Versions Compared

Old Version 9

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version 10

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Macrosuite divider macro
dividerWidth5030
dividerTypetext-with-icon
emoji{"id":"smile","name":"Smiling Face with Open Mouth and Smiling Eyes","short_names":["smile"],"colons":":smile:","emoticons":["C:","c:",":D",":-D"],"unified":"1f604","skin":null,"native":"😄"}
textColor#000000
dividerWeight2
labelPositionabove
textAlignmentleft
iconColor#0052CC#172b4dff
iconSizemedium30
fontSize30
textAzure AD B2C SCIM Connector
emojiEnabledfalse
dividerColor#DFE1E6
dividerIconbootstrapatlaskit/CloudsFillMediaServicesButtonOptionIcon

We have expanded our connector library to include the Azure AD B2C SCIM Connector. This new connector optimizes Azure AD B2C identity management via EmpowerID, providing seamless integration with Azure Active Directory B2C (Azure AD B2C) and delivering significant benefits for IT administrators. This feature update streamlines user management by automating user provisioning and deprovisioning processes in Azure AD B2C, reducing manual intervention and potential errors.

The SCIM connector supports real-time synchronization of user data between EmpowerID and Azure AD B2C, ensuring consistent and up-to-date information across both platforms. This enhancement contributes to a more secure environment and a better user experience for customers.

For IT administrators, the SCIM connector offers flexible configuration options, allowing customization tailored to an organization's specific requirements. By leveraging this SCIM connector integration, admins can more effectively manage customer identities, enhance security, and provide a seamless experience across EmpowerID and Azure AD B2C platforms.

Macrosuite divider macro
dividerWidth5030
dividerTypetext-with-icon
emoji{"id":"smile","name":"Smiling Face with Open Mouth and Smiling Eyes","short_names":["smile"],"colons":":smile:","emoticons":["C:","c:",":D",":-D"],"unified":"1f604","skin":null,"native":"😄"}
textColor#000000
dividerWeight2
labelPositionabove
textAlignmentleft
iconColor#0052CC#172b4dff
iconSizemedium30
fontSize30
textNo Code Flows
emojiEnabledfalse
dividerColor#DFE1E6
dividerIconbootstrapatlaskit/CloudsFillMediaServicesButtonOptionIcon

In this release, we introduce No Code Flows, a new feature designed to simplify the orchestration of business processes in response to specific events, like a person leaving the organization (Person Leaver event). The key advantage of No Code Flows is the ability for administrators to efficiently create and execute workflows that react to various scenarios without writing a single line of code.

Key Components of No Code Flows

Flow Definitions: Flow Definitions act as containers for sequential tasks or actions called Flow Items. They define the sequence of actions that will be executed when specific events occur. For example, a Flow Definition might outline the steps to take when a person leaves the organization (Person Leaver event).

Flow Items: Flow Items represent individual tasks or actions within a Flow Definition. Each Flow Item has parameters such as Item Type Action (the task to be performed), Item Scope Type (where the task is to be executed), and an Item Collection Query (an SQL query that identifies the resources impacted by the task). These parameters help determine how the action will be carried out and which resources it will affect.

Flow Events: Flow Events serve as triggers that initiate the actions defined by the Flow Items in a Flow Definition. Examples of Flow Events include a new mailbox being discovered (Mailbox Discovered event) or a person leaving the organization (Person Leaver event). When a Flow Event occurs, the corresponding Flow Definition is activated, and the system executes the specified sequence of Flow Items.

...

Flow Policies: Flow Policies dictate which Flow Definitions should be activated in response to specific Flow Events. They connect the events with the appropriate actions, ensuring that the correct sequence of tasks is executed for each scenario. Administrators can configure multiple policies for the

...

Examples of Flow Definitions and Flow Events

Here are two examples of Flow Definitions and Flow Events:

...

Mailbox Discovered Event: When a new mailbox is discovered, a Flow Definition might include Flow Items such as "Create Mailbox Account," "Assign Mailbox Permissions," and "Notify Admin."

...

same event, allowing for tailored responses to different situations (e.g., internal vs. external leavers).

Process Overview

In response to a specific event (a Flow Event), the system triggers a series of actions (contained in a Flow Definition) based on the rules defined (Flow Policies). These actions (Flow Items) consist of precise tasks, each characterized by parameters like Item Type Action (task), Item Scope Type (target), and Item Collection Query (SQL query to fetch relevant data). This entire process ensures that every action is performed in the right order, at the right time, for every event – all without writing a single line of code.

Macrosuite divider macro
dividerWidth5030
dividerTypetext-with-icon
emoji{"id":"smile","name":"Smiling Face with Open Mouth and Smiling Eyes","short_names":["smile"],"colons":":smile:","emoticons":["C:","c:",":D",":-D"],"unified":"1f604","skin":null,"native":"😄"}
textColor#000000
dividerWeight2
labelPositionabove
textAlignmentleft
iconColor#0052CC#172b4dff
iconSizemedium30
fontSizemedium30
textNew Wizard Workflows
emojiEnabledfalse
dividerColor#DFE1E6
dividerIconbootstrapatlaskit/CloudsFillMediaServicesButtonOptionIcon

This release features new wizard workflows, which streamline various aspects of Azure application management and improve onboarding procedures for individuals, groups, accounts, mailboxes, credentials, computers, and Management Roles.

Credentials

Onboard Credential Workflow: A new wizard interface for credential creation has been added. This tool not only simplifies the onboarding of credentials but also allows for the configuration of Access Request settings. These settings help control the check-out and check-in processes. Furthermore, the wizard facilitates the setting of eligibility criteria, determining who may request the credential from the IAM Shop.

...

For more information, see Onboard Credentials.

Manage Credential Workflow: Update and modify credentials with ease through a user-friendly wizard interface. This includes individual and bulk edit/delete options for credentials.

Management Roles

Onboard Management Role Workflow: Navigate the creation of Management Roles with a step-by-step wizard, choosing from predefined role types and setting hierarchical relationships like the parent Management Role Definition, nesting, and IAM Shop publication.

Manage Management Role Workflow: Simplify Management Role administration with features like role deletion, IAM Shop setting modification, and responsible party assignment. The wizard can assist with both single and multiple operations.

...

Groups

Onboard Group Workflow: We've improved the group onboarding experience with a comprehensive and intuitive wizard workflow. This feature guides users through the manual process of onboarding new groups within the system. Users can now accomplish multiple group-related tasks within the same workflow, including configuring responsible parties, owners and deputies, IAM Shop settings, and group members from a single easy-to-follow wizard interface.

...

For more information, see Onboard Groups

Manage Group Workflow: Perform various group management tasks, including viewing group details, editing group attributes, deleting groups, assigning responsible persons, and managing group membership.

Azure Applications

Create Azure Application: This workflow simplifies the process of creating a new Azure application, guiding users through each step to ensure accurate configuration.

...

For more information, see Create Azure Applications

Create Azure Application Certificates: This workflow allows users to upload and assign self-signed certificates to Azure applications managed by EmpowerID.

...

For more information, see Create Certificates for Azure Applications

Create Azure Application Client Secret: This workflow helps users create and upload client secrets for Azure applications managed by EmpowerID.

...

For more information, see Create Azure Application Client Secrets

Create Azure Application Scopes: Wizard workflow for creating scopes for Azure applications managed by EmpowerID.

...

For more information, see Add Scopes to Azure Applications

Create Azure Application Roles: Wizard workflow for creating app roles for Azure applications managed by EmpowerID.

...

For more information, see Add App Roles to Azure Applications

Update Azure App API Permissions: New wizard workflow for efficient API permissions management for Azure applications integrated with EmpowerID.

...

For more information, see Update API Permissions of Azure Applications

People and Accounts

Onboard Person: Wizard workflow for onboarding people with different options (Simple, Advanced, and From Another Mode), allowing users to tailor the process according to their needs.

...

For more information, see Onboard People

Manage Account: The Manage Account Wizard is a new workflow designed to simplify account management by offering a guided, step-by-step process for key actions such as enabling or disabling accounts, deleting accounts, and editing account attributes. Further, it facilitates the assignment of responsible parties and enables the addition of accounts to various groups.

Self-Service

Login Assistance Wizard: The Login Assistance Wizard is designed to allow users to address login-related issues independently. Accessible directly from the login screen, this user-friendly wizard simplifies various operations such as password reset/unlock and Azure Temporary Access Pass (TAP) issuance. It also provides for Azure/EmpowerID Multi-Factor Authentication (MFA) reset, unblock, and unenrollment, as well as the deletion of MFA assets/preferences.

...

Manage Your Identity Wizard Workflow: Users can easily manage aspects of their identity from a single, easy-to-follow wizard, including deleting MFA devices, enrolling for a Q&A password reset, changing passwords, editing profiles, and registering MFA authenticators.

...

For more information, see User Experience - Manage Your Identity

Computers

Onboard Computer Wizard Workflow: The Onboard Computer Wizard is a new workflow that makes the onboarding of computers a more effortless and adaptable process. The wizard simplifies the steps of adding computers, seamlessly integrating them into the IAM Shop, and customizing eligibility settings. Plus, it brings more flexibility in managing Privileged Session Management (PSM) settings, including the linking of PSM credentials.

...

For more information, see Onboard Computers

Mailboxes

Onboard Mailbox: The Onboard Mailbox Wizard is a new workflow designed to streamline the process of integrating shared, room, or equipment mailboxes. This intuitive workflow allows you to effortlessly publish these mailboxes in the IAM Shop, seamlessly incorporate them into relevant groups, and easily configure eligibility criteria for users requesting access. The feature further optimizes the approval process by directing the flow when users request access.

Manage Mailbox: The Manage Mailbox Wizard is a new workflow designed to simplify mailbox management. This user-friendly wizard enables users to modify essential mailbox settings while also providing efficient control over email forwarding, policy establishment, and quota restrictions.

Macrosuite divider macro
dividerWidth50
dividerTypetext
emoji{"id":"smile","name":"Smiling Face with Open Mouth and Smiling Eyes","short_names":["smile"],"colons":":smile:","emoticons":["C:","c:",":D",":-D"],"unified":"1f604","skin":null,"native":"😄"}
textColor#000000
dividerWeight2
labelPositionabove
textAlignmentleft
iconColor#0052CC
iconSizemedium
fontSize30
textNew IAM Shop Permission Levels
emojiEnabledfalse
dividerColor#DFE1E6
dividerIconbootstrap/CloudsFill

...

  • Removed dependency on Microsoft Edge for Workflow Studio login. Workflow Studio now uses modern authentication with front-channel flow for better accessibility.

  • Introduced a fulfillment workflow template for Business Requests, simplifying request management.

  • BotFlow has a new feature to pin the resources in BotFlow and facilitate easy interaction. To pin a resource means to keep it easily accessible, allowing for the execution of multiple actions or workflows without selecting or inputting the same resource multiple times. Pinning resources in bot flows can be either temporary or permanent.

  • Added a Workflow Activity for ChatGPT, facilitating smoother integration and communication with ChatGPT within EmpowerID.

  • Incorporated a new Workflow and Bot flow for interacting with ChatGPT in EmpowerID and the Bot, respectively.

  • Updated the user interface of Workflow Studio to give it a more modern and contemporary look.

    • Revamped and modernized baseline configuration and integration for AvaloniaUI, delivering an improved and contemporary user interface experience.

    • A new LowCode/NoCode panel has been implemented utilizing the AvaloniaUI framework, resulting in improved functionality and a more user-friendly experience.

  • Added support for developing workflows and integration for SAP BAPI

    • Introduced a new Workflow Activity that allows calling any BAPI function and executing the result, broadening the scope of workflows and integrations.

    • With the LowCode UI, values can be set at design time or run time from the BAPI structure, increasing customization and adaptability.

  • The Repeater sections in Workflow Studio forms have been updated to include Add, Edit, and Delete options in addition to displaying records in a card UI, which was already a feature. This allows for greater flexibility in design for developers and a better UI experience for the end users.

    Image RemovedImage Added

Macrosuite divider macro
dividerWidth50
dividerTypetext
emoji{"id":"smile","name":"Smiling Face with Open Mouth and Smiling Eyes","short_names":["smile"],"colons":":smile:","emoticons":["C:","c:",":D",":-D"],"unified":"1f604","skin":null,"native":"😄"}
textColor#000000
dividerWeight2
labelPositionabove
textAlignmentleft
iconColor#0052CC
iconSizemedium
fontSize30
textAdditional Improvements
emojiEnabledfalse
dividerColor#DFE1E6
dividerIconbootstrap/CloudsFill

  • Rehire Capability in Advanced Leaver: We've added rehire support to the Advanced Leaver feature. This is particularly useful when an individual rejoins the organization after a previous departure. The rehiring process involves restoring a previously deleted person object and its associated access provisions, contingent on certain criteria being fulfilled. The workflows for rehire support automatically restore the person, reapply attribute flow to all accounts, and generate a restoration task for manual approval.

  • Time-Based Escalation for Recertification: The recertification feature now includes a Time-Based escalation, enhancing flexibility and control in the Business Roles review process. For instance, an automatic escalation request is sent to the Digital Access Governance Manager if a review has been pending for a month. If there is no response within six months from the initial review request, the system will automatically remove the business role and initiate the deprovisioning of related accesses. Users can now configure settings to manage notification and escalation timing and actions.

  • New Relative Delegations: Administrators now have the ability to set up relative delegations for Locations within their organization. This extends the capacity to delegate visibility and responsibility to business locations at the organization level. In response to the need for greater flexibility in configuring delegations, we have broadened delegation capabilities for administrators.

  • Expiring Access Notifications: Our Notifications engine now includes an option to alert users about impending access assignment expiry via email, specifying resource details and the expiration date.

    Image RemovedImage Added

  • Google ReCaptcha Upgrade: We've upgraded to Google ReCaptcha V3, enhancing security and user experience. Users will no longer need to solve CAPTCHA challenges, and the system can detect risk based on user behavior.

  • Azure Group Account Membership Management Enhancement: This release introduces a significant enhancement to Azure AD group account membership management with the transition to a queue-based model, increasing efficiency and reliability.

  • Exchange Mailbox Audit Settings Sync: EmpowerID now periodically retrieves and syncs audit settings from Exchange Mailbox, ensuring the consistency of audit settings between EmpowerID and Microsoft Exchange Online.

...