Build 7.211.0.0 Updates
These release notes provide information about updates, resolved issues, and security fixes addressed in EmpowerID build 7.211.0.0.
Enhancements
Framework Upgrade for Microservices
We upgraded the microservices framework from .NET 6.0 to .NET 8.0. This upgrade was necessary because support for .NET 6.0 will end support on November 12, 2024. In addition to updating the microservices code, this change requires infrastructure updates, including upgrading container images to use .NET 8 as the base image.
Resource Admin
Multi-Select for App Rights and Role Definitions: We introduced an enhancement allowing users to multi-select app rights and role definitions in the Assign Rights and Assign Role Definitions modals that appear when assigning rights and role definitions, even when mandatory time constraints are applied. Each selected app right or role definition can now be configured independently with a time restriction based on the governing Access Request Policy, ensuring flexibility and streamlined assignments. Visual indicators, such as an arrow pointing to the relevant policy and updated duration settings, provide clear guidance during selection.
Locale Key Settings for Predefined Approval Comments (Resource Admin): We fixed an issue where predefined approval comments in the Resource Admin screen were not localized. Previously, the comments used the Value field, which could not be localized. To resolve this, a new LocalizedName field has been added to the API response, allowing the UI to display localized approval comments in the dropdown.
Privileged Session Management
Privileged Session Manager (PSM) Monitoring Notification: We updated the UI for Privileged Session Manager to display a message alerting users when someone joins their session and that the session is being monitored. This enhancement ensures greater transparency and awareness for users during monitored sessions.
Resolved Issues
My Tasks
Revoke Access Business Request: We fixed an issue where the fulfillment schedule date was displayed twice in the Revoke Access Business Request overview drawer. This fix removes the redundant fulfillment schedule date, providing a cleaner and more accurate display.
App Right Assignment Duration: We fixed an issue where access duration was incorrectly set for app right assignments, even when the "Set Duration" setting was turned off during Business Request approval.
Incorrect Fulfillment Time Displayed in Process Steps: We fixed an issue where the fulfillment time was incorrectly displayed in the process steps diagram. The fulfillment time targeted the wrong value from the backend, causing inaccurate information to be shown to users. Users will now see the correct fulfillment time in the process steps.
Locale Key Settings for Predefined Approval Comments (My Tasks): We fixed an issue where predefined approval comments in the My Tasks business request screen were not localized. Previously, the comments used the Value field, which could not be localized. To resolve this, a new LocalizedName field has been added to the API response, allowing the UI to display localized approval comments in the dropdown.
Flow Inbox Business Request Navigation: We fixed an issue where clicking on a business request in the Flow Inbox led to a 404 error page instead of navigating to the request details.
Escalation Policy Participant Type Field Fix: We fixed an issue in the Escalation Policies tab where the Participant Type field for the Add Potential Approver Managers as Approver escalation action retained values from previously added actions. This occurred because the action combobox was not cleared after adding an item. The fix ensures that the Participant Type field is properly reset, preventing incorrect values from being carried over.
IAM Shop
Max Allowed Duration: We fixed an issue where the maximum allowed duration was enforced even when the Access Request policy for the selected resource was not time-restricted. Users could not select an end date and time beyond the maximum allowed duration, even when the policy did not include time restrictions. New checks have been implemented to ensure that the maximum allowed duration is only applied when the policy is time-restricted, allowing users to select any end date and time when applicable.
Azure Roles: We fixed an issue where the Access Duration for Azure Roles was not displayed in the IAM Shop. Users can now view when their access ends for any Azure Roles with an access end date.
Personal Credential Assignment (Onboard an Account and Credential Workflow): We fixed an issue where onboarding a personal credential using the Onboard an Account and Credential wizard did not assign the credential to the creator as a personal credential. As a result, the credential did not appear on the creator’s Manage Access tab in the credentials section of the IAM Shop. Additionally, manually assigning eligibility to the creator caused the credential to fail during the checkout process. This fix ensures that personal credentials are correctly assigned to the creator during onboarding and can be used as intended.
Locale Key Settings for Predefined Approval Comments (IAM Shop): We fixed an issue in the Cart Submission modal where predefined justifications were not localized. Previously, the Value field was used, which prevented localization. To address this, a new KeyEntryName field has been added to the API response, allowing the UI to display localized names in the dropdown.
Credential Type Column Sorting: We fixed an issue where attempting to sort the Credential Type column on the Request Access and Manage Access pages resulted in an internal server error. The column can now be sorted without any errors, ensuring proper functionality.
Application Name Discrepancy: We addressed an issue in the IAM Shop where the original application name was displayed in the Manage Access tab when reviewing app rights, even after the name had been updated since its initial onboarding. This fix ensures that the most current application names are displayed accurately when viewing app rights in the Manage Access tab.
Application Details (Role Definition Assignments): We fixed an issue where the Friendly Name and Technical Name were missing from the application details section for all Role Definition assignments. These fields have now been exposed in the IT Shop under the Manage Access section for Role Definitions and App Management Roles.
Card View Duplicate End Date/Time: We fixed an issue in the card view where the current access end date/time was displayed twice. This occurred when applying the "Show Only Pre-Approved" and "Show Time Constrained" filters under Groups → Manage Access. The duplicate EndDate attribute has been removed, ensuring it is only displayed once.
Pre-Approved Business Role Activation (Manage Access): We fixed an issue where pre-approved Business Roles and Locations did not display the "Activate" option under Manage Access when the "Show Only Pre-Approved" filter was applied. This fix ensures that pre-approved Business Roles and Locations are correctly displayed with the "Activate" option, allowing users to manage access as intended.
Business Role Activation (Manage Access): We resolved an issue where clicking "Activate" for a business role under Manage Access with the "Show Only Pre-Approved" filter applied resulted in a 500 Internal Server Error. This fix ensures that the activation process for Business Roles now functions correctly without errors.
Resource Admin
Duplicate Carts: We fixed a UI issue where clicking the Shopping Cart icon in Resource Admin or IAM Shop caused a second cart icon to appear. This issue occurred because the app wasn't utilizing the full width on larger screens or when zoomed out, leading to drawers opening from the far right. The fix ensures the app content properly utilizes the full width and the cart icon no longer duplicates when the drawer opens.
Business Request Fulfillment (App Right Revocation): We fixed an issue where multiple business requests failed during the fulfillment process when revoking existing app right assignments. The failure occurred when attempting to remove the same role or right for the same application and assignee across multiple assignments. The fix ensures that a consolidated business request is created, allowing the fulfillment to be completed successfully.
App Role Assignment Duration Visibility Fix: We fixed an issue in Resource Admin where the End Date for assigned roles/rights was not visible in the assignment popup after saving the assignment. While the duration was displayed correctly during the selection and assignment process, it disappeared after saving. This issue was caused by missing endDateUtc and startDateUtc parameters. The fix ensures these parameters are included, allowing the End Date to be consistently visible in the assignment popup for all roles/rights, improving clarity and accuracy during role management.
Web UI
Horizontal Scroll UI Issue: We fixed a global issue where the horizontal scroll was causing the UI to break in certain cases. This fix ensures the UI functions properly across all pages without layout disruptions.
Request Workflow Parameters (Button Layout Fix): We fixed a misalignment issue in the Request Workflow Parameters section of the Access Request workflow, where the Edit and Delete buttons were not properly aligned with the rest of the buttons. This fix ensures that all buttons are consistently aligned, improving visual clarity and usability for users interacting with the section.
SQL SETs
SQL Query Filter Template Selector: We fixed an issue where users could not scroll through the results in the filter popup when creating a SQL Set Query, even though the API returned more results than were displayed. Users can now scroll through all the results in the filter popup after creating a set query, ensuring all available results are accessible.
Query Report Download (Create Query - Set): We fixed an issue where downloading the query report from the filtration pop-up resulted in an empty file. This fix ensures that the downloaded Excel file now correctly includes all displayed SQL queries as expected.
Role and Location Mapping
Role and Location Mapper Page: We fixed an issue where sorting did not work on any Selected Node Mappings grid columns. The grids on the mapper pages are now fully sortable.
Role and Location Mapper (Scrollbar Layout Issue): We fixed a layout issue in the Role Mapper tab of the Role and Location Mapper, where clicking Map Selected to New resulted in extra spacing being added to the scrollbar. This fix ensures that scrollbars now appear only when necessary, without additional spacing, improving the layout consistency.
Groups
Fulfillment Failure on Nested Group Member Deletion: We fixed an issue where fulfillment failed when nested group members were deleted. The problem was due to incomplete handling of nested group relationships and multiple revoke requests, resulting in fulfillment errors and incomplete status updates for some requests. This fix ensures that all nested group deletions are processed correctly, with accurate status updates for each request.
Workflows
Manage Group Wizard: We fixed an issue where sorting was not functioning in the Edit Local Functions grid, even though the sorting icon was displayed. The fix ensures that sorting, such as by Risk Level, works correctly in the Add Local Functions grid.
Manage Computer Wizard: We fixed an issue where users encountered an "Internal Server Error" when attempting to save or submit changes while editing computer details via the ViewOne page or the ManageComputer Wizard. The issue occurred because executor class files were not generated for some operations. The fix involved generating the missing executor class files and republishing the operation activity.
Manage Local Right Wizard (Application Pre-Selection): We fixed an issue in the ManageAzLocalRightWizard workflow where the application was not pre-selected when the workflow was triggered from a contextual action. Users were required to reselect the application at the start of the workflow. This fix ensures that the application is pre-selected as expected, streamlining the process.
Notification Reports
Notification Report Subscription (Advanced Search): We fixed an issue where the 'Is Shipping Data' checkbox was missing from the advanced search in Notification Report Subscription. This fix ensures the checkbox is now available, allowing users to filter results using this option as expected.
Management Roles
Recertification Administrator Role: We fixed an issue where the Recertification Administrator role was missing in new installations. This role is now included by default to ensure proper functionality and assignment of recertification-related tasks.
Privileged Session Management
PSM Workflow Connection Error: We resolved an issue where the PSM workflow failed to load, and the API returned a 500 Internal Server Error when users attempted to connect to a computer via PSM. This fix ensures the workflow loads correctly, allowing users to establish connections without encountering errors.
Master Password Visibility (PSM Workflow): We resolved an issue where the Master Password entered in the PSM Workflow was visible in plain text in the Network Payload tab of browser developer tools. This fix ensures that the master password is securely handled and no longer exposed in developer tools, enhancing security and protecting sensitive information.