Epicenter Release 6.0
Release date: June 27, 2026
Overview
Epicenter 6.0 is a major platform release focused on modernizing the underlying libraries and technologies that Epicenter is built on, improving long-term maintainability and performance. It also strengthens security, with stronger password encryption and mandatory multi-factor authentication for administrators holding global permissions. On the administration side, it rolls up the Epicenter Dashboard improvements from versions 1.12 through 1.14, including multiplayer world assignment, project-home login analytics, and a range of self-registration, upload, and file-management fixes.
Epicenter Administration New Features
Workshop Deletion with User Cleanup
- Workshop deletion with users: When deleting a workshop, administrators can now also permanently delete all users in that workshop who are not members of any other workshop. This simplifies cleaning up registered users, for example for privacy compliance. The option follows the account's permissions for user deletion.
Project Home Analytics
- Login activity charts in the project home: The project home now includes total-login charts for the last 12 days, 12 weeks, and 12 months, alongside the existing simulation-run charts. Administrators get an at-a-glance view of end-user engagement over time, not just simulation activity.
Epicenter Administration Fixes and Improvements
Multiplayer World Assignment
- World assignment at the run configuration level: Multiplayer world assignment previously worked correctly at the workshop level but not at the Run Configuration (Episode) level. World assignment now works reliably at both levels. After uploading users to a workshop, administrators can continue straight into world assignment, target an existing run configuration or create a new one, and auto-assign worlds to all active users or only those currently online.
Self-Registration
- MFA configuration gated by account settings: Self-registration now only surfaces multi-factor setup when the account's settings require it, and the registration flow was restructured for clearer, more reliable step progression.
- Fixed domain allow-list encoding: Corrected an encoding issue in the self-registration domain allow-list so restricted-domain registration behaves as configured.
Workshop and User Management
- Invalid emails cleaned during spreadsheet upload: Malformed email values are now detected and cleaned as part of the user upload workflow, preventing bad email data from entering user records.
- World assignments cleared on deactivation: Deactivating a user in a workshop now releases their world assignments, freeing those worlds for reassignment instead of leaving them stranded on an inactive player.
File Management
- Validated file and folder names: File-manager operations now validate folder and file names and properly encode URL paths, so names containing special characters no longer trigger a 500 Internal Server Error.
Navigation and Access Control
- Sidebar navigation based on account role: The sidebar now shows only the menu items that pertain to the administrator's account role, hiding options the user is not permitted to use and returning clearer error messaging for restricted areas.
UI/UX Polish
- Removed the in-app feedback popup: The legacy feedback popup and its route were removed, decluttering the administration experience.
Security and Dependencies
- This release contains miscellaneous improvements to update dependencies and improve security.
Platform/API Improvements
Epicenter 6.0 includes substantial platform-level changes, including updates to underlying technology and dependencies for improved maintainability and performance. Feature changes are described below.
Security and Authentication
- Argon2 password encryption by default: New administrator passwords default to
argon2_idencryption, and existing administrator passwords are transparently upgraded to Argon2 on next login. - MFA required for global-permission administrators: Administrators holding global permissions must now set up multi-factor authentication.
- Canvas and LTI identity mapping: Canvas can now use
user_login_idto override the SSO subject, and LTI can readuser_login_idfrom a custom claim namespace. - Canvas and LTI automatic multiple group creation: Multiple Epicenter groups are now automatically created after single sign-on, supporting faculty or students enrolled in multiple sections.
Other Improvements
- Sort fallbacks: Endpoints now apply sensible default sorting when no explicit
?sort=parameter is supplied. - Stricter name sanitization: Expanded sanitization checks to catch
\and/characters that were problematic in some group names.
Platform/API Improvements (experimental)
This release includes a few experimental features, not yet documented:
- Pipeline: Improvements to "Pipeline" APIs supporting integrated build/release processes.
- Seat licenses: Seat license tracking for resale of simulations across multiple organizations.
Contact support@forio.com for more information.