Release Notes
Recent changes, new features, and improvements in DPC Pro.
February 2026
Section titled “February 2026”Single Sign-On (SSO) Infrastructure: Phase 2
Section titled “Single Sign-On (SSO) Infrastructure: Phase 2”DPC Pro now supports centralized authentication through a dedicated auth domain (auth.dpcpro.com). This release lays the foundation for a unified SSO login experience across all DPC Pro domains. For details on how login works, see Account Login.
New features:
- Centralized login: A single login at
auth.dpcpro.comauthenticates you across all practice domains (staff and patient portals). - My Organizations hub: After logging in, the new My Organizations page at
auth.dpcpro.comshows all practices you belong to, grouped by role (staff or patient), with direct links to each. - OIDC-based authentication: DPC Pro now uses OpenID Connect (OIDC) for secure cross-domain authentication between the auth domain and practice domains.
- Per-domain cookie scoping: Each domain maintains its own session for improved security, with OIDC handling authentication across domains.
- OIDC session refresh: Sessions are refreshed automatically in the background so you stay logged in during active use.
- Password reset on auth domain: Password reset flows now go through
auth.dpcpro.com, providing a consistent experience regardless of which domain you started from. - Audit logging for auth events: All login, logout, and failed login attempts on the auth domain are recorded for security monitoring.
Improvements:
- Login-required pages on staff and portal domains now redirect to the SSO flow automatically.
- Logout on any domain clears both the local session and the auth domain session.
Domain Separation: Phase 1
Section titled “Domain Separation: Phase 1”DPC Pro now enforces strict separation between staff and patient routes.
Changes:
- Staff routes removed from organization subdomains: Practice subdomains (for example,
yourpractice.dpcpro.com) now serve only the patient portal. Staff features are accessed exclusively throughapp.dpcpro.com. - Patient portal removed from staff domain: The staff domain (
app.dpcpro.com) no longer serves patient portal routes. - Practice slug validation: Practice slugs are now validated for uniqueness within an organization, and the reserved slug list has been reduced for more flexibility.
- Open redirect fix: The practice and context switching flows have been hardened to prevent open redirect vulnerabilities.
Patient Onboarding Improvements
Section titled “Patient Onboarding Improvements”New features:
- Welcome email: New patients now receive a welcome email after signing up, with a link to complete their account setup.
- Signup confirmation step: The patient signup flow now includes a confirmation step before the account is created.
- SignupService: A new service handles patient creation, Stripe customer setup, staff alerts, and welcome emails in a single coordinated flow.
How to Read These Notes
Section titled “How to Read These Notes”Each release entry includes:
- New features: Capabilities that did not exist before.
- Improvements: Enhancements to existing features.
- Bug fixes: Corrections to problems reported by users or found during development.
- Changes: Modifications to existing behavior that may affect your workflow.
Related Pages
Section titled “Related Pages”- Upcoming Features: Planned features and roadmap items
- Feature Requests: Submit ideas and vote on suggestions
- Getting Help: Contact DPC Pro support
Need Help?
Section titled “Need Help?”If a recent change is causing issues for your practice, contact DPC Pro support.