Chat now with support
Chat with Support

Active Roles 8.2 - Release Notes

Active Roles 8.2

Active Roles 8.2

Release Notes

30 July 2024, 16:30

These release notes provide information about the Active Roles 8.2 release. For the most recent documents and product information, see Active Roles Technical Documents on the One Identity support portal.

Topics:

About this release

Active Roles 8.2 is a minor release with new features and functionality. See New features and Enhancements.

IMPORTANT: Starting from Active Roles 8.2, the Microsoft OLE DB Driver requirements have changed. These changes require additional configuration steps to perform before upgrading or installing Active Roles. Failure to complete these steps might result in the Active Roles Service not starting. For more information, see Microsoft OLE DB Driver for SQL Server security impacts.

New features

Active Roles 8.2 has the following new features.

Azure Government tenant support

Active Roles and Active Roles Synchronization Service now support connecting to and managing the objects of Azure Government (GCC and GCC-H) tenants.

  • In Active Roles, you can connect to Azure Government tenants via the Active Roles Configuration Center. After adding the Azure Government tenant and consenting Active Roles as an Azure application, you can manage the objects of the Azure Government tenant via the Active Roles Web Interface or the Managed Unit feature of the Active Roles Console.

  • In Active Roles Synchronization Service, you can configure the Azure AD Connector, the Microsoft 365 Connector and Azure BackSync to synchronize the resources of Azure Government tenants.

For more information, see the following resources:

  • For more information on Azure Government tenants, see Compare Azure Government and global Azure in the Microsoft Azure documentation.

  • For more information on how to connect Active Roles to an Azure Government tenant and consent Active Roles as an Azure application through the Active Roles Configuration Center, see Configuring a new Azure tenant and consenting Active Roles as an Azure application in the Active Roles Administration Guide.

  • For more information on how to configure Azure BackSync for Azure Government tenants, see Configuring Azure BackSync in the Active Roles Synchronization Service Administration Guide.

  • For more information on how to configure the Azure AD Connector or the Microsoft 365 Connector for Azure Government tenants, see Creating a Microsoft Azure Active Directory connection or Creating a Microsoft 365 connection in the Active Roles Synchronization Service Administration Guide.

Azure BackSync replacement

Active Roles now supports the Azure BackSync feature via the associated BackSync Replacement built-in script and workflow, which are available in the Active Roles Console. This feature replaces the Azure BackSync operation of the Active Roles Synchronization Service.

For more information, see About the BackSync Replacement workflow in the Active Roles Administration Guide.

See also:

Enhancements

The following is a list of enhancements implemented in Active Roles 8.2.

Table 1: General enhancements
Enhancement Issue ID

Federated authentication support in Active Roles received the following enhancements:

  • Active Roles now also supports federated authentication using SAML 2.0, allowing users to access websites or sign in once with the single sign-on (SSO) option.

    NOTE: Federated authentication is not supported and does not work on standalone Web Interface instances.

  • Active Roles now also supports automatically refreshing expired certificates from the remote store, if federated authentication is configured for the Active Roles Web Interface, but the certificate gets expired and another identity provider, such as Microsoft Entra ID replaces it.

    NOTE: After upgrading Active Roles, always ensure that Active Roles automatically refreshes expired certificates. To do so:

    • If using WS-Federation, in the Active Roles Configuration Center, in Web Interface > Authentication, reconfigure federated authentication.

    • If using SAML 2.0 authentication, in the Active Roles Configuration Center, in Web Interface > Authentication, configure federated authentication and make sure to load the federation metadata from a URL (instead of loading it from a file).

For more information, see Configuring federated authentication in the Active Roles Administration Guide.

299431,

437706

Active Roles 8.2 has been checked against the following Security Technical Implementation Guidelines (STIGs) of the Defense Information Systems Agency (DISA).

  • Application Security and Development

  • MS SQL Server 2016 Database

  • MS SQL Server 2016 Instance

The checks performed during STIG validation are compliant with the following National Institute of Standards and Technology (NIST) Special Publications (SP):

  • NIST SP 800-53

  • NIST SP 800-53A

  • NIST SP 800-53 Revision 4

413546
Table 2: Active Roles Configuration Center enhancements
Enhancement Issue ID

The Active Roles Configuration Center received the following enhancements related to importing Management History:

  • Improved the performance of the Import Management History wizard. The speed of importing Management History data is significantly increased.

  • Improved the Import Management History wizard user interface.

  • Added retry policy for SQL exceptions. If the migration fails due to a network related or transient SQL exception, the process now restarts automatically, and the wizard attempts to import the current batch 3 times before canceling the operation. If the migration fails due to other SQL exceptions, the wizard only restarts the migration once.

For more information, see Importing Management History data in the Active Roles Upgrade Guide.

433585
Table 3: Active Roles Console enhancements
Enhancement Issue ID

The Active Roles Console received the following enhancements related to Managed Units:

  • You can now create Managed Units from Azure distribution groups and Azure contacts with any "Include" or "Exclude" membership rules, not just with the Include Explicitly and Exclude Explicitly rules.

  • If you create or update a Managed Unit query, the Find drop-down list now also lists Azure distribution groups and Azure contacts.

For more information, see Configuring federated authentication in the Active Roles Administration Guide.

401787

Improved the performance of the Active Roles Console when listing Azure distribution groups in the Select Objects dialog.

387339

Table 4: Active Roles Synchronization Service enhancements
Enhancement Issue ID

The Active Roles Synchronization Service Capture Agent component now supports Local Security Authority (LSA). For more information, see Configuring Additional LSA Protection in the Microsoft Windows Server documentation.

125828

Table 5: Active Roles Web Interface enhancements
Enhancement Issue ID

Improved the performance of the Active Roles Web Interface when loading the list of Azure distribution groups.

387339

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating