Chat now with support
Chat with Support

Identity Manager 8.0 - Release Notes

One Identity Manager 8.0

One Identity Manager 8.0

Release Notes

January 2018

These release notes provide information about the One Identity Manager release. For changes to the Web Designer and the Web Portal since the last version, see the document "Web Designer and Web Portal Changes".

The documentation is available in both English and German. The following documents are only available in English:

  • One Identity Manager Password Capture Agent Administration Guide
  • One Identity Manager LDAP Connector for CA Top Secret Reference Guide
  • One Identity Manager LDAP Connector for IBM RACF Reference Guide
  • One Identity Manager LDAP Connector for IBM AS/400 Reference Guide
  • One Identity Manager LDAP Connector for CA ACF2 Reference Guide
  • One Identity Manager REST API Reference Guide
  • One Identity Manager Web Runtime Documentation
  • One Identity Manager Object Layer Documentation
Topics:

About One Identity Manager 8.0

One Identity Manager simplifies the process of managing user identities, access permissions and security policies. You allow the company control over identity management and access decisions whilst the IT team can focus on their core competence.

With this product, you can:

  • Implement group management using self service and attestation for Active Directory with the One Identity Manager Active Directory Edition
  • Realize Access Governance demands cross-platform within your entire concern with One Identity Manager

Every one of these scenario specific products is based on an automation-optimized architecture that addresses major identity and access management challenges at a fraction of the complexity, time, or expense of "traditional" solutions.

One Identity Manager 8.0 is a major release with enhanced features and functionality. See Features and Enhancements.

Features

New features in One Identity Manager 8.0:

Basic functionality
  • SQL Server 2017 is supported.
  • Oracle Database 12.2 is supported.
  • Improved security measures for accessing the One Identity Manager.
    • Cyclical checking of authentication for existing connections.

      The system runs validity checks for open connections to prevent users from working with existing connections if they have been deactivated after they logged in. The check is carried out by the next permissions-based action on the connection after a configurable interval of 20 minutes. The interval is defined in the configuration parameter "Common\Authentication\CheckInterval".

    • Support for password policies in the One Identity Manager.

      You can implement password policies, for example, for system user passwords, the employees' central password as well as passwords for individual target systems. Password polices apply not only when the user enters a password but also when random passwords are generated.

      A default password policy is supplied that protects the password for system users and employee-based authentication modules. Other predefined password policies are also supplied.

    • Support for expired passwords.

      The user is advised that their password is about to expire and can change the password if necessary. In the case of employee-based authentication modules, the system sends reminder emails starting from 7 days before the password's expiry date. You can configure the time in days in the configuration parameter "Common\Authentication\DialogUserPasswordReminder". The emails are triggered by a schedule and use the mail template "Employee - system user password expires".

      To prevent password of certain system users from expiring, you can mark these system users so that their passwords never expire.

    • Issues a random, temporary passcode for a one-off login on the Password Reset Portal.
    • Support for password history.

    • Failed login attempts are logged.

    • Wrong answers to the password question for resetting the central password are logged.
    • Login with empty passwords is no longer supported.
    • Restricted password lists are supported.
  • Support for load balancing of all SQL processes.

    A new server function "SQL processing server" is available. The server can execute SQL tasks. Several SQL processing servers can be set up to spread the load of SQL processes. The system distributes the generated SQL processes throughout all the Job servers with this server function.

  • Improved identification of the server for automatic software updating.

    A new server function "Update server" is available. This server executes automatic software updating of all other servers. The server requires a direct connection to the database server that the One Identity Manager database is installed on.

    The server installed with the One Identity Manager database, is labeled with this functionality during initial installation of the schema.

  • Preparing data for faster cross-table searching.

    The values for columns can be prepared for faster cross-table searching. Searching for single values in MVP columns is supported.

    The functionality can be used for finding a unique central user account, for example, or a unique default email address for an employee. Columns in the default installation, which are taken into account when mapping the central user account or an email address, are labeled accordingly.

  • Fallback for translations can be disabled for columns that are labeled as translation targets. Another value "Without fallback translation source" has been added to do this.
  • The priority of process steps can be determined dynamically at time the process is generated.
  • Support for more than one script with the same name and identical number of parameters but different data types. The data type of the script parameter can be passed in the process parameter "ScriptName" in addition to the script name, in the process component "ScriptComponent".
  • The Report Editor uses an updated version of the report engine, which provides new functions and controls for setting up reports.
  • A role-based authentication module for LDAP is available.
  • The configuration of initial data for LDAP authentication modules is done with the configuration parameters "TargetSystem\LDAP\Authentication", "TargetSystem\LDAP\Authentication\Authentication", "TargetSystem\LDAP\Authentication\Port", "TargetSystem\LDAP\Authentication\RootDN" and "TargetSystem\LDAP\Authentication\Server".

    The initial configuration data for existing installations remains valid and is used as a fallback.

Web Portal
  • New Password Reset Portal.

    The Password Reset Portal allows users to reset passwords of the user accounts they manage, securely. Users can navigate from the Web Portal directly to the Password Reset Portal.

    To utilize the Password Reset Portal, it must be installed as a dedicated web application. The required security is guaranteed by Starling Two-Factor Authentication.

  • New Operations Support Web Portal.

    The Operations Support Web Portal supports help desk users with their tasks in One Identity Manager. You can use the Operations Support Web Portal to create passcodes, display DBQueue and Job queue entries for specific objects, show process steps and restart them if necessary, monitor processing handling performance.

    To utilize the Operations Support Web Portal, it must be installed as a dedicated web application. A new application role Base roles | Operations support is provided for use with the Operations Support Web Portal. The required security is guaranteed by Starling Two-Factor Authentication.

  • To improve user friendliness, the Web Portal's user interface and the navigation structure has been completely reworked and new functions have been added.
    • Support for the Starling 2FA App for multi-factor authentication.

      In addition to the login, a further access control (multi-factor authentication) can be configured.

    • Managers can generate a passcode for their staff.
    • Users can set their password question and answer.
    • New wizards for defining reports and report subscriptions.
    • Bookmarks for service categories can be added.
    • Changed data values are marked.

    • Processes triggered by users are displayed.

    • Users specify whether diagrams are permanently hidden.

    • Managers can view their staff's rule violations.
    • The chief approval team can immediately escalate a request.
    • Owners of departments, location and cost centers can also manage child objects.

    • Request templates can be created from a reference user and its assignments.
    • Request templates can be created for assignment requests.
    • Permissions, which contribute to a rule violation can be removed.
    • An additional test of possible exclusion definitions is made before sending a request.
    • A product can be unsubscribed for several people at the same time, also for multi-requestable/unsubscribable resources.

    • Renewals and cancellations do not have to be done strictly through the shopping cart.
    • Users can temporarily switch to another language.

Web Designer
  • New version of the Secure Token Server. For more information, see the document "Web Designer and Web Portal Changes".
  • Custom configuration settings for a given web project can be managed in a central overview.

Target system connection
  • Support for G Suite as a target system. The key aspects are the mapping of user accounts and their entitlements. To do this, groups, organizations, permissions, admin roles, products and SKUs are mapped in One Identity Manager.
  • Support for Oracle E-Business Suite as a target system. The key aspects are the mapping of user accounts, responsibilities and entitlements.
  • Support for SharePoint Online as target system. The key aspects are the mapping of user accounts, groups, site collections, sites, roles and role assignments. The SharePoint Online connector and a default project template are installed.

  • Mapping remote mailboxes for Exchange hybrid support. The mapping for remote mailboxes is part of the Microsoft Exchange project template. Remote mailboxes are synchronized using the Microsoft Exchange connector.

  • The member filter's excluded lists for the target system Microsoft Exchange have been altered in connection with Exchange hybrid support.

    A patch for synchronization projects with the patch ID VPR#28904 is available.

