Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Warning

Please note that these release notes are for a future release and are currently in progress. The information contained within may change before the final release. As such, the final release notes will be prepared closer to the official launch date.

We are pleased to announce the release of EmpowerID Build 7.212.0.0, a comprehensive update with new features, enhancements, and refinements aimed at empowering administrators and enriching the user experience. This release emphasizes the following key areas:

Connectors

  • Major upgrade transitions all microservices from .NET 6.0 to .NET 8.0. The update addresses the upcoming end-of-support for .NET 6.0, ensuring continued security and support by leveraging the latest .NET framework enhancements. This upgrade does not affect current functionality or performance but is crucial for maintaining future compatibility and receiving ongoing support.

GCP Connector

  • We have added and implemented full and delta inventory features for GCP users. The enhancements include:

    • Full Inventory for Users

    • Delta Inventory for Users

    • Delta Inventory for Users in the Connector

    • Full Inventory for Guest Accounts in the Connector

  • We have implemented full and delta inventory features for GCP groups and memberships. The enhancements include:

    • Full Inventory Endpoints for Groups and Memberships

    • Delta Inventory Endpoints for Groups and Members in the Microservice

Zscaler Connector

  • The functionality for Reconciliation of SCIM groups with Azure AD groups has been added. This functionality retrieves SCIM groups provisioned in Zscaler, matches them with the Zscaler group IDs and Azure system identifiers stored in Azure Blob, and performs a reconciliation process to ensure both systems are aligned. This enhancement streamlines group management and synchronization across both platforms.

  • Inventory of Zscaler Segment Groups is now available. This feature follows the JSON inbox method, where JSON data is retrieved and imported into EID. The stored procedure Custom_ZScalerJSONInbox_ProcessResourceSystem handles the processing of JSON inbox entries for each resource system. The processed data is then stored in the EID segment group tables: ZscalerSegmentGroup and ZscalerSegmentGroupAccessPolicy. The JSON inbox data is stored in ZScalerJSONInbox and zscalerjsondoctype, ensuring seamless integration and synchronization across the system.

  • We have introduced the capability to inventory Application Segments from ZScaler using the JSON inbox method. This process retrieves JSON data and imports it into the EID system, where it is processed using the stored procedure Custom_ZScalerJSONInbox_ProcessResourceSystem. The JSON inbox entries are synchronized with the EID components, and the application segments, along with their associated data, are stored in the relevant EID tables. This ensures a seamless and automated method for managing application segments.

  • The feature to inventory Server Groups from ZScaler using the JSON inbox method allows seamless import of JSON data into the EID system. The stored procedure Custom_ZScalerJSONInbox_ProcessResourceSystem processes the JSON inbox entries for each resource system.

  • Managing Access Policies in Zscaler is now available from EmpowerID. This integration allows users to seamlessly define and manage access policies within the Zscaler environment directly from EmpowerID. Users can create, delete, and update access policies using a self-service wizard workflow, simplifying the management process and enhancing user experience.

Microservices

  • Major upgrade transitions all microservices from .NET 6.0 to .NET 8.0. The update addresses the upcoming end-of-support for .NET 6.0, ensuring continued security and support by leveraging the latest .NET framework enhancements. This upgrade does not affect current functionality or performance but is crucial for maintaining future compatibility and receiving ongoing support.

  • To address data privacy concerns, a new SearchToLoad configuration parameter has been implemented for the MyIdentity tabs (All People, Internals, and Externals). This enhancement prevents users from viewing a full, unfiltered list of identities unless a search term is entered. By default, the identity lists will display nothing until a search is performed. This feature ensures compliance with privacy regulations and prevents the potential export of user data by requiring searches for specific identities.

  • A new enhancement has been introduced to display the Service Principal Object ID on the overview page of Azure applications in the Resadmin Resource Admin UI.

  • This update introduces the ability to assign application rights to individual users and groups. This enhancement allows for more efficient management of app rights assignments, enabling administrators to streamline permissions across multiple users simultaneously. This feature aims to simplify the user management process and improve operational efficiency.

IAM Shop

  • In the IAMShop application window, a new feature has been added to improve the user experience when requesting access to applications. A Select All button has been implemented for multi-select FieldType controls, specifically for the MultiSelectCheckBoxList field type. This enhancement allows users to select all values associated with a FieldType in one action, streamlining the selection process and reducing manual entry time. Additionally, functionality has been added to force users to select at least one value when the EnforceFieldTypeSelection flag is true, and the isFieldTypes flag is also true. This will prevent users from adding to the cart without meeting the selection criteria. The EnforceFieldTypeSelection flag is available in OnboardAzLocalRight WF advanced settings.

Workflows

  • Implemented enhancements for the OnboardMailbox workflow, including adding a popup grid search for the Responsible Party and introducing IsRequired parameters for Responsible Party, Owner, and Deputy fields. The lookup now targets a more flexible configuration, allowing customization for the desired audience. Adjustments were made to use GetSearchAdvanced for Owner selection, enhancing accuracy in the selection process. These updates improve the onboarding experience for mailboxes.

  • A fix has been implemented for the DisableMultiplePeopleWF, EnableMultiplePeopleWF, and ResetPassword workflows to address an issue where the advanced search options were not displaying when expanding the search box after selecting No for user selection. With this update, the appropriate attributes are now shown, ensuring that users can efficiently perform advanced searches within these workflows.

Security Enhancements and Fixes

  • This update introduces a crucial enhancement to the MyIdentity feature, addressing data privacy concerns. Users will no longer be able to view a full, unfiltered list of identities under the "All Users," "Internal Users," and "External Users" tabs. Instead, the default view for these tabs will be empty, requiring users to enter a search query before any results are displayed. This change ensures compliance with data privacy regulations, preventing unauthorized access to potentially exportable user information.

Resolved Issues & UI Fixes

  • A fix was applied to the PBAC App Details page regarding the fulfillment time displayed under process steps. Previously, the fulfillment time incorrectly reflected the same date and time as the request.

  • Resolved an issue where users could not set the duration for more than three days while requesting resources (except Business Roles) in the IAM Shop, despite the Restricts Length of Access setting being set to No. This fix ensures users can select any end date for resources as expected. The issue did not affect Business Roles, and the fix now applies to all other resource types.

  • A bug fix has been implemented to address a horizontal scroll UI issue that affected the functionality of the Role and Location Mapper and Role Mapper tabs. This issue caused the scrollbar to display extra spacing, disrupting the user experience. Additionally, the sorting of the columns was not functioning on the same page, but this issue has been resolved.

  • Resolved a UI overlap issue by fixing the alignment and position of hide/show buttons in the Business and Location domains. This bug was particularly noticeable when accessing the Role and Location Mapper and clicking the Map selected to new button without any selection, causing text to overlay in the classification section and an unclickable button to appear near the save button.

  • A fix has been implemented to address the issue of duplicate shopping cart icons in the Resource Admin and IAM Shop. This problem arose due to a UI issue where the app did not utilize the full available width on larger screens or when zoomed out, leading to the cart drawer opening from the far right and creating the appearance of a second cart icon. The fix ensures that the app content now takes the full width, eliminating the duplication of the cart icon when the cart drawer is opened.

  • The issue where Azure role access duration was not displayed in the IAM Shop has been fixed. Now, when an Azure role is requested with time duration, users will see this information in the manage access listing.

  • This fix addresses an issue where application rights assigned to group members via ResAdmin do not appear in the IT Shop. When a user assigns the application right Group through PBAC Assignments → App Right Assignments, the assignment correctly displays in ResAdmin. However, it is currently missing from the IT Shop under Applications → Manage Access for the user. The expected behavior is that assigned application rights should be visible to all group members in the IT Shop.

Div
stylefloat: left; position: fixed;

IN THIS ARTICLE

Table of Contents
minLevel2
maxLevel2
outlinefalse
stylenone
typelist
printablefalse