Chat now with support
Chat with Support

Identity Manager 8.0.1 - Release Notes

One Identity Manager 8.0.1

One Identity Manager 8.0.1

Release Notes

April 2018

These release notes provide information about the One Identity Manager release. For changes to the Web Designer and the Web Portal since the last version, see the document "Web Designer and Web Portal Changes".

The documentation is available in both English and German. The following documents are only available in English:

  • One Identity Manager Password Capture Agent Administration Guide
  • One Identity Manager LDAP Connector for CA Top Secret Reference Guide
  • One Identity Manager LDAP Connector for IBM RACF Reference Guide
  • One Identity Manager LDAP Connector for IBM AS/400 Reference Guide
  • One Identity Manager LDAP Connector for CA ACF2 Reference Guide
  • One Identity Manager REST API Reference Guide
  • One Identity Manager Web Runtime Documentation
  • One Identity Manager Object Layer Documentation
  • One Identity Manager Composition API Object Model Documentation

Topics:

About One Identity Manager 8.0.1

One Identity Manager simplifies the process of managing user identities, access permissions and security policies. You allow the company control over identity management and access decisions whilst the IT team can focus on their core competence.

With this product, you can:

  • Implement group management using self service and attestation for Active Directory with the One Identity Manager Active Directory Edition
  • Realize Access Governance demands cross-platform within your entire concern with One Identity Manager

Every one of these scenario specific products is based on an automation-optimized architecture that addresses major identity and access management challenges at a fraction of the complexity, time, or expense of "traditional" solutions.

One Identity Manager 8.0.1 is a patch release with new functionality and improved behavior. See Features and Enhancements.

Features

New features in One Identity Manager 8.0.1:

Basic functionality
  • The new configuration parameter "Common\Jobservice\AutoCreateServerFromQueues" can be used to control whether Job server entries are created for unknown queues in the One Identity Manager database. The configuration parameter is set by default. This creates new job servers in the database when the One Identity Manager Service has queries for missing queues. If you do not want this functionality, disable the configuration parameter.

  • The search index on the application server can be manually updated. The function "Update Index" is available in the application server to do this. You can choose whether all indexes or only modified indexes are updated.

  • Database encryption uses RSA encryption with a key length of 3584 bits. Use the program Crypto Configuration to change an existing encryption.

    NOTE: Columns with encrypted values like password columns, for example, have been extended in the One Identity Manager schema. If you have extended the One Identity Manager schema with custom columns for mapping encrypted value, these column must be also extended if necessary.

Web Portal
  • Azure Active Directory OAuth Authentication is available for logging in to the Web Portal.

Target system connection
  • Support for SharePoint 2016

  • Support for Active Roles 7.2

  • A schema editor has been integrated into the Synchronization Editor.

  • Support for uninstalling the supplied BAPI from an SAP R/3 system.

    Prerequisites:

    • SAP NetWeaver Application Server version 7.00 or later and the SAP Add-On Assembly Kit 5.0 or later are installed in the SAP R/3 environment.

    • The BAPI was installed with the Assembly Kit package.

See also:

Enhancements

The following is a list of enhancements implemented in One Identity Manager 8.0.1.

Table 1: General

Enhancement

Issue ID

Custom definitions can be used for prioritizing processes. 27204, 3774308
Support for deleting modules from a One Identity Manager database. 27876
If a process runs for more than 500 ms, the execution status "Processing" is display in Job Queue Info. 29064
Private key protection can be set up by configuring the One Identity Manager Service. If the key should not be protected, the key file is not moved to the user-related key container when the service is started. 29245
The path (execution target) is masked when the One Identity Manager Service is called. 28630, 4107917

Improved performance determining display columns of foreign key columns. The original object is taken into account when the permissions are tested. Only FK objects for this, the original object are displayed.

28427, 4074610, 4071727, 4100881, 4167180

Improved re-enabling of triggers and constraints.

28637, 4107215, 4109588

Data export in the Manager now additionally supports certain system tables.

29328, 4166103

Improved performance calculating responsibilities in the One Identity Manager.

29081, 29526, 4146692, 4183692

Process handling is interrupted during processing of DBQueue Processor triggers and constraints.

27486, 4191893

Custom password policies can be transported.

29241

The behavior of the procedures QBM_VForeignKeyRepairable, QBM_PForeignKeyWrongRepair and QBM_PForeignKeyWrongReport has been extended to include functionality for handling object keys with no restrictions in the table ValidDynamicRef but that reference a non-existent table.

27876

Improved logging for error 810029.

4194482, 4148032, 29571

Handling of certificates for TLS encrypted email notifications can be configured over the configuration parameters "Common\MailNotification\AcceptSelfSignedCert" and "Common\MailNotification\AllowServerNameMismatchInCert". In the process component MailComponent, the desired behavior can be controlled with the parameter AcceptSelfSignedCert and AllowServerNameMismatchInCert.

The option "None" under the configuration parameter "Common\MailNotification\TransportSecurity" has been extended. In the process component MailComponent, the desired behavior can be controlled with the parameter NoTransportSecurity. If the option "None" is set, connection to the SMTP server are not encrypted.

All default processes for sending email have been assigned the parameters AcceptSelfSignedCert, AllowServerNameMismatchInCert, EnableSSL, NoTransportSecurity, StartTLS, StartTLSWhenAvailable as optional parameters.

NOTE: These changes cause SSL and TLS server settings to be monitored more strictly. Therefore, it is imperative you check that the configuration parameter settings correspond to your environment, otherwise processes may not be executed correctly in certain circumstances.

4211375, 4212295, 4215480, 4206033, 4223204, 29512

A new server function "CSV script server" is available for the Job server. This can be assigned to a Job servers, which execute CSV import or exports using scripts.

The server function "CSV connector" is not automatically assigned to every new Job server anymore.

4193949, 29558

To generate simple list reports, the process function ScriptComponent's CSVExport is used.

3993358, 28782

In the database search in the Manager in simple mode, the search term is automatically enclosed in asterisk (*).

4222855, 29596

Improved security when saving deferred operations. The system user context for deferred operations is always the current user.

29682

Table 2: General - Web Designer and Web Portal

Enhancement

Issue ID

The Web Designer configuration parameter "VI_ITShop_Employee_Preselected" can be used to set whether the requester, if requesting for others, should be selected as recipient by default or not. 740767

Web Portal installation checks whether an application server with an installed search index has been configured.

29280

Improved performance for loading delegations in the Web Portal.

29414, 4183699-1

Exporting a grid in the Web Designer is limited to 100 000 data sets. A message is displayed is the grid has more data sets.

28368, 4045185

Improved displaying of errors during debugging in the Web Designer. If data cannot be read due to access rights errors, an explicit message is displayed.

29385, 756599

The Web Designer Configuration Editor can now be opened with Microsoft Edge as well.

750374

When selecting an additional authentication module for the Web Portal, you can also select a space character.

742096

Improved representation and differentiating of read-only and write data in the Web Designer.

732447

Improved accessibility in the Web Portal.

749444

Improved layout in the Web Portal.

 

Improvements in the Operations Support Web Portal.

 

The path of a selected file is displayed again in the Web Designer.

4196410, 4201203, 29560

Improved performance calculating responsibilities in the One Identity Manager. The view QERVEditEmployee has been replaced by the view QER_VEditEmployee.

If you use the view QERVEditEmployee in custom web projects, replace it with the view QER_VEditEmployee. Use the Web Designer's "Search and replace" function to do this. Then compile the web project.

29526, 4183692

Improved input options in the component VI_Edit_MultiValueProperty.

725139

Improved performance for deleting role memberships in the Web Portal.

4221646, 29629

Table 3: Target system connection

Enhancement

Issue ID

Support for Windows Server 2016 Active Directory domain functional level.

A patch with the patch ID VPR#27583 is available for synchronization projects.

27583, 3942607

The option Only suitable for updates is enabled for the mapping "person" in Active Directory synchronization projects.

A patch with the patch ID VPR#29360 is available for synchronization projects.

29360, 4179760

Improved security handling synchronization and provisioning processes.

27785

Comprehensive logging of error messages occurring during provisioning.

28825, 4105031

The SCIM connector allows differently constructed JSON objects for testing the endpoint configuration.

29076

Information about G Suite groups, products and SKUs is now displayed fully in the Manager.

28855

Patches that have not yet been applied are marked with In the Synchronization Editor's patch view.

29261, 4075053

The revision filtering for synchronizing Exchange hybrid has been optimized.

29146

Extensions for supporting Exchange hybrid are now described in the One Identity Manager Administration Guide for Connecting to Microsoft Exchange.

 

Improved reference resolution if more than root site with the same ID exists in a SharePoint environment.

A patches with the patch IDs VPR#29240A and VPR#29240B are available for synchronization projects.

29240

Improved transfer of the validity period for SAP role assignments and memberships in structural profiles.

28031, 4041294, 4054671

Synchronization engine messages are logged in more detail if the severity level "Trace" is set in the configuration file.

29400, 4129072

The columns PADEST and PASTANDORT are used in the display pattern for SAP printers.

29286

Maps for Notes domains and user accounts have been cleaned up.

A patch with the patch ID VPR#29441 is available for synchronization projects.

29441

A synchronization project can be configuration for synchronizing different Oracle E-Business Suite systems.

A patch with the patch ID VPR#29565 is available for synchronization projects.

29565

A wrapper package is made available to create a synchronization user with the required minimum permissions for synchronizing an Oracle E-Business Suite.

A patch with the patch ID VPR#28876 is available for synchronization projects.

28876

Optimizing VI.DB for bulk processing of synchronization objects.

22785

Testing for uniqueness of Microsoft Exchange object aliases is now done across all objects.

29154

The script VI_PersonAuto_GetPropMappings has been renamed in TSB_PersonAuto_GetPropMappings and expanded by the function TSB_PersonAuto_GetColumnsWhereClause. The auxiliary script VI_PersonAuto_GetColumnsWhereClause has been deleted.

29210

The configuration parameters "TargetSystem\EBS\Accounts\PrivilegedAccount\SAMAccountName_Postfix" and "TargetSystem\EBS\Accounts\PrivilegedAccount\SAMAccountName_Prefix" have been deleted and replaced by the following configuration parameter: "TargetSystem\EBS\Accounts\PrivilegedAccount\AccountName_Postfix" and "TargetSystem\EBS\Accounts\PrivilegedAccount\AccountName_Prefix".

29562

Checks whether an application server supports full text search by search index.

25905

Table 4: Identity and Access Governance

Enhancement

Issue ID

Improved performance when querying delegations. 28964, 4071727
The documentation for inheriting company resource through system roles and the effect of exclusion definitions has been comprehensively reworked (One Identity Manager System Roles Administration Guide). 28312, 4057842

Improved performance loading attestation cases.

28796, 28966, 4100881, 4135798, 4183692

Improved performance making requests with the shopping cart.

29336, 29384, 4166207

Improved behavior for disabling and reenabling system roles.

29226, 29264, 4158272, 4159021

Improved performance renewing or canceling a request if the configuration parameter "QER\ITShop\DecisionOnInsert" is set.

29417, 4121616

Members of the chief approval team can make approval decisions for other approvers who have not responded to a query yet.

29323

See also:

Deprecated features

The following features are no longer supported with this version of One Identity Manager:

  • Provider mode, including the associated process component "ObjectTransferComponent".

    The One Identity Manager connector can be used for transporting data between One Identity Manager databases. For more detailed information about synchronizing using the One Identity Manager connector, see the One Identity Manager User Guide for the One Identity Manager Connector.

  • Archiving historical data using XML files (version 8.0.1 or later)

    • The following configuration parameters have been removed: "Common\ProcessState\ExportPolicy\ExportPath", "Common\ProcessState\ExportPolicy\ExportServer", "ProcessInfoImport\ImportPath", "ProcessInfoImport\ImportServer", "ProcessInfoImport\IgnoreDirectOperations" and "ProcessInfoImport".

    • The option "FILE" has been removed in the configuration parameter "Common\ProcessState\ExportPolicy".

    • The schedules "Export process information" and "Import process information" have been removed.

    • The processes "VID_Export_ProcessInfo" and "VI_ProcessInfo_Import" have been removed.

    • The process tasks "ExportProcessInfo" and "ImportProcessInfo" have been removed from the process component "ScriptComponent".

The following functions will be discontinued in later One Identity Manager versions and should no longer be utilized:

  • Oracle Database as database system for the One Identity Manager database (no longer available after release of One Identity Manager version 8.1)

    NOTE: The tool "Oracle Data Migrator" is provided to help you convert database system. You can obtain the tool and a quick guide from the support portal. To access the Support Portal, go to https://support.oneidentity.com/identity-manager/.

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents