Chat now with support
Chat with Support

Identity Manager 9.2.1 - Release Notes

One Identity Manager 9.2.1

One Identity Manager 9.2.1

Release Notes

21 May 2024, 12:29

These release notes provide information about the One Identity Manager release version 9.2.1. You will find all the modifications since One Identity Manager version 9.2 listed here.

For the most recent documents and product information, see Online product documentation.

One Identity Manager 9.2.1 is a minor release with new functionality and enhanced behavior. See New features and Enhancements.

If you are updating a One Identity Manager version older than One Identity Manager 9.2, read the release notes from the previous versions as well. You will find the release notes and the release notes about the additional modules based on One Identity Manager technology under One Identity Manager Support.

One Identity Manager documentation is available in both English and German. The following documents are only available in English:

  • One Identity Manager Password Capture Agent Administration Guide

  • One Identity Manager LDAP Connector for CA Top Secret Reference Guide

  • One Identity Manager LDAP Connector for IBM RACF Reference Guide

  • One Identity Manager LDAP Connector for IBM AS/400 Reference Guide

  • One Identity Manager LDAP Connector for CA ACF2 Reference Guide

  • One Identity Manager REST API Reference Guide

  • One Identity Manager Web Runtime Documentation

  • One Identity Manager Object Layer Documentation

  • One Identity Manager Composition API Object Model Documentation

  • One Identity Manager Secure Password Extension Administration Guide

Topics:

About One Identity Manager 9.2.1

About One Identity Manager 9.2.1

One Identity Manager simplifies the process of managing user identities, access permissions, and security policies. It gives control over identity management and access decisions to your organization, freeing up the IT team to focus on their core competence.

The One Identity Manager enables you to realize Access Governance demands cross-platform within your entire company. One Identity Manager is based on an automation-optimized architecture and, unlike other “traditional” solutions, addresses major identity and access management challenges in a fraction of the time, complexity, and expense.

One Identity Starling

Initiate your subscription within your One Identity on-prem product and join your on-prem solutions to our One Identity Starling cloud platform. Giving your organization immediate access to a number of cloud-delivered microservices, which expand the capabilities of your One Identity on-prem solutions. We will continuously make available new products and features to One Identity Starling.

For a free trial of our One Identity Starling offerings and to get the latest product feature updates, visit https://www.cloud.oneidentity.com.

New features

New features in One Identity Manager 9.2.1:

HTML5 web applications
  • The option to navigate in hyperviews in web applications can now be disabled in the Administration Portal.

  • The One Identity GitHub repository provides documentation for the most important Angular components.

Target system connection
  • Active Roles version 8.1.5 is supported to the previous extent.

  • One Identity Safeguard Versions 7.4 and 7.5 are supported to the previous extent.

  • Support for SAP S/4HANA Cloud 2022 and 2023 with SAP BASIS 7.57 and 7.58.

    An updated BAPI transport SAPTRANSPORT_70.ZIP is provided.

  • Support for HCL Domino Server version 14 and HCL Notes Client version 12.0.1 in the 64-bit variation, and 14.0.

    A 64-bit version of the HCL Notes Client must now be installed on the gateway server to make it possible to synchronize a Domino environment.

  • In the OneLogin connector, a method for handling the HTTP status 429 (too many requests) and a waiting mechanism with random, exponentially increasing waiting times has been implemented to avoid disconnects when the X-RATE limit is exceeded. This means that denied requests are repeated for up to an hour.

Identity and Access Governance
  • Support for new Manual laborer employee type. The employee type is included in the license report for One Identity Manager.

  • Azure Active Directory administrator roles can now be added automatically to the IT Shop. The functionality is enabled by the QER | ITShop | AutoPublish | AADDirectoryRole configuration parameter. By default, the Approval of Azure Active Directory requests approval policy is used to decide requests.

    NOTE: The new Approval of Azure Active Directory requests approval policy has also been assigned to the existing default shelves for Disabled Azure Active Directory service plans, Azure Active Directory groups, and Azure Active Directory subscriptions.

    • Check whether custom approval policies are still in effect for these products.

  • Assignments that result from a request can now also be automatically removed if attestation is denied. The following configuration parameters have been newly implemented:

    • QER | Attestation | AutoRemovalScope | OrgHasESet | RemoveRequested

    • QER | Attestation | AutoRemovalScope | DepartmentHasESet | RemoveRequested

    • QER | Attestation | AutoRemovalScope | LocalityHasESet | RemoveRequested

    • QER | Attestation | AutoRemovalScope | ProfitCenterHasESet | RemoveRequested

  • In Microsoft Teams, you can attest teams and team memberships. Default attestation policies and default approval workflows are provided for this. There is support for automatic removal of team memberships if attestation is denied.

    • New approval procedure OW - Product owners of a Microsoft Teams Teams

  • Company policies can be configured such that an attestation is started for each policy violation. To do this, an attestation policy is assigned to the company policy. Entitlements that violate company policies can be automatically removed or user accounts disabled. There are three ways to start attestation:

    • Scheduled by the schedule assigned to the attestation policy

    • Automatically as soon as a policy violation is detected

    • Manually, using the Run attestation cases now task

Related topics

Enhancements

The following is a list of enhancements implemented in One Identity Manager 9.2.1.

Table 1: General

Enhancement

Issue ID

Additional permitted values for the DialogParameter.QueryDisplayType column to enhance how query data is displayed.

430664, 36621

Improved performance calculating authorizations for One Identity Manager users.

431109, 36836

Enhanced security of the help system.

437475, 37345

When starting individual programs with the Launchpad, you can now select whether logging in is automatic or whether to use new connection credentials.

440485

Enhanced documentation of the No direct database connection property for Job servers.

440489, 37435

Password Manager Secure Password Extension has been updated to version 5.13.1.

442044

Improved performance when creating and handling processes.

443099

Enhanced documentation of the wizard for entering database queries.

445717

Improved performance of Job server querying the Job queue.

445982

Configuration parameters can now be marked as encrypted even if database encryption is not configured.

446349

Improved performance in the Job Queue Info when information is loaded from the process history.

449818, 453348

Table 2: HTML5 web applications

Enhancement

Issue ID

In the Web Portal, it is now possible to navigate inside an object's hyperview.

427806

In the Web Portal, it is now possible to set a link to the requests page whereby a specific service category or a specific product is opened.

To do this, use the URL parameter /#/newrequest/allProducts?serviceCategory=<service category UID> or /#/newrequest/allProducts?serviceItem=<service item UID>.

427946

Error texts are now not only displayed in the HTTP status field, but also in the payload of the response to an API request. This improves compatibility with HTTP/2.0.

432451

Improved API Server performance.

435696

In the Web Portal, object types of objects that are part of an attestation case are now shown.

436245

If OAuth is not configured correctly, more meaningful error messages are now generated for the API Server log.

437362

Data export in the Web Portal now provides more properties for selection.

439740

Improved registration of Angular CDR providers.

440711

Enhanced documentation of custom designs in the GitHub repository for standard HTML applications.

440711

In the Web Portal, you can now renew requests if you have write permissions for them.

443133

In the Administration Portal, you can now define a filter using the VI_ITShop_Filter_AccProduct configuration key. This filter determines which service items are displayed in the Web Portal depending on the selected request recipients.

445150

You can now define a filter in the Administration Portal using the VI_ITShop_Filter_AccProductGroup configuration key. This filter determines which service categories are displayed in the Web Portal depending on the selected request recipients.

445150

Enhanced documentation on the Docker container for the API Server.

449613

The third-party component Node.js has been updated to version 16.20.2.

454172

Table 3: Web Designer web applications

Enhancement

Issue ID

Improved performance when copying items in the Web Designer Web Portal shopping cart.

446254

Performance when sending the shopping cart in Web Designer Web Portal has been improved if the VI_ITShop_CalculateComplianceCheck configuration key is disabled.

449152

Table 4: Target system connection

Enhancement

Issue ID

Different strategies are used for applying filters.

35406

Enhanced description of variables for Microsoft Exchange synchronization projects.

A patch with the patch ID VPR#37274 is available for synchronization projects.

433874, 37274

Optimization of the SAP R/3 connector for synchronizing SAP authorizations if the total number of SAP authorizations is too large for processing. Additional synchronization steps are provided, which can process the SAP authorizations in separate partitions.

A patch with the patch ID VPR#37380 is available for synchronization projects.

To use the optimization

  1. Apply the patch VPR#37380 in the Synchronization Editor.

  2. Enable the profileHasAuthObjectFieldPart1, profileHasAuthObjectFieldPart2, profileHasAuthObjectFieldPart3, and profileHasAuthObjectFieldPart4 synchronization steps.

  3. Disable the profileHasAuthObjectField synchronization step.

  4. Save the changes.

The next synchronization divides all the SAP authorizations into four blocks and processes them independently of each other.

438884, 37380

If the Trace information level is enabled in the NLog configuration, the Microsoft Graph connector, which is used for the synchronizing Azure Active Directory and Microsoft Teams, now logs requests to the graph endpoint. The log only contains the request URI and the response code. A GUID is generated to match the request and response.

441232

In the Manager, other POSIX properties for Active Directory user accounts, contacts, and groups are displayed on the forms.

441991

The generic database connector for PostgreSQL databases supports the Name and OID data types.

447959

Connection timeouts of the SAP .Net Connector that occur during synchronization are detected and the RFC connection is re-established transparently.

448633

Table 5: Identity and Access Governance

Enhancement

Issue ID

The OA and TO approval procedures have been extended to determine approvers for assignment requests.

The EN approval procedure has been extended to determine attestors for assignments of system entitlements to hierarchical roles.

430621, 36432

Improved mapping of identity responsibilities.

430714, 36914

All types of company resources can now be assigned by request assignment to business roles with the Team role role class.

438994, 37377

Functional changes in the SAP R/3 Compliance Add-on (SAC) module have been rolled back to a stable version.

447665

If an approval mail cannot be processed during approval by mail, the approvers are now informed of the issue and the approval mail is removed from the mailbox depending on the selected cleanup method.

If mail notifications via Microsoft Exchange or Exchange Online fail to send, the same mail is now sent via an SMTP connection if the option is configured.

430230

Related topics
Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating