Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Identity Manager 9.1.2 - Release Notes

One Identity Manager 9.1.2

One Identity Manager 9.1.2

Release Notes

20 November 2023, 13:36

These release notes provide information about the One Identity Manager release version 9.1.2. You will find all the modifications since One Identity Manager version 9.1.1 listed here.

For the most recent documents and product information, see Online product documentation.

One Identity Manager 9.1.2 is a patch release with new functionality and improved behavior. See New features and Enhancements.

If you are updating a One Identity Manager version older than One Identity Manager 9.1.1, read the release notes from the previous versions as well. You will find the release notes and the release notes about the additional modules based on One Identity Manager technology under One Identity Manager Support.

One Identity Manager documentation is available in both English and German. The following documents are only available in English:

  • One Identity Manager Password Capture Agent Administration Guide

  • One Identity Manager LDAP Connector for CA Top Secret Reference Guide

  • One Identity Manager LDAP Connector for IBM RACF Reference Guide

  • One Identity Manager LDAP Connector for IBM AS/400 Reference Guide

  • One Identity Manager LDAP Connector for CA ACF2 Reference Guide

  • One Identity Manager REST API Reference Guide

  • One Identity Manager Web Runtime Documentation

  • One Identity Manager Object Layer Documentation

  • One Identity Manager Composition API Object Model Documentation

  • One Identity Manager Secure Password Extension Administration Guide

Topics:

About One Identity Manager 9.1.2

About One Identity Manager 9.1.2

One Identity Manager simplifies the process of managing user identities, access permissions, and security policies. It gives control over identity management and access decisions to your organization, freeing up the IT team to focus on their core competence.

With this product, you can:

  • Implement group management using self-service and attestation for Active Directory with the One Identity Manager Active Directory Edition

  • Realize Access Governance demands cross-platform within your entire company with One Identity Manager

Every one of these scenario specific products is based on an automation-optimized architecture that addresses major identity and access management challenges in a fraction of the time, complexity or expense of “traditional” solutions.

One Identity Starling

Initiate your subscription within your One Identity on-prem product and join your on-prem solutions to our One Identity Starling cloud platform. Giving your organization immediate access to a number of cloud-delivered microservices, which expand the capabilities of your One Identity on-prem solutions. We will continuously make available new products and features to One Identity Starling.

For a free trial of our One Identity Starling offerings and to get the latest product feature updates, visit https://www.cloud.oneidentity.com.

New features

New features in One Identity Manager 9.1.2:

General
  • The functionality of the FileComponent.ModifyFileAccess_DotNet process task has been extended.

    A new parameter, AccessControlList, allows multiple entries of access permissions to be configured. The ModifyFileAccess_Universal process task has been replaced by this process task in the default processes.

    IMPORTANT: In the processes to create home and profile directories for Active Directory user accounts, the QER | Person | User | AccessRights | HomeDir | EveryOne, QER | Person | User | AccessRights | ProfileDir | EveryOne, QER | Person | User | AccessRights | TerminalHomeDir | EveryOne, and QER | Person | User | AccessRights | TerminalProfileDir | EveryOne configuration parameters are no longer taken into account.

    Ensure that the subdirectories under the root directories, such as the home directory, do not inherit permissions from the Everyone user group. Otherwise, there is a possibility that the user group obtains unwanted permissions on all home directories.

Target system connection
  • Active Roles version 8.1.3 is supported to the previous extent.

  • Support for One Identity Safeguard versions 7.2, 7.3, and 7.4.

    A patch with the patch ID VPR#36617 is available for synchronization projects.

  • Support for SAP .Net Connector 3.1 for x64, with version 3.1.2.0 for Microsoft .NET 4.8 or later.

  • The SCIM connector supports synchronization of SAP Cloud ALM applications via SAP Cloud Identity Services with the default schema.

Identity and Access Governance
  • New approval procedures BA - Owner of the application and BE - Approver of application entitlement

    The approval procedures determine the owner (application role) or approver (application role) of the associated application when attesting application entitlements in the Application Governance Module.

  • You can now assign additional properties to attestation cases.

See also:

Enhancements

The following is a list of enhancements implemented in One Identity Manager 9.1.2.

Table 1: General

Enhancement

Issue ID

The email configuration wizard can now specify a Job server that takes over the SMTP server functionality.

35564

The SQL formatter consistency check now also checks for correct parametrization of the EmptyClause for key columns.

35737

Enhanced performance for cleaning up the DBQueue Processor task buffer.

35978

Improved log in the Database Agent Service.

36598

Various improvements to the Data Import program's user interface.

36611

Enhanced performance calculating permissions for One Identity Manager users.

36836

Permissions on the PersonPasswordHistory table are removed if they are not required.

36940

Enhanced performance filling the QBMSplittedLookup table.

36973

No more triggers are disabled while the DBQueue is being compressed. This stops the database from switching into maintenance mode and there is no disadvantage to the users.

36975

Enhanced support for horizontal read scale-out in local availability groups of an SQL Server cluster.

36977, 37029

Improvements in the DBTransporterCMD.exe command line program.

37012, 37013

Increased security generating reports.

37255

Enhanced security of the help system.

37345

Table 2: HTML web applications

Enhancement

Issue ID

Enhanced performance in the Web Portal for:

  • approving attestation cases

  • displaying my responsibilities

35861, 36814

The API Server can write the session ID to log entries.

To do this, there must be the following entry in the <nlog> section of the nlog.config file:

<extensions>

<add assembly="QBM.CompositionApi.Server" />

</extensions>

36902

Enhanced performance of the API documentation.

36958, 417439

Angular application debugging has been stabilized by implementing the deleteDestPath option.

407356

Web Portal security has been enhanced.

418453

If a manager is not responsible for any identities, a button for creating identities is now displayed in the My Direct Reports tile on the Web Portal home page.

423948

Changes to dynamic parameters are now correctly applied in the Web Portal.

433272

Table 3: Web Designer web applications

Enhancement

Issue ID

Increased the Web Designer Web Portal's security.

36328

Third-party component JQuery UI updated.

421322

Enhanced performance in the Web Designer Web Portal displaying the shopping cart.

430423, 33913

In the Web Designer Web Portal, performance has been improved when approving multiple requests or attestation cases.

431363, 37123

Increased security generating reports in the Web Designer Web Portal.

433756, 37244

Table 4: Target system connection

Enhancement

Issue ID

In the Manager, inactive identities can now also be assigned to user accounts on the user account main data forms of the target systems. The new configuration parameter QER | Person | HideDeactivatedIdentities specifies whether inactive identities are shown or hidden on the user account main data forms.

36703

When single roles are assigned to composite roles in the SAP R/3 system, only memberships marked as active are synchronized.

36766

When the SCIM connector is authenticated via OAuth, the configured client ID and client secret data is always transmitted in the header and body of the POST request.

36912

Creating, changing, and deleting user accounts in custom target systems (UNSAccountB) avoid unnecessary post-processing tasks.

36989

If an exact change date for OneLogin user account can be set, the current timestamp is used as the revision counter.

37120

The list of permitted values of the preferred single sign-on mode for Azure Active Directory service principals has been extended.

37198

Enhanced description of variables for Microsoft Exchange synchronization projects.

A patch with the patch ID VPR#37274 is available for synchronization projects.

37274

Table 5: Identity and Access Governance

Enhancement

Issue ID

The calculation of permitted approvers in the approval workflow has been optimized. Approval levels that have already been completed are no longer recalculated after each change.

35602

Improved how the Move products dialog is presented in the Manager.

36636

Masked special characters can be used in the authorization definition of SAP functions.

36780

Calculation of SAP functions optimized.

36796

Enhanced performance calculating SAP functions.

36821

Enhanced performance in attestation policy condition testing.

37134

See also:

Outils libre-service
Base de connaissances
Notifications et alertes
Support produits
Téléchargements de logiciels
Documentation technique
Forums utilisateurs
Didacticiels vidéo
Flux RSS
Nous contacter
Obtenir une assistance en matière de licence
Support Technique
Afficher tout
Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation