.