Chat now with support
Chat with Support

Identity Manager 8.2 - Release Notes

Patches for synchronization projects

Patches for the following patch types are provided in One Identity Manager 8.2.

  • Patches for solved issues

  • Patches for new functions

  • Milestones

To adjust existing synchronization projects to One Identity Manager version 8.2, you must implement milestones. A milestone is provided for each context. A milestone includes all patches for solved issues together with milestones from previous versions, if they have not already been implemented. Once the current milestone has been implemented in a synchronization project, the project is then compatible with One Identity Manager 8.2.

Patches for new functions can be applied optionally.

The following is a list of all new patches provided in One Identity Manager 8.2 for synchronization projects. Only the patches that were newly created after version 8.1.5 are listed. For information about patches from earlier versions of One Identity Manager, see the respective release notes for each version.

Every patch contains a script, which tests whether the patch can be applied to the synchronization project. This depends on the specific configuration of the synchronization.

TIP: Implement milestones first and then apply optional patches for new functions.

For more information, see Applying patches to synchronization projects.

Table 15: General patches

Patch ID

Patch

Description

Issue ID

 

Milestone 8.2

Milestone for the context DPR.

 

 

Milestone 8.2

Milestone for the context One Identity Manager.

 

Table 16: Patches for Azure Active Directory

Patch ID

Patch

Description

Issue ID

VPR#28669

Support for invitations from guest users

Extends the user mapping for creating guest users by sending invitations.

28669

VPR#31389

Support for schema properties for hybrid environments, age groups, and user profiles

Adds new property mapping rules to the User mapping to support hybrid environments, age groups, and user profiles.

31389

VPR#32384

Support for Azure Active Directory group license assignments

Extends the synchronization configuration to support license assignments through Azure Active Directory groups.

32384

VPR#32454

Sets the AzureAD tag on synchronization projects

Sets the AzureAD tag on synchronization projects for Azure Active Directory.

32454

VPR#32665

Synchronization of ExternalUserState and ExternalUserState
ChangeDateTime

Adds property mapping rules for the ExternalUserState and ExternalUserStateChange
DateTime schema properties into the User mapping.

32665

VPR#32975

Adding a property mapping rule for LastPasswordChangeDate
Time

Inserts a property mapping rule for LastPasswordChangeDateTime into the User mapping.

32975

VPR#33088

Support for Azure Active Directory Service principals

Extends the synchronization configuration to support Azure Active Directory service principals and app roles.

Requirement for patch Active Directory policy support.

33088

VPR#33198

Active Directory policy support

Extends the synchronization configuration to support Active Directory policies.

Depending on patch Azure Active Directory service principal support.

33198

VPR#34150

Support for Microsoft Cloud US Government deployments (L4)

Adds support for Microsoft Cloud for US Government (L4).

34150

 

Milestone 8.2

Milestone for the context Azure Active Directory.

 

Table 17: Patches for Active Directory

Patch ID

Patch

Description

Issue ID

VPR#32110

Adds the middleName schema property

Inserts the middleName schema property into the User and inetOrgPerson mappings.

32110

VPR#32759

Adds property mapping rules for the schema property ProtectedFromAccidentalDeletion
Deletion

Inserts a property mapping rule for the ProtectedFromAccidental
Deletion schema property into the user, contact, group, and computer mappings.

32759

VPR#32950

Adds further property mapping rules for the schema property mS-DS-ConsistencyGuid

Inserts a property mapping rule for the mS-DS-ConsistencyGuid schema property into the contact, group and computer mappings.

Prerequisite for patch Corrects the property mapping rule for the schema property mS-DS-ConsistencyGuid.

32950

VPR#33217_001

Checks the properties of mappings

Checks and corrects mappings that have the Only suitable for updates option enabled.

33217

VPR#34324

Publish group members as read only

Publish member properties of groups as read-only to avoid write operations in the target system browser.

34324

VPR#34715

Corrects the property mapping rule for MSDsConsistencyGuid

Corrects the mapping direction of the property mapping rule for the mS-DS-ConsistencyGuid schema property in the user mapping.

Dependent on the patch Adds further property mapping rules for the schema property mS-DS-ConsistencyGuid.

34715

 

Milestone 8.2

Milestone for the context Active Directory.

 

Table 18: Patches for Active Roles

Patch ID

Patch

Description

Issue ID
VPR#32110 New property mapping rule for middleName Inserts a property mapping rule for the middleName schema property into the User and InetOrgPerson mappings. 32110
VPR#32783 New property mapping rule for edsvaProtectFromDeletion Inserts a property mapping rule for edsvaProtectFromDeletion in the Group, Computer, User and InetOrgPerson mappings. 32783
VPR#32952 Adds property mapping rules for mS-DS ConsistencyGuid Inserts a property mapping rule for the mS-DS-ConsistencyGuid schema property into the Contact, Group, Computer, User, and InetOrgPerson mappings. 32952

VPR#34168

New property mapping rule for edsaIsDynamicGoup

Inserts a property mapping rule for the edsaIsDynamicGoup schema property into the mapping Group.

This patch is applied automatically when One Identity Manager is updated.

34168

VPR#34634

New property mapping rules for edsvaGFIsGroupFamily and edsvaCGIsControlledGroup

Inserts property mapping rules for the edsvaGFIsGroupFamily and edsvaCGIsControlledGroup schema properties into the group mapping.

34634

 

Milestone 8.2

Milestone for the context Active Roles.

 

Table 19: Patches for Oracle E-Business Suite

Patch ID

Patch

Description

Issue ID

VPR#33804

Clearing up connection parameters

Removes unnecessary system connection parameters from the connection parameter.

This patch is applied automatically when One Identity Manager is updated.

33804

 

Milestone 8.2

Milestone for the context Oracle E-Business Suite.

 

Table 20: Patches for Microsoft Exchange

Patch ID

Patch

Description

Issue ID

VPR#21073

Support of the mailbox permissions Send as and Full access

Extends the synchronization configuration to support the Send As and Full Access mailbox permissions.

NOTE: Since this has a large impact on performance, the corresponding synchronization steps are disabled by default and must be enabled manually.

21073

VPR#26120

New Property Mapping Rules for IsExcludedFromProvisioning and IsSuspendedFromProvisioning

Inserts property mapping rules for the IsExcludedFromProvisioning and IsSuspendedFromProvisioning schema properties into the MailboxDatabase mapping.

26120

VPR#27741

Supports address book policies

Extends the synchronization configuration to support address book policies for mailboxes.

27741

VPR#31470

New property mapping rule for IsSingleItemRecoveryEnabled

Inserts a property mapping rule for the IsSingleItemRecoveryEnabled schema property into the mailbox mapping.

31470

 

Milestone 8.2

Milestone for the context Microsoft Exchange.

 

Table 21: Patches for Exchange Online

Patch ID

Patch

Description

Issue ID
VPR#34170

Support for Microsoft Cloud for US Government (L4)

Adds support for Microsoft Cloud for US Government (L4).

This patch is applied automatically when One Identity Manager is updated.

 34170
VPR#34046 New property mapping rule for HiddenFromExchange
ClientsEnabled		 Adds a property mapping rule for the HiddenFromExchange-schema
ClientsEnabled property in the UnifiedGroup mapping.		 34046

 

Milestone 8.2

Milestone for the context Exchange Online.

 

Table 22: Patches for Google Workspace

Patch ID

Patch

Description

Issue ID

VPR#32610

Mapping of different access permissions of groups

Extends the group mapping to map access permissions.

This patch is applied automatically when One Identity Manager is updated.

32610

VPR#33093

Additional schema properties mapping for user accounts

Extends the user mapping to map additional schema properties of user accounts.

33093

VPR#34645

Correction in the User mapping

Corrects the property mapping rule for the Aliases schema property in the user mapping.

34645

 

Milestone 8.2

Milestone for the context Google Workspace.

 

Table 23: Patches for LDAP

Patch ID

Patch

Description

Issue ID

VPR#33513

Support for multiple domains with the same DN

Expands the scope and default variable set to support multiple domains with the same distinguished name.

33513

 

Milestone 8.2

Milestone for the context LDAP.

 

Table 24: Patches for HCL Domino

Patch ID

Patch

Description

Issue ID

VPR#25230

Changes the default value of the MailFileAccessType variable

Changes the default value of the MailFileAccessType variable to 0.

25230

VPR#34393 Correction of a property mapping rule in person mapping

Corrects settings of the property mapping rule for InternetPassword in the person mapping.

This patch is applied automatically when One Identity Manager is updated.

 34393

 

Milestone 8.2

Milestone for the context HCL Domino.

 

Table 25: Patches for Privileged Account Management

Patch ID

Patch

Description

Issue ID

VPR#32541

Support for SSH key access requests

Adds property mapping rules to the Asset and AssetAccount mappings to support access requests for SSH keys.

32541

VPR#34392

Support of Vault for personal passwords

Inserts property mapping rules for the AllowPersonalAccounts schema property into the User mapping.

34392

VPR#34403

Handling passwords as secret values

Updates the connector scheme to treat passwords as secret values.

This patch is applied automatically when One Identity Manager is updated.

34403

 

Milestone 8.2

Milestone for the context Privileged Account Management.

 

Table 26: Patches for SAP R/3

Patch ID

Patch

Description

Issue ID

VPR#33217_002

Checks the properties of mappings

Checks and corrects mappings that have the Not suitable for new creation option enabled.

33217

VPR#33301 Support of SAP S/4HANA user types and communication data Extends the synchronization configuration to map the address and communication data of business partners. 33301
VPR#33301_2 Support for SAP S/4HANA user types Extends the synchronization configuration to map user types. 33301
VPR#33819 New Property mapping rule for the default company of SAP clients Inserts a property mapping rule for mapping the default company of SAP clients into the client mapping . 33819
VPR#34563 Correction of userInRole mapping and synchronization step

Corrects the mapping and synchronization step for SAPUserInSAPRole assignments that are not effective.

This patch is applied automatically when One Identity Manager is updated.

Dependent on patch Set filter for SAPUserInSAPRole (VPR#31427).

 34563

 

Milestone 8.2

Milestone for the context SAP R/3.

 

Table 27: Patches for SAP R/3 personnel planning data and structural profiles

Patch ID

Patch

Description

Issue ID

 

Milestone 8.2

Milestone for the context SAP R/3 structural profile add-on.

 

Table 28: Patches for SAP R/3 BI analysis authorizations

Patch ID

Patch

Description

Issue ID

 

Milestone 8.2

Milestone for the context SAP R/3 analysis authorizations add-on.

 

Table 29: Patches for SAP R/3 authorization objects

Patch ID

Patch

Description

Issue ID

VPR#32292

Mapping of table USOBHASH

Inserts a map and a synchronization step to read in USOBHASH table data from the target system.

32292

VPR#32963_1 Mapping changes to map additional authorization objects (part 1)

Modifies various mappings to map external services, TADIR services, and RFC function modules into SAP functions.

Replaces the patch VPR#32292.

Part 1: Deletes existing maps.

This patch is applied automatically when One Identity Manager is updated.

Prerequisite for patch Mapping changes to map additional authorization objects (part 2).

 32963

VPR#32963_2

Mapping changes to mapping additional authorization objects (part 2)

Modifies various mappings to map external services, TADIR services, and RFC function modules into SAP functions.

Part 2: Adds new maps.

This patch is applied automatically when One Identity Manager is updated.

Depending on patch Mapping changes to map additional authorization objects (part 1).

32963

 

Milestone 8.2

Milestone for the context SAP R/3.

 

Table 30: Patches for SharePoint

Patch ID

Patch

Description

Issue ID

 

Milestone 8.2

Milestone for the context SharePoint.

 

Table 31: Patches for SharePoint Online

Patch ID

Patch

Description

Issue ID
VPR#31779 Configuration for creating and deleting site collections and sites Expands the synchronization configuration to be able to create and delete site collections and sites. 31779

 

Milestone 8.2

Milestone for the context SharePoint Online.

 

Table 32: Patches for the SCIM interface (in Universal Cloud Interface Module)

Patch ID

Patch

Description

Issue ID
VPR#32564 Configuration of the number of parallel requests Adds the variable Max. Parallel Queries into the default variable set. 32564

VPR#33884

Configuration of the KeepAlive connection parameter

Adds the HTTP KeepAlive variable to the default variable set.

33884

VPR#33978

New variable for setting a default time zone

Adds a variable to the default variable set and connection parameters to be able to set a default time zone.

This patch is applied automatically when One Identity Manager is updated.

33978

 

Milestone 8.2

Milestone for the context SCIM.

 

Table 33: Patches for the Universal Cloud Interface interface (in Cloud Systems Management Module)

Patch ID

Patch

Description

Issue ID

 

Milestone 8.2

Milestone for the context Universal Cloud Interface.

 

Table 34: Patches for Unix

Patch ID

Patch

Description

Issue ID

VPR#Patch32500

Elevation password variable correction

Marks the Elevation password variable as a secret value.

32500

VPR#33249

New variables and connection parameters for authentication with the SSH private key

Inserts variables and connection parameters for authentication with the SSH private key.

33249

 

Milestone 8.2

Milestone for the context Unix.

 

Table 35: Patches for the One Identity Manager connector

Patch ID

Patch

Description

Issue ID

VPR#33728

Updating the One Identity Manager schema

Updates the One Identity Manager schema to support the generation of synchronization projects with the One Identity Manager connector.

33728

 

Milestone 8.2

Milestone for the context Database.

 

Table 36: Patches for the CSV connector

Patch ID

Patch

Description

Issue ID

 

Milestone 8.2

Milestone for the context CSV.

 

Deprecated features

The following features are no longer supported with this version of One Identity Manager:

  • In future, mutual aid as well as password questions and password answers will not be supported in the Manager.

    Use the Password Reset Portal to change passwords. Save your password questions and password answers in the Web Portal.

  • The QER | Person | UseCentralPassword | PermanentStore has been deleted.

  • The viITShop system user has been deleted.

    Use role-based login with the appropriate application roles.

  • The VI_BuildPwdMessage script has been deleted.

    Mail templates are used to send email notifications with login information. The mail templates are entered in the TargetSystem | ... | Accounts | InitialRandomPassword | SendTo | MailTemplateAccountName and TargetSystem | ... | Accounts | InitialRandomPassword | SendTo | MailTemplatePassword configuration parameters.

  • The <SpecialSheetData> section from configuring interface forms is no longer supported. The definition now goes in the <Properties> section.

  • The UCI_TargetUsesProfiles script has been deleted.

The following functions will be discontinued in later One Identity Manager versions and should no longer be utilized:

  • The generic LDAP connector will not be supported in future. Use the new LDAP connector LDAP Connector (version 2)

  • The SOAP Web Service will not be supported in future.

  • The SPML Webservice will not be supported in future.

  • The Microsoft Exchange 2010 connector will not be supported in future.

  • The SharePoint 2010 connector will not be supported in future.

  • The following script are labeled obsolete. A warning to this effect is issued during compilation.

    • VI_GetValueOfObject

    • VID_GetValueOfDialogObject

    • VI_ITDataFromOrg

    • VI_AE_ITDataFromOrg

    • VI_GetOrgUnitFromCertifier

    • TSB_CreateCanonicalNameFromDN

    • VI_ConvertDNToCanonicalName

    • VI_PersonAuto_LDAP

    • VI_PersonAuto_ADS

    • VI_PersonAuto_EBS

    • VI_PersonAuto_Notes

    • VI_PersonAuto_SAP

    • VI_PersonAuto_SharePoint_SPSUser

System requirements

Ensure that your system meets the following minimum hardware and system requirements before installing One Identity Manager. For more detailed information about system prerequisites, see the One Identity Manager Installation Guide.

NOTE: When setting up a virtual environment, carefully consider the configuration aspects such as CPU, memory availability, I/O subsystem, and network infrastructure to ensure the virtual layer has the necessary resources available. Please consult One Identity's Product Support Policies for more information on environment virtualization.

Every One Identity Manager installation can be virtualized. Ensure that performance and resources are available to the respective One Identity Manager component according to system requirements. Ideally, resource assignments for the database server are fixed. Virtualization of a One Identity Manager installation should only be attempted by experts with strong knowledge of virtualization techniques.

Minimum requirements for the database server

A server must meet the following system requirements for installation of a One Identity Manager database. Depending on the number of One Identity Manager modules and the accounts managed in One Identity Manager, the requirements for working memory, hard disk storage, and processors may be significantly greater than the minimum requirements.

Processor

8 physical cores with 2.5 GHz+ frequency (non-production)

16 physical cores with 2.5 GHz+ frequency (production)

NOTE: 16 physical cores are recommended on the grounds of performance.

Memory

16 GB+ RAM (non-production)

64 GB+ RAM (production)

Hard drive storage

100 GB

Operating system

Windows operating system

  • Note the requirements from Microsoft for the SQL Server version installed.

UNIX and Linux operating systems

  • Note the minimum requirements given by the operating system manufacturer for SQL Server databases.

Software

Following versions are supported:

  • SQL Server 2017 Standard Edition (64-bit) with the current cumulative update

  • SQL Server 2019 Standard Edition (64-bit) with the current cumulative update

    NOTE: The cumulative update 2 for SQL Server 2019 is not supported.

NOTE: For performance reasons, the use of SQL Server Enterprise Edition is recommended for live systems.

  • Compatibility level for databases: SQL Server 2017 (140)

  • Default collation: case insensitive, SQL_Latin1_General_CP1_CI_AS (recommended)

  • SQL Server Management Studio (recommended)

NOTE: The minimum requirements listed above are considered to be for general use. With each custom One Identity Manager deployment these values may need to be increased to provide ideal performance. To determine production hardware requirements, it is strongly recommended to consult a qualified One Identity Partner or the One Identity Professional Services team. Failure to do so may result in poor database performance.

For additional hardware recommendations, read the KB article https://support.oneidentity.com/identity-manager/kb/290330/how-to-configure-settings-as-per-the-system-information-overview, which outlines the System Information Overview available within One Identity Manager.

NOTE: In virtual environments, you must ensure that the VM host provides performance and resources to the database server according to system requirements. Ideally, resource assignments for the database server are fixed. Furthermore, optimal I/O performance must be provided, in particular for the database server. For more information about virtual environments, see Product Support Policies.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating