Page Comparison

Connectors

GCP Connector

In this latest release, GCP Connector has evolved and provides more advanced capabilities, ensuring an unparalleled experience in managing your Google Cloud Platform (GCP) resources.

The GCP Connector currently offers the following features:

• Standard User Management: Inventory, create, update, and delete operations for GCP user accounts.

• Service Account Management: Inventory, enable/disable, and delete service accounts.

• Group Membership Management: Handle additions, removals, ownership changes, and cross-group memberships.

• GCP Guest Accounts Management: Inventory, update, delete, add to, and remove from groups.

• Inventory Support: Support both incremental and full inventory tracking.

• Resource Entitlements (RETs) from EmpowerID.

• User Interface for Management: EmpowerID user interface for managing accounts and groups. Inventorying standard, service, and guest accounts with incremental and full inventory support.

• Inventorying groups with incremental and full inventory support.

• Inventorying group memberships for all account types with incremental and full inventory support.

• Inventorying nested groups under a parent group.

• Creating, updating, and deleting users and groups.

• Provisioning accounts through REST API.

• Supporting disabling and enabling accounts.

• Deleting accounts.

• Resetting passwords for GCP accounts.

• Handling group membership additions, removals, and ownership changes for all account types.

• Assigning group memberships to accounts with management role (RBAC) assignment.

Microservices

Resource Admin

We are pleased to inform you about the recent updates to the Resource Admin microservice. These updates are designed to improve user experience by providing better control, flexibility, and efficiency in managing resources. We believe that these enhancements will significantly enhance user experience. For further details on these updates, please refer to the information provided below.

Improved Caching Mechanism for Faster Retrieval of Locations Data for Groups/Management Roles

Implemented an enhanced caching mechanism to optimize data retrieval for Locations associated with Groups/Management Roles. This improvement significantly improves the speed of fetching data, enhancing user experience.

Field Type Management for PBAC Application

We have added the ability for Resource Admins to directly add, edit, and delete field types within the application details interface for PBAC-supported applications.

Image Added

Enhanced PBAC Approver Resolution for AzLocalRole Assignments

This update introduces an enhancement to the PBAC system, extending the rule for resolving approvers from PBAC Right assignments to AzLocalRole assignments. Now, application owners can efficiently manage both types of assignments within their applications without the need to switch to RBAC (Role-Based Access Control). By mapping approval rights to AzLocalRight and AzLocalRole, the system automatically identifies approvers based on specified criteria, such as possessing the approval right for the local right or role specified in the Business Request Item. This streamlined approach ensures that only direct assignees with the necessary qualifications are considered as approvers, simplifying the approval process and enhancing user experience.

Easier Management of App Right With Field Type for PBAC Applications

In this release, we have made some improvements to simplify application rights management for PBAC Applications. We have added a new functionality that allows you to add and assign app rights easily. By clicking the "Assign App Right" button, you will trigger a workflow where you can select the app right you want to grant and to whom, along with the relevant field type values. Additionally, you can use the "Edit" button to update the app rights and the selected field type values. This addition has made it easier for users to access and modify application rights directly.

Image Added

Easier Management of Role Definition Assignments With Field Type for PBAC Applications

We have introduced a new update that simplifies the process of assigning role definitions within PBAC Applications. A key feature of this update is the "Assign Role Definition" functionality, which makes the assignment process more efficient. Users can assign role definitions and Field Types to specific individuals or groups with ease using the Assign role definition button. This triggers a wizard workflow that facilitates the assignment process. Additionally, users can make adjustments to role definitions and associated parameters effortlessly, thanks to the "Edit" button.

Image Added

More Visibility and Easier Management of the Field Types from App Rights

By simplifying the interface, we have made it easier to manage and view Field Types within app rights. Field Types can now be accessed through a dedicated tab, which increases their visibility and makes them more user-friendly. Users can edit or delete existing field types effortlessly using this tab. Adding a new field type is also made easy through the self-service workflow called "ConfigureApplicationAuthorizationFieldType." To add a new field type, simply click the Add Field Type button, and the workflow will guide you through the process of integrating it seamlessly into your app rights.

Image Added

Enhanced Visibility of Inventoried Permissions for Shared Folders

All inventoried permissions for shared folders are conveniently displayed within the resource admin UI. Previously, this feature was only accessible through the legacy application. With this update, users can easily access and manage inventoried permissions.

Image Added

AzLocalRole Time Constraint Enhancements

The Assign AzLocalRole operation now adheres to the time limits that are set by the Access Request Policy. If the start and end dates are not specified (null), the system sets the start date to the current date and the end date to the current date plus the maximum time duration allowed for access (CurrentDatetime + TimeAccessMaximumDuration).

If the start and end dates are specified, the system validates the end date against the maximum allowed duration (AssignAzLocalRightScope.End > CurrentDatetime + TimeAccessMaximumDuration). It is set if the end date exceeds the maximum duration (CurrentDatetime + TimeAccessMaximumDuration).

Security Enhancements

We have made important improvements in this release to ensure the security of your system and data. We've upgraded the SAP integration library to SAP .NET Connector 3.1 (SNO), improving performance and compatibility. Introducing test certificate-based SNC authentication enhances user authentication's robustness. Additionally, S/MIME signing for outgoing emails enhances email communication security.

SAP Library Upgrade and Certificate-Based Authentication

The SAP integration library has been upgraded from ERPConnect to SAP .NET Connector 3.1 (SNO) for improved performance and compatibility. Security has been bolstered with the addition of test certificate-based SNC authentication.

S/MIME Encryption for Outgoing Emails

In this release, we are introducing S/MIME signing for emails sent from EmpowerID. This feature enhances the existing email encryption functionality by ensuring that emails are digitally signed using S/MIME certificates, adding another layer of security and trustworthiness to communications sent from EmpowerID.

RBAC System Optimization and Performance Enhancements

We have introduced a series of optimizations and enhancements geared towards improving system stability, performance, and flexibility of the RBAC system in EmpowerID.

• Indexes Views Replaced by Compiled Tables: Implemented a significant architectural change where index views are replaced by compiled tables, enhancing stability and performance.

• Resolved Crashes: We addressed an issue where creating a new ResourceTypeRole or Location delegation would cause system crashes. Users can now create these delegations without encountering any crashes.

• ResourceRole Redundancy Removed: We eliminated the need for ResourceRole by optimizing policy compilation. We now utilize the Resource combined with ResourceTypeRole. This optimization ensures flexibility in creating access levels without compromising performance.

• RBAC Enhancements: RBAC processes and tables now rely on GUIDs for all compiled processes while retaining INTs for reference in compiled tables. Synchronization methods have been added to maintain consistency in IDs for migrations or regular updates.

• Simplified Inheritance Handling: Removed the necessity for the block Inheritance table.

• Improved Performance with Assignee Comparison: Enhanced performance by implementing AssigneeHash for assignee comparison, resulting in significant performance improvements.

• RBAC Refactor: Conducted a comprehensive refactor of all session tables and methods in the RBAC system. Compilation processes are now prefixed with Rbac_Compile_ and provide constant progress updates.

• Dynamic Compilation: Introduced new columns IsCompiledOperation and IsCompiledResourceTypeRole, eliminating the need to create a set of indexed views and methods for compiling operations or ResourceTypeRoles. This feature allows for on-demand compilation, ensuring efficiency and flexibility.