Chat now with support
Chat with Support

Identity Manager 8.2.1 - Release Notes

Patches for synchronization projects

The following is a list of all patches provided for synchronization projects in One Identity Manager 8.2.1. Every patch contains a script, which tests whether the patch can be applied to the synchronization project. This depends on the specific configuration of the synchronization.

For more information, see Applying patches to synchronization projects.

Table 15: Patches for Azure Active Directory

Patch ID

Patch

Description

Issue ID

VPR#34896

Improved mapping of user accounts in federations

Changes the User mapping to support the addition of Azure Active Directory user accounts that are later synchronized with the associated Active Directory user account. User accounts enabled for synchronization with the local Active Directory (OnPremisesSyncEnabled = True) only have specific schema properties read in.

This patch is applied automatically when One Identity Manager is updated.

34896

Table 16: Patches for Oracle E-Business Suite

Patch ID

Patch

Description

Issue ID

VPR#34775

Adds a password variable

Adds a variable for the synchronization user's password and replaces the password in the login credentials with the variable.

This patch is applied automatically when One Identity Manager is updated.

34775

Table 17: Patches for Microsoft Exchange

Patch ID

Patch

Description

Issue ID

VPR#21073_2

Manages mailbox permissions

Only permits principals that are also available in the Exchange Admin Center.

Depends on the Support for mailbox permissions Send as and Full access patch.

This patch is applied automatically when One Identity Manager is updated.

21073

VPR#35343_EX0

Changes the behavior of "unlimited" values

Change to the behavior of "unlimited" values. They are represented in the database as -1 instead of 0, whereby true 0 values can be handled.

This patch is applied automatically when One Identity Manager is updated.

35343

Table 18: Patches for Exchange Online

Patch ID

Patch

Description

Issue ID

VPR#34938

New property mapping rule for mail user recipient type

Adds two property mapping rules for the recipient type in the MailUser mapping.

This patch is applied automatically when One Identity Manager is updated.

34938

VPR#35373

Corrects incorrect processing methods in synchronization workflows.

Removes incorrect processing methods from the Calendar Processing and Mailbox Statistics synchronization steps in the workflows.

This patch is applied automatically when One Identity Manager is updated.

35373

VPR#35343_O3E

Changes the behavior of "unlimited" values

Change to the behavior of "unlimited" values. They are represented in the database as -1 instead of 0, whereby true 0 values can be handled.

35343

Table 19: Patches for SAP R/3

Patch ID

Patch

Description

Issue ID

VPR#35118

New property mapping rule for mapping ALE model names and ALE names

Adds property mapping rules for loading ALE model names and ALE names from the central system of a CUA to the ALEModel mapping.

35118

VPR#35370

Corrects the reference scope

Corrects the reference scope of the One Identity Manager connection to correctly map deputies to SAP user accounts.

Prerequisite for the Corrects the reference scope (for CUA) patch.

This patch is applied automatically when One Identity Manager is updated.

35370

VPR#35370_CUA

Corrects the reference scope (for CUA)

Corrects the reference scope of the One Identity Manager connection to correctly map deputies to SAP user accounts in the CUA.

Depends on the Corrects the reference scope patch.

This patch is applied automatically when One Identity Manager is updated.

35370

Table 20: Patches for SAP R/3 personnel planning data and structural profiles

Patch ID

Patch

Description

Issue ID

VPR#35174_1

Allows updating of SAPUserInSAPHRP during provisioning (part 1/2)

Corrects the provisioning workflow to allow updating of structural profile assignments to user accounts.

Prerequisite for the Updating structural profiles during provisioning (part 2/2) patch.

This patch is applied automatically when One Identity Manager is updated.

35174

VPR#35174_2

Allows updating of SAPUserInSAPHRP during provisioning (part 2/2)

Corrects the synchronization configuration to allow updating of structural profile assignments to user accounts.

Dependent on the Updating structural profiles during provisioning (part 1/2) patch.

This patch is applied automatically when One Identity Manager is updated.

35174

Deprecated features

The following features are no longer supported with this version of One Identity Manager:

  • In future, mutual aid as well as password questions and password answers will not be supported in the Manager.

    Use the Password Reset Portal to change passwords. Save your password questions and password answers in the Web Portal.

  • The QER | Person | UseCentralPassword | PermanentStore configuration parameter has been deleted.

  • The viITShop system user has been deleted.

    Use role-based login with the appropriate application roles.

  • The VI_BuildPwdMessage script has been deleted.

    Mail templates are used to send email notifications with login information. The mail templates are entered in the TargetSystem | ... | Accounts | InitialRandomPassword | SendTo | MailTemplateAccountName and TargetSystem | ... | Accounts | InitialRandomPassword | SendTo | MailTemplatePassword configuration parameters.

  • The <SpecialSheetData> section from configuring interface forms is no longer supported. The definition now goes in the <Properties> section.

  • The UCI_TargetUsesProfiles script has been deleted.

The following functions will be discontinued in later One Identity Manager versions and should no longer be utilized:

  • The generic LDAP connector will not be supported in future. Use the new LDAP connector LDAP Connector (version 2)

  • The SOAP Web Service will not be supported in future.

  • The SPML Webservice will not be supported in future.

  • The Microsoft Exchange 2010 connector will not be supported in future.

  • The SharePoint 2010 connector will not be supported in future.

  • The following scripts are labeled obsolete. A warning to this effect is issued during compilation.

    • VI_GetValueOfObject

    • VID_GetValueOfDialogObject

    • VI_ITDataFromOrg

    • VI_AE_ITDataFromOrg

    • VI_GetOrgUnitFromCertifier

    • TSB_CreateCanonicalNameFromDN

    • VI_ConvertDNToCanonicalName

    • VI_PersonAuto_LDAP

    • VI_PersonAuto_ADS

    • VI_PersonAuto_EBS

    • VI_PersonAuto_Notes

    • VI_PersonAuto_SAP

    • VI_PersonAuto_SharePoint_SPSUser

  • Starling Two-Factor Authentication and the Starling 2FA app will no longer be supported in future versions, as the Starling Two-Factor Authentication service will be discontinued on November 1, 2022.

    • There is currently no replacement for multi-factor authentication for requests or attestation. This will be complemented by integration with OneLogin in a subsequent version.

    • Instead, use the new functionality of adaptive cards with Starling Cloud Assistant to approve request and attestation cases.

      There is still support in the Starling 2FA app in version 8.2.1 for request approvals, but it is not enabled.

      To enable the functionality for approving requests with the Starling 2FA app

      1. In the Designer, enable the VI_ESS_PWOHelperPWO approve anywhere process.

      2. In the Designer, disable the QER_PWOHelperPWO approve anywhere process.

  • The Relevance for Compliance property for IT Shop requests (PWODecisionStep.ComplianceRelevance and QERWorkingStep.ComplianceRelevance) will no longer be supported in future versions.

  • Processing of API definition code in the API Designer is being deprecated.

    Added instructions in the One Identity Manager API Development Guide on how to convert XML-based API definition code into a plugin library.

  • Compilation of HTML applications in the Database Compiler is being deprecated.

  • Compilation of the API DLL in the Database Compiler is being deprecated.

  • The API Designer is being deprecated.

  • The Visual Studio Code extension for HTML application development is being deprecated.

  • Administration of different versions of a compiled project using compilation branches is being deprecated.

System requirements

Ensure that your system meets the following minimum hardware and system requirements before installing One Identity Manager. For more detailed information about system prerequisites, see the One Identity Manager Installation Guide.

NOTE: When setting up a virtual environment, carefully consider the configuration aspects such as CPU, memory availability, I/O subsystem, and network infrastructure to ensure the virtual layer has the necessary resources available. Please consult One Identity's Product Support Policies for more information on environment virtualization.

Every One Identity Manager installation can be virtualized. Ensure that performance and resources are available to the respective One Identity Manager component according to system requirements. Ideally, resource assignments for the database server are fixed. Virtualization of a One Identity Manager installation should only be attempted by experts with strong knowledge of virtualization techniques.

Minimum requirements for the database server

A server must meet the following system requirements for installation of a One Identity Manager database. Depending on the number of One Identity Manager modules and the accounts managed in One Identity Manager, the requirements for working memory, hard disk storage, and processors may be significantly greater than the minimum requirements.

Processor

8 physical cores with 2.5 GHz+ frequency (non-production)

16 physical cores with 2.5 GHz+ frequency (production)

NOTE: 16 physical cores are recommended on the grounds of performance.

Memory

16 GB+ RAM (non-production)

64 GB+ RAM (production)

Hard drive storage

100 GB

Operating system

Windows operating system

  • Note the requirements from Microsoft for the SQL Server version installed.

UNIX and Linux operating systems

  • Note the minimum requirements given by the operating system manufacturer for SQL Server databases.

Software

Following versions are supported:

  • SQL Server 2017 Standard Edition (64-bit) with the current cumulative update

  • SQL Server 2019 Standard Edition (64-bit) with the current cumulative update

    NOTE: The cumulative update 2 for SQL Server 2019 is not supported.

NOTE: For performance reasons, the use of SQL Server Enterprise Edition is recommended for live systems.

  • Compatibility level for databases: SQL Server 2017 (140)

  • Default collation: case insensitive, SQL_Latin1_General_CP1_CI_AS (recommended)

  • SQL Server Management Studio (recommended)

NOTE: The minimum requirements listed above are considered to be for general use. With each custom One Identity Manager deployment these values may need to be increased to provide ideal performance. To determine production hardware requirements, it is strongly recommended to consult a qualified One Identity Partner or the One Identity Professional Services team. Failure to do so may result in poor database performance.

For additional hardware recommendations, read the KB article https://support.oneidentity.com/identity-manager/kb/290330/how-to-configure-settings-as-per-the-system-information-overview, which outlines the System Information Overview available within One Identity Manager.

NOTE: In virtual environments, you must ensure that the VM host provides performance and resources to the database server according to system requirements. Ideally, resource assignments for the database server are fixed. Furthermore, optimal I/O performance must be provided, in particular for the database server. For more information about virtual environments, see Product Support Policies.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating