One Identity Manager 9.2.1
Release Notes
21 May 2024, 12:29
These release notes provide information about the One Identity Manager release version 9.2.1. You will find all the modifications since One Identity Manager version 9.2 listed here.
For the most recent documents and product information, see
Online product documentation.
One Identity Manager 9.2.1 is a minor release with new functionality and enhanced behavior. See New features and Enhancements.
If you are updating a version older than 9.2, read the release notes from the previous versions as well. You will find the release notes and the release notes about the additional modules based on technology under One Identity Manager Support.
One Identity Manager documentation is available in both English and German. The following documents are only available in English:
-
One Identity Manager Password Capture Agent Administration Guide
-
One Identity Manager LDAP Connector for CA Top Secret Reference Guide
-
One Identity Manager LDAP Connector for IBM RACF Reference Guide
-
One Identity Manager LDAP Connector for IBM AS/400 Reference Guide
-
One Identity Manager LDAP Connector for CA ACF2 Reference Guide
-
One Identity Manager REST API Reference Guide
-
One Identity Manager Web Runtime Documentation
-
One Identity Manager Object Layer Documentation
-
One Identity Manager Composition API Object Model Documentation
-
One Identity Manager Secure Password Extension Administration Guide
Topics:
About One Identity Manager 9.2.1
One Identity Manager simplifies the process of managing user identities, access permissions, and security policies. It gives control over identity management and access decisions to your organization, freeing up the IT team to focus on their core competence.
The One Identity Manager enables you to realize Access Governance demands cross-platform within your entire company. One Identity Manager is based on an automation-optimized architecture and, unlike other “traditional” solutions, addresses major identity and access management challenges in a fraction of the time, complexity, and expense.
One Identity Starling
Initiate your subscription within your One Identity on-prem product and join your on-prem solutions to our One Identity Starling cloud platform. Giving your organization immediate access to a number of cloud-delivered microservices, which expand the capabilities of your One Identity on-prem solutions. We will continuously make available new products and features to One Identity Starling.
For a free trial of our One Identity Starling offerings and to get the latest product feature updates, visit https://www.cloud.oneidentity.com.
New features in One Identity Manager 9.2.1:
HTML5 web applications
-
The option to navigate in hyperviews in web applications can now be disabled in the Administration Portal.
-
The One Identity GitHub repository provides documentation for the most important Angular components.
Target system connection
-
version 8.1.5 is supported to the previous extent.
-
One Identity Safeguard Versions 7.4 and 7.5 are supported to the previous extent.
-
Support for SAP S/4HANA Cloud 2022 and 2023 with SAP BASIS 7.57 and 7.58.
An updated BAPI transport SAPTRANSPORT_70.ZIP is provided.
-
Support for HCL Domino Server version 14 and HCL Notes Client version 12.0.1 in the 64-bit variation, and 14.0.
A 64-bit version of the HCL Notes Client must now be installed on the gateway server to make it possible to synchronize a Domino environment.
-
In the OneLogin connector, a method for handling the HTTP status 429 (too many requests) and a waiting mechanism with random, exponentially increasing waiting times has been implemented to avoid disconnects when the X-RATE limit is exceeded. This means that denied requests are repeated for up to an hour.
Identity and Access Governance
-
Support for new Manual laborer employee type. The employee type is included in the license report for One Identity Manager.
-
Azure Active Directory administrator roles can now be added automatically to the IT Shop. The functionality is enabled by the QER | ITShop | AutoPublish | AADDirectoryRole configuration parameter. By default, the Approval of Azure Active Directory requests approval policy is used to decide requests.
NOTE: The new Approval of Azure Active Directory requests approval policy has also been assigned to the existing default shelves for Disabled Azure Active Directory service plans, Azure Active Directory groups, and Azure Active Directory subscriptions.
-
Assignments that result from a request can now also be automatically removed if attestation is denied. The following configuration parameters have been newly implemented:
-
QER | Attestation | AutoRemovalScope | OrgHasESet | RemoveRequested
-
QER | Attestation | AutoRemovalScope | DepartmentHasESet | RemoveRequested
-
QER | Attestation | AutoRemovalScope | LocalityHasESet | RemoveRequested
-
QER | Attestation | AutoRemovalScope | ProfitCenterHasESet | RemoveRequested
-
In Microsoft Teams, you can attest teams and team memberships. Default attestation policies and default approval workflows are provided for this. There is support for automatic removal of team memberships if attestation is denied.
-
Company policies can be configured such that an attestation is started for each policy violation. To do this, an attestation policy is assigned to the company policy. Entitlements that violate company policies can be automatically removed or user accounts disabled. There are three ways to start attestation:
-
Scheduled by the schedule assigned to the attestation policy
-
Automatically as soon as a policy violation is detected
-
Manually, using the Run attestation cases now task
Related topics
The following is a list of enhancements implemented in One Identity Manager 9.2.1.
Table 1: General
|
Additional permitted values for the DialogParameter.QueryDisplayType column to enhance how query data is displayed. |
430664, 36621 |
|
Improved performance calculating authorizations for One Identity Manager users. |
431109, 36836 |
|
Enhanced security of the help system. |
437475, 37345 |
|
When starting individual programs with the Launchpad, you can now select whether logging in is automatic or whether to use new connection credentials. |
440485 |
|
Enhanced documentation of the No direct database connection property for Job servers. |
440489, 37435 |
|
Password Manager Secure Password Extension has been updated to version 5.13.1. |
442044 |
|
Improved performance when creating and handling processes. |
443099 |
|
Enhanced documentation of the wizard for entering database queries. |
445717 |
|
Improved performance of Job server querying the Job queue. |
445982 |
|
Configuration parameters can now be marked as encrypted even if database encryption is not configured. |
446349 |
|
Improved performance in the Job Queue Info when information is loaded from the process history. |
449818, 453348 |
Table 2: HTML5 web applications
|
In the Web Portal, it is now possible to navigate inside an object's hyperview. |
427806 |
|
In the Web Portal, it is now possible to set a link to the requests page whereby a specific service category or a specific product is opened.
To do this, use the URL parameter /#/newrequest/allProducts?serviceCategory=<service category UID> or /#/newrequest/allProducts?serviceItem=<service item UID>. |
427946 |
|
Error texts are now not only displayed in the HTTP status field, but also in the payload of the response to an API request. This improves compatibility with HTTP/2.0. |
432451 |
|
Improved API Server performance. |
435696 |
|
In the Web Portal, object types of objects that are part of an attestation case are now shown. |
436245 |
|
If OAuth is not configured correctly, more meaningful error messages are now generated for the API Server log. |
437362 |
|
Data export in the Web Portal now provides more properties for selection. |
439740 |
|
Improved registration of Angular CDR providers. |
440711 |
|
Enhanced documentation of custom designs in the GitHub repository for standard HTML applications. |
440711 |
|
In the Web Portal, you can now renew requests if you have write permissions for them. |
443133 |
|
In the Administration Portal, you can now define a filter using the VI_ITShop_Filter_AccProduct configuration key. This filter determines which service items are displayed in the Web Portal depending on the selected request recipients. |
445150 |
|
You can now define a filter in the Administration Portal using the VI_ITShop_Filter_AccProductGroup configuration key. This filter determines which service categories are displayed in the Web Portal depending on the selected request recipients. |
445150 |
|
Enhanced documentation on the Docker container for the API Server. |
449613 |
|
The third-party component Node.js has been updated to version 16.20.2. |
454172 |
Table 3: Web Designer web applications
|
Improved performance when copying items in the Web Designer Web Portal shopping cart. |
446254 |
|
Performance when sending the shopping cart in Web Designer Web Portal has been improved if the VI_ITShop_CalculateComplianceCheck configuration key is disabled. |
449152 |
Table 4: Target system connection
|
Different strategies are used for applying filters. |
35406 |
|
Enhanced description of variables for Microsoft Exchange synchronization projects.
A patch with the patch ID VPR#37274 is available for synchronization projects. |
433874, 37274 |
|
Optimization of the SAP R/3 connector for synchronizing SAP authorizations if the total number of SAP authorizations is too large for processing. Additional synchronization steps are provided, which can process the SAP authorizations in separate partitions.
A patch with the patch ID VPR#37380 is available for synchronization projects.
To use the optimization
-
Apply the patch VPR#37380 in the Synchronization Editor.
-
Enable the profileHasAuthObjectFieldPart1, profileHasAuthObjectFieldPart2, profileHasAuthObjectFieldPart3, and profileHasAuthObjectFieldPart4 synchronization steps.
-
Disable the profileHasAuthObjectField synchronization step.
-
Save the changes.
The next synchronization divides all the SAP authorizations into four blocks and processes them independently of each other. |
438884, 37380 |
|
If the Trace information level is enabled in the NLog configuration, the Microsoft Graph connector, which is used for the synchronizing Azure Active Directory and Microsoft Teams, now logs requests to the graph endpoint. The log only contains the request URI and the response code. A GUID is generated to match the request and response. |
441232 |
|
In the Manager, other POSIX properties for Active Directory user accounts, contacts, and groups are displayed on the forms. |
441991 |
|
The generic database connector for PostgreSQL databases supports the Name and OID data types. |
447959 |
|
Connection timeouts of the SAP .Net Connector that occur during synchronization are detected and the RFC connection is re-established transparently. |
448633 |
Table 5: Identity and Access Governance
|
The OA and TO approval procedures have been extended to determine approvers for assignment requests.
The EN approval procedure has been extended to determine attestors for assignments of system entitlements to hierarchical roles. |
430621, 36432 |
|
Improved mapping of identity responsibilities. |
430714, 36914 |
|
All types of company resources can now be assigned by request assignment to business roles with the Team role role class. |
438994, 37377 |
|
Functional changes in the SAP R/3 Compliance Add-on (SAC) module have been rolled back to a stable version. |
447665 |
|
If an approval mail cannot be processed during approval by mail, the approvers are now informed of the issue and the approval mail is removed from the mailbox depending on the selected cleanup method.
If mail notifications via Microsoft Exchange or Exchange Online fail to send, the same mail is now sent via an SMTP connection if the option is configured. |
430230 |
Related topics
