One Identity Manager 9.1.2
Release Notes
20 November 2023, 13:36
These release notes provide information about the One Identity Manager release version 9.1.2. You will find all the modifications since One Identity Manager version 9.1.1 listed here.
For the most recent documents and product information, see
Online product documentation.
One Identity Manager 9.1.2 is a patch release with new functionality and improved behavior. See New features and Enhancements.
If you are updating a version older than 9.1.1, read the release notes from the previous versions as well. You will find the release notes and the release notes about the additional modules based on technology under One Identity Manager Support.
One Identity Manager documentation is available in both English and German. The following documents are only available in English:
-
One Identity Manager Password Capture Agent Administration Guide
-
One Identity Manager LDAP Connector for CA Top Secret Reference Guide
-
One Identity Manager LDAP Connector for IBM RACF Reference Guide
-
One Identity Manager LDAP Connector for IBM AS/400 Reference Guide
-
One Identity Manager LDAP Connector for CA ACF2 Reference Guide
-
One Identity Manager REST API Reference Guide
-
One Identity Manager Web Runtime Documentation
-
One Identity Manager Object Layer Documentation
-
One Identity Manager Composition API Object Model Documentation
-
One Identity Manager Secure Password Extension Administration Guide
Topics:
About One Identity Manager 9.1.2
One Identity Manager simplifies the process of managing user identities, access permissions, and security policies. It gives control over identity management and access decisions to your organization, freeing up the IT team to focus on their core competence.
With this product, you can:
-
Implement group management using self-service and attestation for Active Directory with the One Identity Manager Active Directory Edition
-
Realize Access Governance demands cross-platform within your entire company with One Identity Manager
Every one of these scenario specific products is based on an automation-optimized architecture that addresses major identity and access management challenges in a fraction of the time, complexity or expense of “traditional” solutions.
One Identity Starling
Initiate your subscription within your One Identity on-prem product and join your on-prem solutions to our One Identity Starling cloud platform. Giving your organization immediate access to a number of cloud-delivered microservices, which expand the capabilities of your One Identity on-prem solutions. We will continuously make available new products and features to One Identity Starling.
For a free trial of our One Identity Starling offerings and to get the latest product feature updates, visit https://www.cloud.oneidentity.com.
New features in One Identity Manager 9.1.2:
General
-
The functionality of the FileComponent.ModifyFileAccess_DotNet process task has been extended.
A new parameter, AccessControlList, allows multiple entries of access permissions to be configured. The ModifyFileAccess_Universal process task has been replaced by this process task in the default processes.
IMPORTANT: In the processes to create home and profile directories for Active Directory user accounts, the QER | Person | User | AccessRights | HomeDir | EveryOne, QER | Person | User | AccessRights | ProfileDir | EveryOne, QER | Person | User | AccessRights | TerminalHomeDir | EveryOne, and QER | Person | User | AccessRights | TerminalProfileDir | EveryOne configuration parameters are no longer taken into account.
Ensure that the subdirectories under the root directories, such as the home directory, do not inherit permissions from the Everyone user group. Otherwise, there is a possibility that the user group obtains unwanted permissions on all home directories.
Target system connection
-
version 8.1.3 is supported to the previous extent.
-
Support for One Identity Safeguard versions 7.2, 7.3, and 7.4.
A patch with the patch ID VPR#36617 is available for synchronization projects.
-
Support for SAP .Net Connector 3.1 for x64, with version 3.1.2.0 for Microsoft .NET 4.8 or later.
-
The SCIM connector supports synchronization of SAP Cloud ALM applications via SAP Cloud Identity Services with the default schema.
Identity and Access Governance
-
New approval procedures BA - Owner of the application and BE - Approver of application entitlement
The approval procedures determine the owner (application role) or approver (application role) of the associated application when attesting application entitlements in the Application Governance Module.
-
You can now assign additional properties to attestation cases.
See also:
The following is a list of enhancements implemented in One Identity Manager 9.1.2.
Table 1: General
|
The email configuration wizard can now specify a Job server that takes over the SMTP server functionality. |
35564 |
|
The SQL formatter consistency check now also checks for correct parametrization of the EmptyClause for key columns. |
35737 |
|
Enhanced performance for cleaning up the DBQueue Processor task buffer. |
35978 |
|
Improved log in the Database Agent Service. |
36598 |
|
Various improvements to the Data Import program's user interface. |
36611 |
|
Enhanced performance calculating permissions for One Identity Manager users. |
36836 |
|
Permissions on the PersonPasswordHistory table are removed if they are not required. |
36940 |
|
Enhanced performance filling the QBMSplittedLookup table. |
36973 |
|
No more triggers are disabled while the DBQueue is being compressed. This stops the database from switching into maintenance mode and there is no disadvantage to the users. |
36975 |
|
Enhanced support for horizontal read scale-out in local availability groups of an SQL Server cluster. |
36977, 37029 |
|
Improvements in the DBTransporterCMD.exe command line program. |
37012, 37013 |
|
Increased security generating reports. |
37255 |
|
Enhanced security of the help system. |
37345 |
Table 2: HTML web applications
|
Enhanced performance in the Web Portal for:
|
35861, 36814 |
|
The API Server can write the session ID to log entries.
To do this, there must be the following entry in the <nlog> section of the nlog.config file:
<extensions>
<add assembly="QBM.CompositionApi.Server" />
</extensions> |
36902 |
|
Enhanced performance of the API documentation. |
36958, 417439 |
|
Angular application debugging has been stabilized by implementing the deleteDestPath option. |
407356 |
|
Web Portal security has been enhanced. |
418453 |
|
If a manager is not responsible for any identities, a button for creating identities is now displayed in the My Direct Reports tile on the Web Portal home page. |
423948 |
|
Changes to dynamic parameters are now correctly applied in the Web Portal. |
433272 |
Table 3: Web Designer web applications
|
Increased the Web Designer Web Portal's security. |
36328 |
|
Third-party component JQuery UI updated. |
421322 |
|
Enhanced performance in the Web Designer Web Portal displaying the shopping cart. |
430423, 33913 |
|
In the Web Designer Web Portal, performance has been improved when approving multiple requests or attestation cases. |
431363, 37123 |
|
Increased security generating reports in the Web Designer Web Portal. |
433756, 37244 |
Table 4: Target system connection
|
In the Manager, inactive identities can now also be assigned to user accounts on the user account main data forms of the target systems. The new configuration parameter QER | Person | HideDeactivatedIdentities specifies whether inactive identities are shown or hidden on the user account main data forms. |
36703 |
|
When single roles are assigned to composite roles in the SAP R/3 system, only memberships marked as active are synchronized. |
36766 |
|
When the SCIM connector is authenticated via OAuth, the configured client ID and client secret data is always transmitted in the header and body of the POST request. |
36912 |
|
Creating, changing, and deleting user accounts in custom target systems (UNSAccountB) avoid unnecessary post-processing tasks. |
36989 |
|
If an exact change date for OneLogin user account can be set, the current timestamp is used as the revision counter. |
37120 |
|
The list of permitted values of the preferred single sign-on mode for Azure Active Directory service principals has been extended. |
37198 |
|
Enhanced description of variables for Microsoft Exchange synchronization projects.
A patch with the patch ID VPR#37274 is available for synchronization projects. |
37274 |
Table 5: Identity and Access Governance
|
The calculation of permitted approvers in the approval workflow has been optimized. Approval levels that have already been completed are no longer recalculated after each change. |
35602 |
|
Improved how the Move products dialog is presented in the Manager. |
36636 |
|
Masked special characters can be used in the authorization definition of SAP functions. |
36780 |
|
Calculation of SAP functions optimized. |
36796 |
|
Enhanced performance calculating SAP functions. |
36821 |
|
Enhanced performance in attestation policy condition testing. |
37134 |
See also:
