Skip to end of banner
Go to start of banner

Release Notes for Build 7.212.0.0

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 14 Next »

Please note that these release notes are for a future release and are currently in progress. The information contained within may change before the final release. As such, the final release notes will be prepared closer to the official launch date.

Aug 26- Aug 30

Connectors

  • A new feature has been introduced to extend the EmpowerID schema by inventorizing additional Active Directory (AD) attributes in the Azure AD SCIM Connector. The update now includes the following AD attributes for inventory in EmpowerID: dcxCostCenter, dcxObjectOwner (read-only), and dcxSiteCode.

  • A new feature has been introduced to extend Azure native authentication by supporting Azure B2C tenant connecter authentication. This enhancement enables EID to federate with Azure B2C, allowing users from B2C tenants to log in and interact with EID UI microservices. Unlike Azure AD, Azure AD B2C does not directly support the UserInfo endpoint. Following Microsoft's setup instructions, custom policies have been configured to return data in the UserInfo Endpoint to accommodate this. This feature will not impact clients until activated and will benefit clients requiring B2C tenant federation.

Microservices

  • The cache expiry time for all microservices APIs has been changed from a day to fifteen minutes. Previously, a one-day expiry led to delays in cache updates. Reducing the expiry to minutes improves the refresh rate and ensures more current settings.

  • A new enhancement has been introduced to display the Service Principal Object ID on the overview page of Azure applications in the Resadmin UI.

PBAC

  • A fix has been implemented to address an issue with the RemoveGroupsFromGroupMembershipBulkOperation, where nested groups were causing a "Key not present in the dictionary" error during fulfillment. The update includes modifications to ensure that member groups are added to the GroupDictionary, resolve the issue, and prevent errors related to missing keys. This fix will ensure smoother operation without impacting current customer setups.

Workflows

  • A new feature has been introduced to enhance the management of roles by adding a form that allows users to update various attributes of a management role. This enhancement will be utilized by all workflows that include the EditManagementRoleOperation activity, ensuring a more consistent and effective management process across the system. The new form supports the following operations: Enable Requestable, Disable Requestable, Edit Description, Edit FriendlyName, Edit Instructions, Edit Custom Attributes, Edit Extension Attributes, Edit Email, and Edit KeyEntryInstructionsName. This update aims to streamline the process and improve functionality by replacing individual operations with a more efficient RBACObjectAttribute and ResourceTypeOperation mapping approach.

  • A fix has been implemented to address an issue with the RemoveGroupsFromGroupMembershipBulkOperation, where nested groups were causing a Key not present in the dictionary error during fulfillment. The update includes modifications to ensure that member groups are added to the GroupDictionary, resolve the issue, and prevent errors related to missing keys. This fix will ensure smoother operation without impacting current customer setups.

  • A new feature has been introduced in the workflow MassMaintainenceManagemetRoleWF to allow users to import approvers by adding Approvers in the CSV file column. This enhancement enables the inclusion of approvers' data during the import process. The feature is designed to simplify the management of approvers and ensure they are properly imported with the necessary data. This update provides users with greater flexibility in handling approver information.

  • A new feature has been added to enhance the flexibility of configuring access request policies. Users can now set access request policy selection as either optional or required across various workflows. This feature was requested to allow different clients to tailor the policy settings according to their specific needs. Modified workflows are ManageAzLocalRightWizard, ManageAzLocalRoleWizard, ManageAzureAppRoleWizard, ManageAzureAppWizard, ManageCredentialWizard, ManageGroupWizard, ManageManagementRoleWizard, ManageComputerWizard.

Resolved Issues

  • A fix has been implemented to address an issue where unpublished resources could be added to the cart in the IT Shop despite being hidden from the user interface. This fix ensures that when users attempt to submit a cart containing unpublished resources, the system properly blocks the action and displays an appropriate error message on the UI.

  • A fix has been applied to address an issue in the process steps diagram where the fulfillment time was incorrectly displayed to users. With this update, the fulfillment time now accurately reflects the correct value, ensuring that users see the correct fulfillment time for each step in the process.

  • An issue was resolved where the wrong Assignee ID was assigned while fetching dynamic field type values. Previously, the ID of the person logged in was used instead of the ID of the person to whom the field type was assigned. This update passes the correct Assignee ID, ensuring the intended person's dynamic field type values are accurately fetched.

  • A fix has been implemented for the OnboardManagementRole to address an issue where the Policy Assignment Request (PAR) was not preselected correctly when SelectedApplicationID or SelectedResourceID was provided. This update ensures that the PAR is accurately preselected based on the given IDs, enhancing the system's functionality and ensuring that users receive the correct preselection when these parameters are used.

  • A fix has been implemented to resolve a sorting issue in the ZscalerAccessPolicyGrid. Previously, the Priority column sorted the grid, but it is now correctly sorted by the RuleOrder. The change ensures that the grid reflects the correct order.

Aug 19 - Aug 23

IAM SHOP

  • In the IAMShop application, a new feature has been added to improve the user experience when requesting access to applications. A Select All button has been implemented for multi-select FieldType controls, specifically for the MultiSelectCheckBoxList field type. This enhancement allows users to select all values associated with a FieldType in one action, streamlining the selection process and reducing manual entry time. Additionally, functionality has been added to force users to select at least one value when the EnforceFieldTypeSelection flag is true, and the isFieldTypes flag is also true. This will prevent users from adding to the cart without meeting the selection criteria. The EnforceFieldTypeSelection flag is available in OnboardAzLocalRight WF advanced settings.

  • A new feature has been introduced to display deputies for App Rights and Role Definitions based on configurable ResourceTypeRoles. The configuration is managed via the ResourceSystemConfigSetting with the name ResAdminDeputiesResourceTypeRolesIds, where you can define the ResourceType and its associated ResourceTypeRoleID for deputies. This update lets you see deputies assigned to App Rights and Role Definitions according to the configured ResourceTypeRoles.

Workflows

  • The MassMaintenancePersonManagementRoleWF workflow has been enhanced to support additional parameters in CSV uploads for managing role memberships. The new fields include ValidFrom, ValidTo, and Justification. The ValidFrom and ValidTo fields manage time constraints, while the Justification field will be recorded in the audit log for both the management role and the person. Existing fields such as the management role name, person login or GUID, and actions like Add and Delete were already incorporated.

  • The OnboardAzLocalRole workflow has been enhanced to include the capability to set the PBAC Approval Right with a dropdown menu on the form. This enhancement provides additional functionality and better visibility options for PBAC Approval Rights.

  • Multiple UX functionality has been introduced for the ManageApplicationWizard.

    • The PBAC App checkbox and associated controls have been removed from the form.

    • The description field has been updated to a multiline format.

    • Help text has been added for the authorization model and checkboxes.

    • Additionally, the Cancel button has been renamed to Back, and issues with Back and Next steps have been fixed.

    • The Edit App Settings list data item value has been renamed to Edit Application Settings.

    • Missing labels, including those for managing application settings, rights, roles, and help texts, have been added.

  • New functionality has been added to the ManageAzLocalRoleWizard workflow:

    • New Action: Added Edit Role Definitions Settings to Multi Actions with a disclaimer indicating that changes affect all selected role definitions.

    • PBAC Approval Right: Added a dropdown similar to the OnboardAzLocalRight workflow, with changes applied only upon selection.

    • Visibility Control: Introduced Multi_PBACApprovalRight_IsVisible to control field visibility in multi-action cases.

    • Field Population: Ensured that the selected AzLocalRightID was populated in the AzLocalRole table’s ApprovalAzLocalRightID column.

    • Single Action: Added Edit Role Definition Settings to Single Actions, including a form to edit Name, Friendly Name, Description, Instructions, and PBAC Approval Right dropdown.

    • New Menu Items: New items for Multi Actions and Single Actions were added in the ManageAzLocalRoleWizard.

    • Included changes from Manage IAM shop multi-settings and a bug fix related to the approval flow policy.

  • Multiple enhancements have been introduced in the ManageAzLocalRightWizard workflow:

    • Local Right Settings for Multiple Selection: Added the capability to configure local right settings when multiple rights are selected simultaneously.

    • Edit Owners and Deputies for Multiple Rights: The wizard now includes the option to edit owners and deputies for multiple local rights.

    • EnforceFieldTypeSelection: Added the EnforceFieldTypeSelection field for both single and multiple selection scenarios.

    • Deprecation of "Assign Responsible Party": Deprecated the "Assign Responsible Party" action for multi-selection, streamlining the process.

    • These updates enhance the flexibility and functionality of the ManageAzLocalRightWizard, allowing for more efficient management of local rights.

Resolved Issues

  • A fix has been implemented to correct the handling of management role grant access in the business request process. The issue was that the OnboardManagementRole workflow incorrectly added the management role as a member instead of under the Grant Access section. To resolve this, the CreateBRManagementRoleOnboarding activity and onboardManagementRoleApproval workflow have been updated to ensure the role is added correctly under Grant Access.

  • A fix has been implemented to address an issue where the IsInherited flag was missing from the API response. This prevented the UI from performing certain operations, such as disabling and unassigning options in the right list box.

  • A fix has been applied to correct the display of start and end dates in the Role Definitions listings screen. Previously, the dates were not being displayed accurately, which caused confusion in the listings. This fix resolves the issue, ensuring that start and end dates are represented correctly.

  • Updated the email-sending functionality to exclude recipients who do not have a locale set when sending emails to multiple people. The previous implementation attempted to send emails to all recipients, regardless of whether they had a locale set, which could cause issues. This fix ensures that only recipients with a set locale receive the email.

  • Fixes in ManageApplicationWizard Workflow

    Multiple issues have been addressed in the ManageApplicationWizard workflow to enhance the user experience:

    • Cancel/Back Button Missing: The Cancel and Back buttons on the Select Application page have been added, allowing users to abort the workflow if needed.

    • Executive Summary Page: After editing any settings within the Edit Application Settings option, the workflow now correctly displays an Executive Summary page instead of just a confirmation message. The user will no longer be redirected directly to the Select Workflow page.

    • Multiple Application Selection Issues: Several issues related to selecting multiple applications have been fixed:

      • Only the last selected application was previously shown in the "You selected this Application to manage" section. Now, all selected applications are correctly displayed.

      • The count of selected applications was incorrectly displayed as 0. This issue has been corrected.

      • Locale-related issues with the displayed application count have been fixed.

    These fixes ensure a smoother and more intuitive workflow experience for users.

  • A critical issue affecting the assignment of rights to management roles in the UI has been resolved. Previously, users could only assign app rights to management roles for the first seven app rights in the native UI. When attempting to assign rights from a certain number of app rights onwards, the respective app rights would not appear in the "Assign Rights to Management Role" modal. This was due to pagination, which filtered only the first seven fetched elements. The fix ensures that all app rights, regardless of their position in the list, are now available for management role assignments in the native UI. This fix restores full functionality to the role assignment process, allowing users to manage app rights effectively without any limitations.

Aug 12 - Aug 16

Connectors

  • CyberArkSCIM Connector:

    • A fix has been applied to resolve the CyberArkSCIM connector's account inventory issues. Specifically, it addresses problems matching logon names for CyberArk accounts, ensuring accurate and consistent inventory management.

  • Zscaler Connector:

    • A fix has been applied to the Zscaler application segments view, correcting the View One Page functionality. The issue was due to the GetAllSearch method being called with incorrect parameters. This fix adjusts the parameters to ensure proper functionality.

    • A fix has been implemented to address issues with the Zscaler inventory and additional resource system jobs. This update ensures that SCIM groups are properly inventoried under the Zscaler account store and that SCIM groups sync with other object types under specific conditions. The fix aims to display Zscaler groups in one of the workflows and ensures the additional job syncs the entire conditions collection without overriding other objects.

    • A fix has been implemented to address issues with the Zscaler connector's inventory management. The update includes logic to handle rate limit issues by checking and retrying requests as necessary.

  • PBAC Universal Connector

    • A new feature has been introduced to Add PBAC Inventory to the Account Store view details for systems where the AccountStore System Type is set to PBAC Universal Connector. This update allows users to enable or disable PBAC Inventory and modify the schedule.

Security Fixes

  • A fix has been implemented to improve the detection and suppression of XSS (Cross-Site Scripting) attacks on the Query (also known as Set) details page. This update enhances the security of the Queries (Sets) functionality by strengthening measures to prevent the injection of potentially harmful scripts. As a result, the application is better protected against security vulnerabilities related to XSS attacks.

Workflows

  • A fix has been implemented for the Management Role Grant Access business request item. The update corrects the handling of management role access by ensuring it is categorized under Grant Access rather than as a member. This fix applies to the CreateBRManagementRoleOnboarding activity and the onboardManagementRoleApproval workflow, resolving the issue and improving request processing accuracy.

Resolved Issues

  • A fix has been implemented to address issues assigning rights to management roles. The dropdown label Select Management Role was incorrectly displaying as Select a Person, causing confusion. Additionally, expected application rights were not being displayed. This update corrects the label and ensures the appropriate application rights are displayed, improving user experience and functionality.

  • A fix has been implemented to enhance the Business Request Overview by expanding the Description field. Previously, the Description was truncated if it exceeded 250 characters. This update re-designs the section to avoid truncation, addresses the issue of empty space, and improves how information is presented. Now, if the Description is longer than 250 characters, a Show More button will be available, allowing users to view the complete text. This improvement will benefit users by providing a more comprehensive view of the Description field.

  • A fix has been implemented to address issues with email sending in the Notification Queue and Notification Report Subscription compiler. The update introduces new settings to enable synchronous email sending and add a delay between processing records, improving reliability.

    Configuration Settings:

    • NotificationQueueOrReport-SendEmailSynchronously: Enables synchronous email sending when set to true.

    • NotificationQueueOrReport-SuccessiveEmailsDelay: Specifies the delay (in milliseconds) between successive email notifications.

  • A fix has been implemented to address issues with SAP BobJ inventory processing. Previously, the system was inventorying from incorrect URLs due to static properties when multiple SAP BobJ systems were configured and running parallel inventories. The update has removed the dependency on static properties, replacing them with a ConcurrentDictionary to store system-specific data, which ensures accurate URL usage for each resource system. Additionally, improvements were made to incremental inventorying to correctly handle user changes by addressing issues with token management. These changes enhance the reliability and accuracy of the SAP BobJ inventory process, resolving issues observed in environments such as Reckitt.

  • No labels