We've further restricted access to your most sensitive keys within the Clerk Dashboard
In an ongoing effort to improve the security of your Clerk instances, starting today, only users of your Clerk workspace who are Admin roles will be able to manage secret keys on the Instance / API Keys page. The Member role can no longer reveal, create, or delete secret keys.
Member role can still list all Secret keys and view non-sensitive details such as name, creation date and last-used date.
Clerk's SDKs automatically handle verification for both token formats — no code changes are required when switching between them. For manual verification of JWT tokens outside of Clerk's SDKs, use the same approach as session token verification with your instance's public key.
You can now hide incomplete time periods from your analytics reports on the Overview page.
By default, your most recent time period (today, this week, or this month, depending on your selected interval) is shown even if the data is incomplete. Uncheck "Show incomplete period" to show only past complete periods.
This filtering applies to all analytics reports on the Overview page.
You can now manually require users to reset their passwords using the reset password session task. This ensures users are prompted to choose a new password on their next sign-in, giving you a reliable way to respond to security events beyond automated breach detection.
As an initial action, we’re introducing the ability to set passwords as compromised, with the option to immediately sign out all active sessions for the affected user. This triggers a reset password session task, requiring the user to set a new password on their next sign-in. Additional actions will be introduced in the future.
How to force password resets for an entire instance
If you need to protect all users at once—such as during a suspected platform-wide security incident—you can require a password reset for every account in your instance.
This is currently done by setting all existing passwords as compromised, which will trigger a reset password session task for affected users. Each user will be required to set a new password the next time they sign-in.
Navigate to Configure > Instance Settings > Security Measures in your Clerk Dashboard.
Select Set all passwords as compromised.
How to force a password reset for a specific user
When only a single account is at risk, you can require a password reset for that user alone.
This action triggers a reset password session task for the user, ensuring they must change their password before continuing.
Navigate to the User Details page for the user.
In the Password section, under the actions dropdown, select Set password as compromised.
Getting started
All new instances have password reset session task enabled by default. Existing instances must manually opt-in via the Reset password session task update on the Updates page.
If you’re using custom authentication flows, make sure your application handles:
Filter organizations by name, slug, or creation date to quickly find what you need.
You can now filter organizations in the Clerk Dashboard by name, slug, or creation date. These filters work alongside the existing search functionality to help you locate specific organizations faster.
Whether you need to find organizations by their display name, unique slug identifier, or when they were created, the new filter menu provides quick access to refine your organization list.
To use the filters, click the filter icon next to the search bar on the Organizations page in your application instance.
Track organization creation metrics with new dashboard reports.
We're excited to announce new organization reports in the Clerk Dashboard. You can now monitor how many organizations are being created by day, week, and month. You can also track your total organization count at a glance.
These new reports provide quick insights into organization creation patterns, making it easier to monitor growth and identify trends in your organization adoption.
