You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.
Skip to end of banner
Go to start of banner

Release notes

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Version 7.202.0.0

New Features

New Wizard Workflows

With this release, EmpowerID introduces several new Wizard-based workflows for managing Azure applications and onboarding common objects like EmpowerID Persons, groups, and Management Roles. These new workflows reduce the amount of data users see upfront, making the process more intuitive and user-friendly.

Azure Wizard Workflows

  • Create Azure Application – Wizard workflow for onboarding Azure applications in selected Azure tenants. This workflow has a number of parameters that you can configure to alter the fields that appear when running the workflow, as well as settings that determine whether human approval is required before EmpowerID fulfills the request and provisions the application in Azure.
    Workflow Parameters

    Error rendering macro 'excerpt-include' : User 'null' does not have permission to view the page 'Create Azure Applications'.

  • Create Azure Application Certificates – Wizard workflow for creating certificates for Azure applications managed by EmpowerID. The workflow has a number of parameters that can be configured to alter the fields that appear to users running the workflow. See /wiki/spaces/EAGV22/pages/2809016579.
    Workflow Parameters

    Parameter

    Purpose

    DefaultAzureTenantID

    This is the GUID of the Azure tenant. If the value is present, the “Select a Tenant” drop down will be auto-selected with the specified tenant.

    You can find the Tenant ID for your Azure tenant by navigating to
    Azure RBAC Manager > Resources and selecting the Tenants tab.

    DefaultOrgZoneID

    This is the ID of the EmpowerID location where the app certificate will be created . If a value is present, the “Select a Location” drop down will be auto-selected with the location. The location can be changed as desired on the form.

    DefaultShareCredential

    Boolean value that specifies whether to enable sharing for all app certificates by default.

    ShareCredential_IsVisible

    Boolean value that specifies whether to show or hide the Share credential checkbox on the form

    DefaultVaultCredential

    Boolean value that specifies whether to vault all secrets by default

    VaultCredential_IsVisible

    Boolean value that specifies whether to show or hide the Vault credential checkbox on the form

    DefaultOwnerPersonID

    This is the Person ID of the certificate owner. If the value is present, the specified person will be the owner for all app certificates.

    SelectOwner_IsVisible

    Boolean value that specifies whether to show or hide the Owner selection drop-down on the form

    DefaultExternalCredentialPolicyID

    This is the External Credential Policy ID to be assigned to all app certificates created.

    ManagementRoleIDsToNotify

    This is a comma separated list of the Management Role IDs of the Management Roles to be notified each time an app certificate is created.

    DefaultEmailMessageID

    This is the ID of the Email Template used to send email notification to each person belonging to the Management Roles specified in the ManagementRoleIDsToNotifiy parameter. Email notifications are sent each time an app certificate is created.


  • Create Azure Application Client Secrets – Wizard workflow for creating client secrets for Azure applications managed by EmpowerID. The workflow has a number of parameters that can be configured to alter the fields that appear to users running the workflow. See /wiki/spaces/EAGV22/pages/2809016822
    Workflow Parameters

    Parameter

    Purpose

    DefaultAzureTenantID

    This is the GUID of the Azure tenant. If the value is present, the “Select a Tenant” drop down will be auto-selected with the specified tenant.

    You can find the Tenant ID for your Azure tenant by navigating to
    Azure RBAC Manager > Resources and selecting the Tenants tab.

    DefaultOrgZoneID

    This is the ID of the EmpowerID location where the client secret will be created . If value is present, the “Select a Location” drop down will be auto-selected with the location. The location can be changed as desired on the form.

    DefaultSecretExpirationInDays

    This is the default client secret expiration in X days from the current date. X days will be added to the current date.

    SelectExpiration_IsVisible

    Boolean value that specifies whether to show or hide the expiration field on the form.

    DefaultShareCredential

    Boolean value that specifies whether to enable sharing for all credentials by default.

    ShareCredential_IsVisible

    Boolean value that specifies whether to show or hide the Share credential checkbox on the form

    VaultShareCredential

    Boolean value that specifies whether to vault all secrets by default

    VaultCredential_IsVisible

    Boolean value that specifies whether to show or hide the Vault credential checkbox on the form

    DefaultOwnerPersonID

    This is the Person ID of the secret owner. If the value is present, the specified person will be the owner for all client app secrets.

    SelectAOwner_IsVisible

    Boolean value that specifies whether to show or hide the Owner selection drop-down on the form

    DefaultExternalCredentialPolicyID

    This is the External Credential Policy ID to be assigned to all client secret credentials created.

    ManagementRoleIDsToNotify

    This is a comma separated list of the Management Role IDs of the Management Roles to be notified each time a client app secret is created.

    DefaultEmailMessageID

    This is the ID of the Email Template used to send email notification to each person belonging to the Management Roles specified in the ManagementRoleIDsToNotifiy parameter. Email notifications are sent each time a client app secret is created.

  • Create Azure Application Scopes Wizard workflow for creating scopes for Azure applications managed by EmpowerID. See /wiki/spaces/EAGV22/pages/2809017160.

  • Create Azure Application Roles – Wizard workflow for creating app roles for Azure applications managed by EmpowerID. See /wiki/spaces/EAGV22/pages/2809016990.

  • Update Azure App API Permissions – Wizard workflow for managing API permissions for Azure applications managed by EmpowerID. See /wiki/spaces/EAGV22/pages/2813984784.

Onboarding Wizard Workflows

  • Onboard Person – Wizard workflow for onboarding people with different options for the onboarding process. The amount of data and options available to users can be controlled via workflow parameters.
    Workflow Parameters

    Parameter

    Description

    CreationModeListDataItemTypeName

    This is a list that contains the available modes for onboarding people.

    EmailMessageIdForMgtRoles

    Integer that specifies the email message to be sent to all members belonging to the target Management Roles.

    EmailMessageIdForNewPerson

    Integer that specifies the email message to be sent to the newly onboarded person.

    EmailMessageIdForPersonManager

    Integer that specifies the email message to be sent to the manager of the newly onboarded person.

    IsAssignGroupMembership_IsVisible

    Boolean value that determines whether the Assign Group membership section of the workflow is visible to users.

    IsAssignMgmtRoleBundleMembership_IsVisible

    Boolean value that determines whether the Assign Management Role Bundle Membership section of the workflow is visible to users.

    IsAssignObjectVisibilityAccessRoles_IsVisible

    Boolean value that determines whether the Assign Visibility Access Role section is visible to users.

    IsAssignPreApprovedMgmtRole_IsVisible

    Boolean value to determine whether the Assign Pre-Approved Management Roles section of the workflow is visible to users.

    IsAssignRbacOperationAccessRoles_IsVisible

    Boolean value to determine whether the Assign RBAC Operation Access Roles section of the workflow is visible to users.

    IsAssignSecondaryRoleAndLocation_IsVisible

    Boolean value to determine whether the Assign Secondary Role and Location section of the workflow is visible to users.

    IsAssignUIAccessRoles_IsVisible

     Boolean value that determines whether the Assign UI Access Roles section of the workflow is visible to users.

    IsAutoGeneratePassword_IsVisible

    Boolean value that specifies whether the Auto Generate Password option is visible to users.

    OnboardPersonCreationMode_ItemSetName

    Specifies the List Item Set Name containing the creation modes presented to users running the workflow.

    OnboardPersonPropertiesToClone

    Specifies the properties to clone from a selected person to the new person when running the workflow in Create Person From Another mode. Default properties include:

    • LastName

    • FirstName

    • Address.City

    • Address.State

    PersonPropertiesToClone

    Specifies the properties to clone from a selected person to the new person when running the workflow in Create Person From Another mode. Default properties include:

    • Name

    • Address

    • ManagerInfo

    • PrimaryLocationAndRole

    • OrganizationBasicInfo

    • OrganizationContactInfo

    SendForApproval

    Boolean value that specifies whether the onboarding request needs to be routed for human approval before the systems provisions the new person.



    Onboard Person Creation Modes:

    • Create Person Simple Mode – This option allows non-technical users to initiate creating a new person, requiring minimal information to be supplied, such as the new person's First Name, Last Name, and primary Business Role and Location.

    • Create Person Advanced Mode – This option requires more information and provides more configuration options, such as assigning the new person to one or more Management Roles and groups.

    • Create Person From Another Mode – This option allows you to create a person using another person as a template for the new person. The amount of information that should be cloned is set via workflow properties.

  • Onboard Group – Wizard workflow for onboarding groups with different options for choosing group members and eligibility of pre-approved members. This workflow consists of seven steps, with two being based on the current user’s selections. These steps are configurable via workflow parameters.

    • Group Usage Type

      • ShowGroupUsageType – This parameter is used to set up the visibility of the Group usage type dropdown and the value is Boolean (true/false).

      • DefaultGroupUsageTypeId – This parameter is used to set up the default value for the Group Usage Type option list and the user needs to input a valid integer value

    • Membership Options

      • ShowMembershipOptions – Boolean value that determines the visibility of the Group Membership Options section of the workflow

      • ShowPermanentMembersOption – Boolean value the determines the visibility of the Permanent Members Option in the Group Membership Options section of the workflow

      • ShowPreApproveMembershipOptions – Boolean value that determines the visibility of the Pre-approved Members option from the Group Membership Options section of the workflow

New Adaptive Card Designer in Workflow Studio

Workflow Studio supports the design and development of adaptive cards for EmpowerID Chatbot. An adaptive card is a commonly used UI component in bot conversation. Adaptive cards are highly interactive since they support using rich text, graphics, input controls, and buttons to gather user input. One of the major advantages of using adaptive cards is the native rendering of the card; because the interface is inherited directly from the host, adaptive cards' UI/ UX appears to match with the framework it is being displayed in. See Adaptive Cards.

Enhancements

EmpowerID UX/UI

  • Upgrade jQuery from version v1.9.1 to v3.6.0

  • Upgrade jQuery UI from v1.12.1 to v1.13.1

  • Upgrade Knockout JS version from v3.4.0 to v3.5.1

  • Some UX/UI improvement / fixes (alignments, icons updates, styles)

  • Browser window resize

  • New design for Add, Edit and Delete buttons

  • New design for Breadcrumbs

  • Restyle Passwordless Login Workflow

  • Azure RBAC Assignments Fixes

  • Slim Mode Tree – fixed

  • New improved design for Person - Management Roles table

  • New improved UI for Location Search

  • Improved UX for section separation

  • A new design for Pop-up and Person Request form

  • New design for Check, Attention and Undo states

  • Pop-ups are now appearing in a drawer manner

  • New UX/UI for the Top 10

  • New UX for Workflows tabs

  • Security Key or Biometric Authenticator

Workflow Studio

  • Use Microsoft Edge as the default browser for logging into Workflow Studio. Auto-detect and install the WebView2 pre-requisite/dependency if not present

  • Shortcut implementations for Save, Comment and Uncomment code

  • WFS Activities for invoking AAD and EXO PowerShell microservice endpoints

  • WFS .NET 6 templates for creating Microservices, SCIM Microservices, Azure functions (isolated & in process)

EmpowerID Chatbot

  • Add Connect to computer bot flow

  • Create/View Shared and Vault Credentials bot flows

  • Support for “Things to Manage” and “Things to Do” in Bot

  • Update Adaptive Cards in the Bot Flows with latest features like password masking, validations, search dropdown

  • Support for LUIS

EmpowerID Mobile App

  • Add EmpowerID Chatbot

  • Important security & reliability updates

Azure AD

  • Upgrade the Azure AD SCIM Microservice from .NET 5 to .NET 6

  • Improve the Azure application onboarding workflow to support additional capabilities for OIDC, Non-gallery & gallery apps

Resource Admin Microservice

  • Applications

    • Azure Application Secrets

    • Azure Application Certificates

    • Azure Applications Scopes

    • Azure Application Roles

    • Azure Applications API Permissions

    • Contextual Workflows for Applications and for an Application in particular

  • Groups

    • List View / Tab View for all Groups, you are an owner of or that are owned by someone else

    • Overview of a Group

    • Rights of a Group

    • Local Sensitive Functions of a Group

    • Member of a Group

    • Membership Changes for a Group

    • Resultant Members of a Group

    • Contextual Workflows for Groups and for a Group in particular

  • Management Roles

    • List View / Tab View for all Management Roles, you are an owner of or that are owned by someone else

    • Overview of Management Roles

    • Rights of Management Roles

    • Sensitive Functions of Management Roles

    • All Members of Management Roles

    • People as Members for a Management Role

    • Contextual Workflows for All Management Roles and for a Management Role in particular

IAM Shop Microservice

  • Mailboxes

    • List View / Tab View list of all Mailboxes you are Eligible or Preapproved to Request Access

    • Request Access for a Mailbox Permission Level

    • Managing Access for a Mailbox Permission Level

  • Shared Folders

    • List View / Tab View list of all Shared Folders you are Eligible or Preapproved to Request Access

    • Request Access for a Shared Folder Permission Level

    • Managing Access for a Shared Folder Permission Level

  • Credentials

    • List View / Tab View list of all Credentials you are Eligible or Preapproved to Request Access

    • Request Access to checkout a Credential

      • For One Time Check-Out

      • To be Preapproved for Unlimited Number of Check-Outs

    • Managing Access for Credentials with ability to:

      • Checkout / Check-in Credentials

      • View Checkout History

  • Computers

    • List View / Tab View list of all Computers you or someone else is Eligible or Preapproved to Request Access

    • Request Access to Connect to a Computer:

      • Membership-Based Access for a certain Permission Level

      • Login Session Access (PSM Enabled)

        • For One Time Connect

        • To be Preapproved for Unlimited Number of Connections

    • Managing Access for Computers:

      • Membership-Based Access for a certain Permission Level

      • Login Session Access (PSM Enabled)

        • Connect / Reconnect / Disconnect from a Computer

      • View Login Session History for Computers

  • Groups

    • Introduced the ability to Activate Now for Preapproved Membership if BypassBusinessRequestWhenPreApproved is set to TRUE in the Access Request Policy to directly add the person to pre-approved Groups

  • Management Roles

    • Introduced the ability to Activate Now for Preapproved Membership if BypassBusinessRequestWhenPreApproved is set to TRUE in the Access Request Policy to directly add the person to pre-approved Management Roles

  • Added Contextual Workflows to Each Resource Type

  • Added the ability to fill in dynamic attributes defined for a resource in the IAM Shop when requesting access for a resource

Risk Analytics Microservice

  • View Risk Stats Analytics Dashboard

  • View Risk Reports

My Identity Microservice

  • Change the time zone for a person

  • Set the out of office status for a person

  • No labels