Versions Compared

Old Version 20

changes.mady.by.user Dhiraj Kumar

Saved on

compared with

New Version Current

changes.mady.by.user Dhiraj Kumar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Tabs macro
defaultColor#42526e
activeColor#0052CC
width0
hoverColor#0065FF
importPageData{}
tabTypeno-icon
stylestyle-1
alignmentleft
[{"label":"EmpowerID 2021","id":"1","content":{"version":1,"type":"doc","content":[{"type":"paragraph","content":[{"type":"text","text":"EmpowerID 2021 adds several new product features and usability enhancements."}]},{"type":"heading","attrs":{"level":2},"content":[{"type":"text","text":"New Features"}]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"EmpowerID Microservices"}]},{"type":"paragraph","content":[{"type":"text","text":"As part of its ongoing platform redesign to transform EmpowerID from a single monolithic application into a loosely coupled, but a well-integrated suite of small services, this release of EmpowerID offers several new microservices, "},{"type":"text","text":"My Tasks, ","marks":[{"type":"em"}]},{"type":"text","text":"and "},{"type":"text","text":"My Identity","marks":[{"type":"em"}]},{"type":"text","text":", as well as an updated"},{"type":"text","text":" IT Shop","marks":[{"type":"em"}]},{"type":"text","text":"."}]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"My Tasks Microservice"}]},{"type":"paragraph","content":[{"type":"text","text":"The My Tasks microservice provides a central location from which users can view the status of their access requests, make and respond to comments about those requests, and in situations where they are designated approvers, approve or reject access requests submitted by other users."}]},{"type":"paragraph","content":[{"type":"text","text":"The My Tasks interface consists of several pages of task and request-related information relative to the current user presented in an easy-to-navigate single-page application experience. The main pages are the "},{"type":"text","text":"My Requests","marks":[{"type":"em"}]},{"type":"text","text":" page, the "},{"type":"text","text":"To-Do","marks":[{"type":"em"}]},{"type":"text","text":" page, and the "},{"type":"text","text":"All","marks":[{"type":"em"}]},{"type":"text","text":" page. Users navigate from page to page by selecting the desired page from menus prominently displayed at the top of the application."}]},{"type":"paragraph","content":[{"type":"text","text":" "}]},{"type":"paragraph","content":[{"type":"text","text":"The "},{"type":"text","text":"My Requests","marks":[{"type":"em"}]},{"type":"text","text":" page displays access requests submitted by the user or by another user on their behalf. From this page, users can view the status of their access requests, see who the approver is and add comments about their request."}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"type":"external","url":"https://dotnetworkflow.jira.com/wiki/download/attachments/2710601729/MyRequestsPageOfMyTasksApplication.png?version=1&modificationDate=1654265469098&cacheVersion=1&api=v2"}}]},{"type":"paragraph","content":[{"type":"text","text":"The "},{"type":"text","text":"To-Do","marks":[{"type":"em"}]},{"type":"text","text":" page displays access request-related tasks for which the user is an approver. From this page, users with the authorization to do so can make decisions about those tasks, add comments to them, and delegate them to others."}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"type":"external","url":"https://dotnetworkflow.jira.com/wiki/download/attachments/2710601729/ToDoPageOfMyTasksApplication.png?version=1&modificationDate=1654265852434&cacheVersion=1&api=v2"}}]},{"type":"paragraph","content":[]},{"type":"paragraph","content":[{"type":"text","text":"The "},{"type":"text","text":"All","marks":[{"type":"em"}]},{"type":"text","text":" page displays all access request-related information."}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"type":"external","url":"https://dotnetworkflow.jira.com/wiki/download/attachments/2710601729/AllRequestsPageOfMyTasksApplication.png?version=1&modificationDate=1654265943391&cacheVersion=1&api=v2"}}]},{"type":"paragraph","content":[]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"My Identity Microservice"}]},{"type":"paragraph","content":[{"type":"text","text":"The My Identity microservice provides a central location from which users can view relative information about themselves, create permanent delegations for business request tasks for which they are an approver, and personalize the number and frequency of email notifications they receive about those business tasks. The My Identity interface consists of several pages of task and request-related information relative to the current user presented in an easy-to-navigate single-page application experience. Users navigate from page to page by selecting the desired page from menus prominently displayed at the top of the application. "}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"type":"external","url":"https://dotnetworkflow.jira.com/wiki/download/attachments/2710601729/MyIdentity.png?version=1&modificationDate=1654265996255&cacheVersion=1&api=v2"}}]},{"type":"paragraph","content":[{"type":"text","text":"The My Identity interface includes a number of pages and features to include the following:"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Navigation sidebar","marks":[{"type":"strong"}]},{"type":"text","text":" that allows users to seamlessly navigate from My Identity to other EmpowerID applications."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"My Identities page","marks":[{"type":"strong"}]},{"type":"text","text":" provides users with a single location for viewing all their EmpowerID identities. From this page, users can view detailed personal profiles and organizational charts related to their respective identities."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"All People page ","marks":[{"type":"strong"}]},{"type":"text","text":"provides users with a view of all the people internal and external to their organization they have the right to view."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"My Direct Reports page","marks":[{"type":"strong"}]},{"type":"text","text":" provides managers with a view of their direct reports."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"My Department page","marks":[{"type":"strong"}]},{"type":"text","text":" provides users with a view of all people in their department."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Internals page ","marks":[{"type":"strong"}]},{"type":"text","text":"that provides users with a view of people internal to their organization they have a right to view."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Externals page","marks":[{"type":"strong"}]},{"type":"text","text":" that provides users with a view of all people external to their organization they have a right to view."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Permanent Delegations page","marks":[{"type":"strong"}]},{"type":"text","text":" that provides users with the ability to permanently delegate tasks for which they are an approver to other people for approval. Delegated tasks, as well as those delegated to the person by another, can be viewed. Delegations created by the user can be edited and deleted from this page as needed."}]}]}]},{"type":"paragraph","content":[{"type":"text","text":" "}]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"IT Shop Microservice"}]},{"type":"paragraph","content":[{"type":"text","text":"The IT Shop brings a familiar shopping cart experience to the access request process. Users simply search for the resources they need and add items to their cart. Managers may shop on behalf of their direct reports as part of the onboarding process. When the user is done shopping, they simply submit their request. The workflow engine determines from your organizational rules, what approvals are needed, if any policies would be violated, and who must approve each request or violation. All participants are kept informed by email notifications and all requests, decisions, and associated fulfillment actions are recorded and integrated into the audit process."}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"type":"external","url":"https://dotnetworkflow.jira.com/wiki/download/attachments/2710601729/ITShop.png?version=1&modificationDate=1654268244868&cacheVersion=1&api=v2"}}]},{"type":"paragraph","content":[]},{"type":"heading","attrs":{"level":2},"content":[{"type":"text","text":"Eligibility Policies"}]},{"type":"paragraph","content":[{"type":"text","text":"EmpowerID offers a powerful policy engine to control which users may see and request which roles and resources in the IT Shop. These policies are known as “Eligibility.” Eligibility policies may apply to users by attribute query, role, group, or other criteria, making it easy to target who receives which policies and have the assignment automated and maintained throughout their lifecycle. To further ease the administrative burden, Eligibility policies can be applied to all requestable items of a type by location in addition to one-by-one. This allows policies to be broader, granting or excluding eligibility using the EmpowerID Location tree. For roles, eligibility policies can be applied to their members to control what those members may see and request in the IT Shop. Policies also apply to the role itself as a possible IT Shop item to control who may see and request it."}]},{"type":"paragraph","content":[{"type":"text","text":"Eligibility policies can be defined as either "},{"type":"text","text":"inclusion rules","marks":[{"type":"em"}]},{"type":"text","text":" or "},{"type":"text","text":"exclusion rules","marks":[{"type":"em"}]},{"type":"text","text":". Inclusion rules define the items a user is authorized to see and request in the IT Shop and ensure these are only the ones that would make sense for them to request. An application example could be rules that filter resources available for Field Sales employees and developers. The catalog of requestable roles and resources available to each of those employees should be different to ensure that unwarranted access requests are not generated, creating unnecessary approval tasks. Additionally, inclusion and exclusion rules help organizations provide employees a more pleasant user shopping experience as they are shielded from"}]},{"type":"paragraph","content":[{"type":"text","text":"Inclusion rules include the following:"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Eligible","marks":[{"type":"strong"}]},{"type":"text","text":" – Users can request items in the IT Shop, and the request will go for approval unless the requesting person has the RBAC delegations needed to grant the access being requested."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Pre-Approved","marks":[{"type":"strong"}]},{"type":"text","text":" – Users assigned the policies are pre-approved for the items to which the policy is applicable. When the IT Shop user later requests access, it will not require an approval step before being fulfilled. "}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Suggested","marks":[{"type":"strong"}]},{"type":"text","text":" – The IT Shop item will show a “Suggested” additional item they may request because of their existing roles or in the context of a role they are currently requesting. The item will still follow standard approval routing rules. "}]}]}]},{"type":"paragraph","content":[{"type":"text","text":" "}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"type":"external","url":"https://dotnetworkflow.jira.com/wiki/download/attachments/2710601729/EligibilityPolicies.png?version=1&modificationDate=1654268301292&cacheVersion=1&api=v2"}}]},{"type":"paragraph","content":[]},{"type":"heading","attrs":{"level":2},"content":[{"type":"text","text":"Approval Flow Policies"}]},{"type":"paragraph","content":[{"type":"text","text":"When users shop for resources in the IT Shop, they put resource items for which they are eligible to receive in their shopping carts. When ready, they submit the items in their cart to the EmpowerID system. These cart submissions are known as “Business Requests.” Each Business Request can contain one or more resource items, depending on the number of items that were in a user’s cart when submitted. The Business Request, including all the items in that request, route for approval based on the configuration of Approval Flow policies. Approval Flow policies are user-defined policies that organizations can create to direct Business Requests through an approval process that can involve multiple levels of approval from numerous designated approvers before users receive the items in a Business Request, known as “fulfillment.” Organizations can craft Approval Flow policies that are as simple or as complex as their needs dictate. Approval Flow policies have a number of key components that can be configured to specify how this occurs."}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"type":"external","url":"https://dotnetworkflow.jira.com/wiki/download/attachments/2710601729/ApprovalFlow.png?version=1&modificationDate=1654524800149&cacheVersion=1&api=v2"}}]},{"type":"paragraph","content":[{"type":"text","text":"Approval Flow components include the following:"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Business Request Type","marks":[{"type":"strong"}]},{"type":"text","text":" – Business Request Type is a workflow property used to group workflows by the type of business request they represent. An example of a Business Request Type is the "},{"type":"text","text":"IT Shop","marks":[{"type":"em"}]},{"type":"text","text":" Business Request Type. This type represents anything that is published to the IT Shop, such as Application Roles (Groups), Business Roles, Management Roles, and Azure Roles and Licenses. Approval Flow policies can be configured to specify that requests of a certain Business Request Type must go through three levels of approval, for example, before fulfillment occurs."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Approval Flow Steps","marks":[{"type":"strong"}]},{"type":"text","text":" – Approval Flow Steps are added to Approval Flow policies to specify how many approvals are required for fulfillment. Approval Flow policies can have as many Approval Flow Steps as needed. Each step is a sequential step that must be approved at that level to proceed to the next step. Each step can have its own approval flow as well."}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Item Level Approval ","marks":[{"type":"strong"}]},{"type":"text","text":"– Each step can be configured to allow for Item Level approval. Item Level represents the individual items in a business request, such as requesting an Office 365 mailbox or an Application Role. With Item Level approval enabled for a step, the step approver can elect to make item-by-item approvals rather than being forced to approve or reject the entire request in toto. These items"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Approver Resolver Rules ","marks":[{"type":"strong"}]},{"type":"text","text":"– Approver Resolver rules specify to whom the Approval Flow Step needs to route for approval. These can be routed to various actors in EmpowerID"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Items Types","marks":[{"type":"strong"}]},{"type":"text","text":" – Item Types are the individual resources that can be requested, such as membership in an Application Role or group."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Item Type Actions","marks":[{"type":"strong"}]},{"type":"text","text":" – Item Type Actions are in essence EmpowerID Operations and represent actions that can occur against an item (resource). Examples of Item Type Actions include "},{"type":"text","text":"Add Account To Group","marks":[{"type":"em"}]},{"type":"text","text":" or "},{"type":"text","text":"Assign Azure License","marks":[{"type":"em"}]},{"type":"text","text":"."}]}]}]}]}]},{"type":"paragraph","content":[]},{"type":"heading","attrs":{"level":2},"content":[{"type":"text","text":"Notification Policies"}]},{"type":"paragraph","content":[{"type":"text","text":"Part of the approval process involves notifications. Approvers and initiators of requests , as well as all delegated users received notifications of these events. As part of the redesign of the approval process, EmpowerID has reconfigured how notification occurs, giving organizations and users the ability to tailor the amount and type of notifications they receive to their personal preferences. "}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"type":"external","url":"https://dotnetworkflow.jira.com/wiki/download/attachments/2710601729/NotificationPolicies.png?version=1&modificationDate=1654268454929&cacheVersion=1&api=v2"}}]},{"type":"paragraph","content":[]},{"type":"paragraph","content":[{"type":"text","text":"How notifications now work in EmpowerID is as follows:"}]},{"type":"orderedList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Each time a user submits a Business Request "},{"type":"text","text":"Event","marks":[{"type":"strong"}]},{"type":"text","text":" is raised."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Business Request Events are submitted to the "},{"type":"text","text":"Business Request Notification Policy","marks":[{"type":"strong"}]},{"type":"text","text":" engine."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"The Business Request Notification Policy engine determines if the event needs to be added to the "},{"type":"text","text":"Business Request Notification Inbox","marks":[{"type":"strong"}]},{"type":"text","text":". To determine this, the engine "},{"type":"text","text":"first","marks":[{"type":"em"}]},{"type":"text","text":" performs a granular scan of each person’s notification preferences, then falls back to the default system notifications if there are no personal notification preferences set."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Notifications are then sent to Business Request participants based on those notification settings."}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"type":"text","text":"Full FIDO2/WebAuthN support for Passwordless and Usernameless login"}]},{"type":"paragraph","content":[{"type":"text","text":"FIDO2 WebAuthn is a set of Web APIs that attempts to alleviate the problems users and organizations can encounter managing an ever-growing list of passwords. The problems are obvious as passwords can become compromised and users can forget which password they use with which site. WebAuthn is a major step forward in that it uses public-key cryptography and digital signatures to enable passwordless authentication between servers, browsers, and authenticators. WebAuthn can also be used as an additional MFA factor."}]},{"type":"paragraph","content":[{"type":"text","text":"To use FIDO2 WebAuthn with EmpowerID, you simply decide what flows you want to use, configure a few system settings, and apply the flow(s) to one or more targets. Targets can include Password Manager policies, applications, and individual users (EmpowerID Persons). "}]},{"type":"paragraph","content":[{"type":"text","text":"EmpowerID supports the following WebAuthn flows:"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"MFA","marks":[{"type":"strong"}]},{"type":"text","text":" – Users authenticate by presenting their username, password, and FIDO2 credential"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Passwordless Login","marks":[{"type":"strong"}]},{"type":"text","text":" – Users authenticate by presenting their username, FIDO2 credential, and a PIN / biometric"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Usernameless Login","marks":[{"type":"strong"}]},{"type":"text","text":" – Users authenticate by presenting their FIDO2 resident key credential and a PIN/biometric"}]}]}]},{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"type":"text","text":"User security keys must support FIDO2."}]}]},{"type":"heading","attrs":{"level":2},"content":[{"type":"text","text":"New Workflow Approval Routing Model"}]},{"type":"paragraph","content":[{"type":"text","text":"EmpowerID has enhanced the workflow approval routing process to give organizations more control over approvals. All workflows now have a new property called "},{"type":"text","text":"Never Send for Approval","marks":[{"type":"code"}]},{"type":"text","text":" and most workflows have that property set to true out of the box."}]},{"type":"paragraph","content":[{"type":"text","text":"When set to true","marks":[{"type":"strong"}]},{"type":"text","text":", EmpowerID verifies whether the current person in the workflow process has access to perform the workflow operations. If the person has access, the workflow continues; if the person does not have access, EmpowerID notifies the person that they do not have access, and the workflow exits. "},{"type":"text","text":"Approval routing never occurs","marks":[{"type":"em"}]},{"type":"text","text":". There are several benefits to this, including the following:"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"This limits the number of approval tasks generated by the system and removes actions from the approval process that should not be there in the first place."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"The workflows and the operation base no longer generate Business Process Tasks (Business Process is a workflow and all the operations in it are Business Process Tasks) when a person does not have the RBAC delegations to execute the workflow."}]}]}]},{"type":"paragraph","content":[{"type":"text","text":"If the setting is false,","marks":[{"type":"strong"}]},{"type":"text","text":" the workflow must be configured with a "},{"type":"text","text":"Business Request Type","marks":[{"type":"strong"}]},{"type":"text","text":" and "},{"type":"text","text":"it will always go for approval","marks":[{"type":"em"}]},{"type":"text","text":", even if the person has access to execute the workflow operations. The Business Request Type property allows workflows to be classified for the purpose of providing greater flexibility in approval routing and the grouping together of related access requests. Rather than having a default approval routing that simply routes unrelated approvals to all users with the delegations to approve requests, organizations can this property along with new Access Request and Approval Flow policies to group together related access requests into a single consolidated “approval bundle,“ specify to whom approval tasks should go, and how many approvals need to occur before fulfillment occurs."}]},{"type":"heading","attrs":{"level":1},"content":[{"type":"text","text":"Enhancements"}]},{"type":"heading","attrs":{"level":2},"content":[{"type":"text","text":"Redesigned Resource View Pages"}]},{"type":"paragraph","content":[{"type":"text","text":"The View pages that users see when looking at the details for a given resource have been completely redesigned to present users with a more visually appealing and intuitive experience. The below image shows the View page for a person that users see when viewing information about a person in EmpowerID."}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"type":"external","url":"https://dotnetworkflow.jira.com/wiki/download/attachments/2710601729/PersonViewPage.png?version=1&modificationDate=1654268546163&cacheVersion=1&api=v2"}}]},{"type":"paragraph","content":[]},{"type":"heading","attrs":{"level":2},"content":[{"type":"text","text":"Workflow Studio Enhancements"}]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"Workflow Studio Deployment Service"}]},{"type":"paragraph","content":[{"type":"text","text":"The Workflow Studio Deployment Service is a new feature in Workflow Studio that replaces the legacy patching and batch build options that developers needed to perform previously when patching environments or compiling multiple objects. These options have been streamlined into a single deployment feature, making it easier and quicker to perform these types of operations. "}]},{"type":"paragraph","content":[{"type":"text","text":"New deployment options include:"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Batch deploy to a local folder","marks":[{"type":"strong"}]},{"type":"text","text":" – This is the default build action in Workflow Studio. This action compiles and publishes each workflow, activities, class libraries, user interfaces, and other selected items selected to the "},{"type":"text","text":"_Assemblies","marks":[{"type":"code"}]},{"type":"text","text":" folder, as well as a .pub file to the "},{"type":"text","text":"_PublishedItems","marks":[{"type":"code"}]},{"type":"text","text":" folder on a target machine. This action makes no changes to the EmpowerID SQL-based database. All changes occur on the target system only."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Create and update manifest files","marks":[{"type":"strong"}]},{"type":"text","text":" – Manifest files contain metadata that describes all development objects required for a specific application that you develop in Workflow Studio. When developers create a manifest, they select the items required by their application. The manifest can then be used for deployment to other users. "}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Package for deployment","marks":[{"type":"strong"}]},{"type":"text","text":" – Developers who create numerous custom items or updated objects in EmpowerID can create a single deployment file from their manifests that can be handed off. The deployment file is a ZIP file that contains all the objects in your manifest."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Publish to EmpowerID environment","marks":[{"type":"strong"}]},{"type":"text","text":" – When developers are ready to deploy their development work to a testing or production environment, they log in to the EmpowerID Web interface as a user with the appropriate access to run the "},{"type":"text","text":"PublishWorkflowStudioItem","marks":[{"type":"code"}]},{"type":"text","text":" ","marks":[{"type":"strong"}]},{"type":"text","text":"workflow and upload the .pub file for the workflows or other objects they want to publish. Once the workflow completes the publishing process, their work is available to users in the environment."}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"MS Build Integration"}]},{"type":"paragraph","content":[{"type":"text","text":"MS Build is the build platform for Microsoft and Visual Studio. Workflow Studio integrates with MS Build to build any manifest items that have been developed in Visual Studio. This operation occurs behind the scenes; Visual Studio will not start up."}]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"Redesigned User Interface"}]},{"type":"paragraph","content":[{"type":"text","text":"The Workflow Studio user interface has undergone a major revision to present users with a modern, cleaner look and feel. "}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"type":"external","url":"https://dotnetworkflow.jira.com/wiki/download/attachments/2710601729/WFSRedesign.png?version=1&modificationDate=1654524901881&cacheVersion=1&api=v2"}}]},{"type":"heading","attrs":{"level":2},"content":[{"type":"text","text":"New UI for Managing Application Role (Group) RBAC and Eligibility Assignments"}]},{"type":"paragraph","content":[{"type":"text","text":"RBAC and eligibility assignments to Application Roles (Groups) for Business Role and Location combinations and Management Roles can now be managed on the View pages for each of those resource types. Eligibility can be set to mandatory, pre-approved, suggested, and eligible. Each eligibility type can have time constraints added to limit access to specific dates and times. "}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"type":"external","url":"https://dotnetworkflow.jira.com/wiki/download/attachments/2710601729/AccessToApplicationRoles.png?version=1&modificationDate=1654268840637&cacheVersion=1&api=v2"}}]},{"type":"paragraph","content":[]}]}},{"label":"Builds 7.185.0.X and 7.187.0.1","id":"2","content":{"version":1,"type":"doc","content":[{"type":"paragraph","content":[{"type":"text","text":"This minor release includes several enhancements to the EmpowerID Policy-Based Access Control (PBAC) engine and the business request process to give organizations more options for controlling user access."}]},{"type":"heading","attrs":{"level":1},"content":[{"type":"text","text":"Enhancements"}]},{"type":"heading","attrs":{"level":2},"content":[{"type":"text","text":"Policy-Based Access Control"}]},{"type":"paragraph","content":[{"type":"text","text":"Policy-Based Access Control (PBAC) is an access control model that combines the best features of RBAC and ABAC to allow organizations to make real-time decisions on whether users can access a given resource. These decisions are made on the fly based on whether the current user has one or more required attributes. These attributes can be brought into the system either through the inventory of PBAC rights in an external system, or manually assigned to any EmpowerID actor and application through attribute “tagging.” As any EmpowerID actor can be tagged with an attribute, the complexity behind crafting access control is simplified, auditable, and more accessible to business users. See "},{"type":"text","text":"What is Policy-Based Access Control?","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/EAGV21/pages/1708687410"}}]},{"type":"text","text":" for a deeper discussion of PBAC in EmpowerID."}]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"PBAC Membership Policies"}]},{"type":"paragraph","content":[{"type":"text","text":"PBAC Membership policies are policies you create to specify the conditions under which an EmpowerID actor, such as a person or a Business Role and Location can be added to or potentially added to Management Roles, groups, Business Roles and Locations, or Query-Based Collections. PBAC Membership policies are comprised of Attribute-Based Membership policies, which contain rules defining the field types, field type values, and rights needed for the system to add users as members of the policy target. When the PBAC engine compiles PBAC Membership policies it looks to see if any EmpowerID actors have the attributes specified by the policy, adding them to the target of the policy if they do. See "},{"type":"text","text":"PBAC Membership Policies","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/EAGV21/pages/2188673771"}}]},{"type":"text","text":" for an example of how to create and apply these types of policies in EmpowerID."}]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"PBAC Enabled Applications"}]},{"type":"paragraph","content":[{"type":"text","text":"Applications created in EmpowerID now have an option to be “PBAC Rights Model Enabled.” This classifies the application as a “PBAC app,” which EmpowerID treats differently than other types of applications. PBAC apps are registered as “Resource System Modules,” which can have any number of PBAC resources attached to them like app projects, pages, contracts, invoices, and so on. Access to these resources can then be controlled by the rights you create for those resources. Often these rights are inventoried from external applications, but you can also arbitrarily create rights for each specific type of PBAC resource. These rights are then used in PBAC membership policies to control access to the resource."}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"type":"external","url":"https://dotnetworkflow.jira.com/wiki/download/attachments/2710601729/PBACFlow.png?version=1&modificationDate=1654269152063&cacheVersion=1&api=v2"}}]},{"type":"paragraph","content":[{"type":"text","text":"Figure 1: Using PBAC to control access to applications ","marks":[{"type":"em"}]}]},{"type":"heading","attrs":{"level":1},"content":[{"type":"text","text":"Other Enhancements"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"The IT Shop now alerts users submitting business requests whether those requests would cause an SoD violation with their current access assignments. "},{"type":"hardBreak"}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"type":"external","url":"https://dotnetworkflow.jira.com/wiki/download/attachments/2710601729/ITShop-RiskViolationsDetected.png?version=1&modificationDate=1654269215202&cacheVersion=1&api=v2"}}]},{"type":"paragraph","content":[]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Users who submit business requests can now delete those requests in the "},{"type":"text","text":"My Tasks","marks":[{"type":"em"}]},{"type":"text","text":" application when the items in the request are no longer needed and the request has yet to be approved. "},{"type":"hardBreak"}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"type":"external","url":"https://dotnetworkflow.jira.com/wiki/download/attachments/2710601729/MyTasks-CancelRequest.png?version=1&modificationDate=1654269282237&cacheVersion=1&api=v2"}}]},{"type":"paragraph","content":[]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Users assigning resources to "},{"type":"text","text":"persons","marks":[{"type":"em"}]},{"type":"text","text":" can now run risk violation simulations to determine the risk level associated with potential access assignments to those people."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Users can configure global functions to aggregate related local functions in the system."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Users can configure global risks to aggregate related local risks in the system. "}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Role owners can now classify Management Roles as sensitive."}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"type":"text","text":"Deprecated Features"}]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"Deprecated Management Roles"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"UI-IT-Shop-Limited-Access"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"UI-IT-Shop-Full-Access"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"UI-Workflow-Task-Participant-Full-Access"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"UI-Workflow-Task-Participant-Limited-Access"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Compliance User"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Tasks and Requests Full-Access"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Tasks and Requests Limited-Access"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"UI-Audit-Participant"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"UI-Risk-Policy-Violation-Reviewer"}]}]}]},{"type":"paragraph","content":[]}]}},{"label":"Release 7.1.190.0.0","id":"scfbgev2v","content":{"version":1,"type":"doc","content":[{"type":"heading","attrs":{"level":2},"content":[{"type":"text","text":"Release Date: 8/8/2021","marks":[{"type":"strong"}]}]},{"type":"heading","attrs":{"level":1},"content":[{"type":"text","text":"New features:","marks":[{"type":"strong"}]}]},{"type":"heading","attrs":{"level":2},"content":[{"type":"text","text":"Tivoli Access Manager Connector","marks":[{"type":"strong"}]}]},{"type":"paragraph","content":[{"type":"text","text":"EmpowerID IBM Security Verify Access connector is a bi-directional connector that talks to TAM SCIM Microservice for inventory and write back functionality of users, groups, group membership, and organizational units. The request and response of the microservice is SCIM compliant."}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"type":"external","url":"https://dotnetworkflow.jira.com/wiki/download/attachments/1882522254/image-20210810-194650.png?version=1&modificationDate=1628624814537&cacheVersion=1&api=v2"}}]},{"type":"paragraph","content":[]},{"type":"heading","attrs":{"level":2},"content":[{"type":"text","text":"Enhancements","marks":[{"type":"strong"}]}]},{"type":"orderedList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"All requestable resources now load using Dynamic Mapper structures: ","marks":[{"type":"strong"}]},{"type":"text","text":"All requestable resources are loaded/fetched using "},{"type":"text","text":"IncludedPropertiesapproach","marks":[{"type":"code"}]},{"type":"text","text":" and deserialized using the Dynamic Mapper. This normalizes our data retrieval strategy on both the "},{"type":"text","text":"IT Shop","marks":[{"type":"em"}]},{"type":"text","text":" and the "},{"type":"text","text":"My Tasks","marks":[{"type":"em"}]},{"type":"text","text":" side."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Show application owner's phone number and email to users: ","marks":[{"type":"strong"}]},{"type":"text","text":"When a user logs into IT Shop and selects \"Applications\" to shop for and the user clicks on the \"Request Access\" button for the desired application then the item request screen is displayed which includes the contact details for the application owner."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Workflow Studio Enhancements: ","marks":[{"type":"strong"}]}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Workflow Studio now supports .NET 5 Azure Functions"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Workflow Studio now supports .NET 5 Microservices"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Workflow Studio now supports Azure Web Jobs v3"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Workflow Studio ships with a new template for creating SCIM Microservices in .NET 5"}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Azure Connector Enhancements: ","marks":[{"type":"strong"}]}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Added the ability to "},{"type":"text","text":"list","marks":[{"type":"code"}]},{"type":"text","text":", "},{"type":"text","text":"get","marks":[{"type":"code"}]},{"type":"text","text":", "},{"type":"text","text":"add","marks":[{"type":"code"}]},{"type":"text","text":", "},{"type":"text","text":"update","marks":[{"type":"code"}]},{"type":"text","text":", and "},{"type":"text","text":"delete","marks":[{"type":"code"}]},{"type":"text","text":" Azure applications"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Added the ability to "},{"type":"text","text":"list","marks":[{"type":"code"}]},{"type":"text","text":", "},{"type":"text","text":"get","marks":[{"type":"code"}]},{"type":"text","text":", "},{"type":"text","text":"add","marks":[{"type":"code"}]},{"type":"text","text":", "},{"type":"text","text":"update","marks":[{"type":"code"}]},{"type":"text","text":", and "},{"type":"text","text":"delete","marks":[{"type":"code"}]},{"type":"text","text":" Azure conditional access policies."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"The SharePoint Online (SPO) connector contains multiple Azure services including microservices, web jobs, and Azure functions used for inventorying and managing SharePoint Online in EmpowerID."}]}]}]}]}]},{"type":"heading","attrs":{"level":1},"content":[{"type":"text","text":"Improvements:","marks":[{"type":"strong"}]}]},{"type":"orderedList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Removed dependency of length of skip token for "},{"type":"text","text":"deletedUsers","marks":[{"type":"code"}]},{"type":"text","text":", "},{"type":"text","text":"deletedGroups","marks":[{"type":"code"}]},{"type":"text","text":", and "},{"type":"text","text":"NewOrUpdatedDeletedGroups","marks":[{"type":"code"}]},{"type":"text","text":" endpoints."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Improved Workflow Studio integration with Visual Studio."}]}]}]},{"type":"heading","attrs":{"level":1},"content":[{"type":"text","text":"Security Enhancements:","marks":[{"type":"strong"}]}]},{"type":"orderedList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Fixed the issue of Stored XSS in FriendlyName attribute of Person"}]}]}]},{"type":"heading","attrs":{"level":1},"content":[{"type":"text","text":"Deprecated:","marks":[{"type":"strong"}]}]},{"type":"orderedList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Microservices in NET 4.0, .NET Core 2.1 and 2.2"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Azure Functions .NET 4.0, .NET Core 2.1 and 2.2"}]}]}]},{"type":"paragraph","content":[]}]}},{"label":"Release 7.195.0.0","id":"u4zirboe8","content":{"version":1,"type":"doc","content":[{"type":"heading","attrs":{"level":2},"content":[{"type":"text","text":"Release Date: 11/6/2021","marks":[{"type":"strong"}]}]},{"type":"paragraph","content":[{"type":"text","text":"This release contains a number of enhancements to the EmpowerID microservice applications and Workflow Studio."}]},{"type":"heading","attrs":{"level":2},"content":[{"type":"text","text":"Enhancements to microservice applications","marks":[{"type":"strong"}]}]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"IT Shop"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Azure Roles, unifications for all group types (RBAC, Admin, etc.)"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Assigned resources filtering by direct/inherited assignment"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Quick search improvements"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Management roles granted, when assigning a new management role"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Filtering of resources by application selection"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Location tree with full-path tooltip"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Access levels exposed for assigned resources"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Cart item justification dropdown with default options"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Applications as a resource type (listing of requestable and already assigned EID and azure applications)"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Applications section \"more info\" box (localizable)"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"My Tasks"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Process step diagram improvements"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"Resource Admin"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Listing of owned applications (EID and Azure applications where the logged-in user is the Access Manager)"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Application details with runnable EmpowerID actions (edit, delete, etc.)"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Azure application onboarding workflow"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Application \"more info\" box (localizable)"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"All microservices"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Single sign-on/sing-out improvements (including token refresh)"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Docker containers updated (build steps simplified, base/build images version updates)"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"type":"text","text":"Enhancements to Workflow Studio"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"New template for SCIM Microservices targeting .NET 5"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"New template for Azure Functions targeting .NET 5"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"New template for Microservices targeting .NET 5"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"type":"text","text":"Enhancements to the Business Request Engine"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Added Approval Flow Step Auto Approval Rule – Allows for approvals at the step level if the current approver can make the decision without including the person who can approve it as a potential approver"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Added Resource Owner Assignee to the approval control"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"type":"text","text":"Other Enhancements and improvements"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Added Notification Queue tab to the Find Notification pages"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Added Functional Access cards to the Management Role View One pages"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Added deeper integration of Workflow Studio with Visual Studio 2019"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Added support for externalizing workflow data to the workflow engine"},{"type":"hardBreak"}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"type":"external","url":"https://dotnetworkflow.jira.com/wiki/download/attachments/2710601729/WFS_ExternalWFData.png?version=1&modificationDate=1654526587046&cacheVersion=1&api=v2"}}]}]}]},{"type":"paragraph","content":[]}]},"icon":"font-awesome/RegImage"},{"label":"Release 7.198.0.0","id":"7nu0y7f94","content":{"version":1,"type":"doc","content":[{"type":"heading","attrs":{"level":2},"content":[{"type":"text","text":"Release Date: 01/28/2022","marks":[{"type":"strong"}]}]},{"type":"paragraph","content":[{"type":"text","text":"This release contains a number of enhancements to the EmpowerID microservice applications and Workflow Studio."}]},{"type":"paragraph","content":[{"type":"text","text":"This minor release includes several enhancements to the EmpowerID Policy-Based Access Control (PBAC) engine and the business request process to give organizations more options for controlling user access."}]},{"type":"heading","attrs":{"level":2},"content":[{"type":"text","text":"New Features","marks":[{"type":"strong"}]}]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"Onboard Azure Applications in EmpowerID"}]},{"type":"paragraph","content":[{"type":"text","text":"Added support for onboarding Azure applications in EmpowerID. If your organization integrates applications with Azure AD, you can manage those applications in EmpowerID, including creating new applications. "}]},{"type":"paragraph","content":[{"type":"text","text":"For onboarding applications, EmpowerID provides two options that you can use depending on your organization’s policies"}]},{"type":"orderedList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"You can require any onboarding of Azure applications to go through an approval process before those applications are created in Azure"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"You can allow applications to be onboarded without requiring any approvals."}]}]}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"type":"external","url":"https://dotnetworkflow.jira.com/wiki/download/attachments/2710601729/CreateAzureApplicationWF.png?version=1&modificationDate=1654528961936&cacheVersion=1&api=v2"}}]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"Manage Client’s Certificates for Azure Applications"}]},{"type":"paragraph","content":[{"type":"text","text":"Added support for managing client’s certificates for Azure applications. If someone created a certificate the following things will happen:"}]},{"type":"orderedList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"The certificate is uploaded and added to that app in Azure"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"It is possible to view the certificate thumbprint post creation"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"The certificate is optionally saved by EmpowerID."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"An app owner is able to delete the Client Secret for an existing application"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"An app owner is able to delete the Certificate/key for an existing application"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"Manage Client Secrets for Azure Applications"}]},{"type":"paragraph","content":[{"type":"text","text":"Added support for the app migration team to be eligible to request a new client secret for that app."}]},{"type":"paragraph","content":[{"type":"text","text":"If someone created a client’s secret following things are to happen. The client secret is to be created and added for that app in Azure"}]},{"type":"orderedList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"The person that has accomplished the task receives a one-time view of that client’s secret and its azure id and with warning"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"It is possible to copy the client’s secret"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"type":"text","text":"Enhancements","marks":[{"type":"strong"}]}]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"EmpowerID to inventory and manage common user attributes."}]},{"type":"paragraph","content":[{"type":"text","text":"Added support for inventory and managing the following common user attributes"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"EmployeeType"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Manager"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"ExtensionAttribute1"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"OfficeLocation"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"CostCenter"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Division"}]}]}]},{"type":"paragraph","content":[]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"Recertification Policies"}]},{"type":"paragraph","content":[{"type":"text","text":"Added updates for the following recertification policy types:"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Account Validity Type Recertification Policy - Account validity recertification is a method of determining whether or not accounts are still required."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Business Role and Location Membership Type Recertification Policy - The business role and location membership recertification process validates whether the membership of a business role and location is still required for a valid business purpose."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Group Membership Type Recertification Policy -The group membership recertification policy is used to certify group membership, including person resources for RBAC membership, group account, nested groups, and any type of direct assignment."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Group Validity Type Recertification Policy"}]}]},{"type":"listItem"," - The group validity recertification is a method of determining whether or not groups are still required. Certain actions must be made if the groups are no longer required."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Management Role Membership Type Recertification Policy - The management role membership recertification policy is to certify the current members of a management role, including people, group, and business role and location."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Management Role Access Assignment Type Recertification Policy - The management role access assignment recertification process validates whether the access granted to a management role is still required for a valid business purpose."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Management Role Validity Type Recertification Policy"}]}]}, - The management role validity recertification is a method of determining whether or not management roles are still required."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Person Validity Type Recertification Policy - The person validity recertification is a method of determining whether or not the person is still required."}]}]}]},{"type":"paragraph","content":[{"type":"text","text":"Added updates for the following recertification audit types:"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Audit with Account Validity Type Recertification Policy - Account validity recertification is a method of determining whether or not accounts are still required."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Audit with Business Role and Location Membership Type Recertification Policy - The business role and location membership recertification process validates whether the membership of a business role and location is still required for a valid business purpose."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Audit with Group Membership Type Recertification Policy"}]}]},{"type":"listItem - The group membership recertification policy is used to certify group membership, including person resources for RBAC membership, group account, nested groups, and any type of direct assignment."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Audit with Group Validity Type Recertification Policy - The group validity recertification is a method of determining whether or not groups are still required. Certain actions must be made if the groups are no longer required."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"paragraph","content":[{"type":"text","text":"Audit with Group Validity Type Recertification Policy":"text","text":"Audit with Management Role Membership Type Recertification Policy - The management role membership recertification policy is to certify the current members of a management role, including people, group, and business role and location."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Audit with Management Role Access MembershipAssignment Type Recertification Policy"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Audit with Management Role Access AssignmentValidity Type Recertification Policy - The management role access assignment recertification process validates whether the access granted to a management role is still required for a valid business purpose."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Audit with Management Role Validity Type Recertification Policy  - The management role validity recertification is a method of determining whether or not management roles are still required."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Audit with Person Validity Type Recertification Policy - The person validity recertification is a method of determining whether or not the person is still required."}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"Create schema extensions for Azure AD user extension attributes"}]},{"type":"paragraph","content":[{"type":"text","text":"Added support for creating schema extensions for Azure AD user extension attributes. For example, added 10 DirectoryExtensionAttribute1 to 10 for Account, Group, and Person components."}]},{"type":"paragraph","content":[{"type":"text","text":"Implementation of directory extension attributes in both Azure AD SCIM MS and Azure AD SCIM connector is complete"}]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"Create and edit Management Role Types"}]},{"type":"paragraph","content":[{"type":"text","text":"Added support for creating and editing Management Role types for admins. "}]},{"type":"paragraph","content":[{"type":"text","text":"Supported the features for creating  and editing Management Role Types"}]},{"type":"paragraph","content":[{"type":"text","text":"It is similar to grids, that is there for AccountUsageType and GroupUsageType - except for ManagementRole Type"}]},{"type":"paragraph","content":[]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"Management Role Naming Convention"}]},{"type":"paragraph","content":[{"type":"text","text":"Added support for the use of the NamePrefix and Suffix fields from the ManagementRoleType table."}]},{"type":"paragraph","content":[{"type":"text","text":"For example - if the prefix for Management Role type set to ACT,  then naming convention builds the name as ACT + whatever they enter for the name field"}]},{"type":"paragraph","content":[]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"Add hardcoded controls for common cases"}]},{"type":"paragraph","content":[{"type":"text","text":"Added hardcoded controls for common cases like "}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Person single autocomplete, "}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Person multi lookup autocomplete, "}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Management Role single, Management Role multi, "}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Group single, Group multi"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Account single, Account multi"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"Use the assignee picker as a form control"}]},{"type":"paragraph","content":[{"type":"text","text":"Implemented the ability to use the assignee picker as a form control. "}]},{"type":"paragraph","content":[{"type":"text","text":"This is the item we use where we pick the assignee type and then show control to pick a person, group, Management  Role, OROZ tree, etc with a bucket so that we can select multiple items."}]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"Resource Admin "}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Listing of owned applications (EmpowerID and Azure applications where the logged-in user is the Access Manager)"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Application details with runnable EmpowerID actions (edit, delete, etc.)"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Azure application onboarding workflow"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Application \"more info\" box (localizable)"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"All microservices"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Single sign-on/sign-out improvements (including token refresh)"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Docker containers updated (build steps simplified, base/build images version updates)"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"Enhancements to Workflow Studio"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"New template for SCIM Microservices targeting .NET 5"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"New template for Azure Functions targeting .NET 5"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"New template for Microservices targeting .NET 5"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Support .NET 6 for WFS extension/libraries"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Ability to create lookups that allow the user to enter their own SQL query"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"Enhancements to the Business Request Engine "}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Added Approval Flow Step Auto Approval Rule – Allows for approvals at the step level if the current approver can make the decision without including the person who can approve it as a potential approver"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Added Resource Owner Assignee to the approval control"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"Migrate the mobile app from Xamarin.Forms to .NET 6 MAUI "}]},{"type":"paragraph","content":[{"type":"text","text":"Migrated the existing mobile app from Xamarin.Forms to .NET 6 MAUI."}]},{"type":"orderedList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Removed old dependencies & use the latest Microsoft implementation"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Reviewed & refactored code"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"UI component changed"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"Other Enhancements and improvements"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Added Notification Queue tab to the Find Notification pages"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Added Functional Access cards to the Management Role View One pages"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Added deeper integration of Workflow Studio with Visual Studio 2019"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Added support for externalizing workflow data to the workflow engine"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Added support for navigating back in a wizard workflow implementation whilst maintaining context"},{"type":"hardBreak"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"Management Role Naming Convention"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Implemented Management Role naming convention such that it uses the prefix and suffix from the ManagementRoleType table and it is able to evaluate expressions"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"For example, if the prefix for the Management Role type is set to “ACT” then the new naming convention builds the name as ACT + whatever they enter for the name field"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"Filter management roles"}]},{"type":"paragraph","content":[{"type":"text","text":"Added support for role admin, to filter management roles by selecting a reference person as a member"}]},{"type":"paragraph","content":[{"type":"text","text":"Can select a person and see what they are a member of resultant, direct, and what they are not a member of yet."}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"type":"external","url":"https://dotnetworkflow.jira.com/wiki/download/attachments/2710601729/Filter%20Management%20Role.png?version=1&modificationDate=1655233651950&cacheVersion=1&api=v2"}}]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"Filter Groups"}]},{"type":"paragraph","content":[{"type":"text","text":"Added support for a role admin, to filter groups by additional advanced criteria such as member and owner."}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"type":"external","url":"https://dotnetworkflow.jira.com/wiki/download/attachments/2710601729/Filter%20Groups.png?version=1&modificationDate=1655233915314&cacheVersion=1&api=v2"}}]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"Added Support for the ability to show more information to all resources"}]},{"type":"paragraph","content":[{"type":"text","text":"Similar to the applications, where we have the info pop-up where we can add links as well, we introduced this ability to all the other resources. "}]},{"type":"paragraph","content":[{"type":"text","text":"So an end-user has the ability to show more information to all resources"}]},{"type":"paragraph","content":[{"type":"text","text":"For this introduced a field in the legacy UI for each of the resources that are set."}]},{"type":"paragraph","content":[{"type":"text","text":"This is implemented for Groups, Business Roles, Management roles, Protected Applications, Shared Folders, Mailboxes, Computers, AZ Local roles, and Az License Pool Service Bundle."}]},{"type":"paragraph","content":[]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"Support for view and search for computer in IT shop"}]},{"type":"paragraph","content":[{"type":"text","text":"Completed the changes to allow users to request two types of access to computers"}]},{"type":"orderedList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Login Session Access (PSM involves shared Credentials)"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Membership Based Access(ResourceAccessRequestAssignee)"}]}]}]},{"type":"paragraph","content":[{"type":"text","text":"Login Session Access includes the following parameters"}]},{"type":"orderedList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":" Users can select one-time access or Pre-approved access. On BusinessRequestItem, if the pre-approved flag is set to false, then it is one-time access and will use the start and end date for the time constraints."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Personal or SharedCredential access, On BusinessRequestItem it will be stored on RequestDataExternalObjectID"}]}]}]},{"type":"paragraph","content":[{"type":"text","text":"Membership Based Access"}]},{"type":"orderedList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":" Users can select one-time access or Pre-approved access. On BusinessRequestItem, if  pre-approved flag is set to false, then it is one-time access and will use start and end date for time constraint."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"A person belonging to the core identity, On BusinessRequestItem it will be stored on RequestDataAssigneeID"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Access Level - On BusinessRequestItem, the access level which is ResourceAccessRequestAssignee is stored on RequestDataTargetResourceTypeRoleID and group associated to the access level is stored on RequestDataAssignmentPointID, If RequestDataTargetResourceTypeRoleID is null or empty then it is login based access"}]}]}]},{"type":"paragraph","content":[]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"Added support to have risks paths configurable in the UI"}]},{"type":"paragraph","content":[{"type":"text","text":"Added support for a way to have risks paths configurable in the UI to be able to aggregate by risk in the to-do and process steps "}]},{"type":"orderedList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Added support to have the decisions only one time in the UI for the to-do list for risk step at the top and have a way to collapse the paths, which will be closed by default"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"In the process steps, we added support to have a similar way to have the aggregation of the paths for an assignee and a risk and the paths to be closed by default and have a way to collapse them."}]}]}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"type":"external","url":"https://dotnetworkflow.jira.com/wiki/download/attachments/2710601729/risk%20path.png?version=1&modificationDate=1655831525300&cacheVersion=1&api=v2"}}]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"Assign Field Types to Global Rights with Field Values"}]},{"type":"paragraph","content":[{"type":"text","text":"Added support for assigning field types and values to global rights/definitions errors "}]},{"type":"paragraph","content":[{"type":"text","text":"This is implemented for cases where values come from list data items."}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"type":"external","url":"https://dotnetworkflow.jira.com/wiki/download/attachments/2710601729/assign%20field%20types.png?version=1&modificationDate=1655831767374&cacheVersion=1&api=v2"}}]},{"type":"paragraph","content":[]},{"type":"heading","attrs":{"level":3},"content":[{"type":"text","text":"Other Enhancements and improvements"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Added Notification Queue tab to the Find Notification pages"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Added Functional Access cards to the Management Role View One pages"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Added deeper integration of Workflow Studio with Visual Studio 2019"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Added support for externalizing workflow data to the workflow engine"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Added support for navigating back in a wizard workflow implementation whilst maintaining context"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Added support for Azure AD connector deployment."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Added support to create a simple management role access granted recertification policy type"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Added support for aligning sorting/advanced search property names."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Added support for shop by applications as a requestor."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Added support to have managed access to credentials finalized."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Added support to have the ability to filter by Audit."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Added support for end-user to manage out-of-office status."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Refactored MyID microservice application."}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"text","text":"Added support to test the PBAC PDP endpoints from the developer authorization example page."}]},{"type":"paragraph","content":[{"type":"hardBreak"},{"type":"hardBreak"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[]},{"type":"paragraph","content":[]}]},"icon":"font-awesome/RegImage"}]

...