  • Support for Outlook Web App mailbox policies for the Microsoft Exchange target system.
  • The way the Microsoft Exchange version is determined has been changed. The schema property ObjectVersion is used to determine the version.

    A patch for synchronization projects with the patch ID VPR#27447 is available.

  • The Microsoft Exchange connector now supports connections through HTTPS.

    NOTE: Microsoft Exchange does not support this type of connection by default. You must configure support for HTTPS in your Microsoft Exchange.

  • The schema property "Recovery" is provided to mark Microsoft Exchange mailbox databases as recovery databases.
  • Introduction of a revision filter for Microsoft Exchange.

    Microsoft Exchange synchronization has been changed as follows to support customer environments with large numbers of objects:

    1. The schema type "Mailbox" has been divided into the sub types "Mailbox", "Calendar Processing" and "Mailboxstatistics".
    2. A revision criterion has been defined for the schema types "Mailbox", "MailUser", "MailContact", "MailPublicFolder", "DistributionGroup" and "DynamicDistributionGroup". This is based on the "whenChanged" property of the underlying Active Directory object.
    3. Automatic dependency resolution of the synchronization workflow's steps has been disabled, which has reduced the number of synchronization steps.

      Due to this, reference objects arise in the synchronization buffer during synchronization (DPRAttachedDataStore), possibly at short notice, which are resolved afterward by a maintenance step. This happens exclusively on the One Identity Manager side, therefore requiring no other access to the Microsoft Exchange infrastructure.

    IMPORTANT: The revision algorithm can only be enabled in synchronization projects created with version 8.0. If usage of revisions is activated in old 7.x synchronization projects, modifications made directly in Microsoft Exchange are not necessarily recognized.

    NOTE: Due to the complexity of the changes, existing synchronization projects are not automatically converted by using the patch. You can, however, continue to use existing synchronization projects (from 7.x installations), unchanged until the next major release because the schema is compatible. The properties of the old "mailbox" schema type that has been transferred to the new schema types named above, are marked as obsolete in the "mailbox" type. This does not, however, have any affect on the functionality. These properties will certainly be removed in the next major release.

    Even if your 7.x synchronization projects are compatible, it is recommended you recreate the synchronization project using the synchronization project template implemented in the version 8.0.

  • Introduction of a revision filter for Exchange Online.

    Exchange Online synchronization has been changed as follows to support customer environments with large numbers of objects:

    1. The schema type "Mailbox" has been divided into the following types:

      • Mailbox (Basic information about mailboxes)
      • CalendarProcessingSettings_RoomEquipment (calender processing settings for room and equipment mailboxes)
      • CalendarProcessingSettings_UserShared (calender processing settings for user and room mailboxes)
      • MailboxStatistics_RoomEquipment (status information for room and equipment mailboxes)
      • MailboxStatistics_UserShared (status information for user and room mailboxes)
    2. A revision criterion has been defined for the schema types "Mailbox", "MailUser", "MailContact", "MailPublicFolder", "DistributionGroup", "UnifiedGroup" and "DynamicDistributionGroup". This is based on the "whenChanged" property of the underlying Azure Active Directory object.
    3. Automatic dependency resolution of the synchronization workflow's steps has been disabled, which has reduced the number of synchronization steps. Due to this, reference objects arise in the synchronization buffer during synchronization (DPRAttachedDataStore), possibly at short notice, which are resolved afterward by a maintenance step. This happens exclusively on the One Identity Manager side, therefore requiring no other access to the Exchange Online infrastructure.
    4. The synchronization steps for CalendarProcessingSettings_UserShared and MailboxStatistics_RoomEquipment are disabled by default. Calendar processing settings for user mailboxes (CalendarProcessingSettings_UserShared) are not usually relevant but can be queried by the appropriate commands. The same is valid for status information (for example, the number of emails, last login) from room and equipment mailboxes (MailboxStatistics_RoomEquipment). The steps in the workflow "Initial Synchronization" can be enabled at any time if required. However, this can cause a noticeable increase in the runtime.

    IMPORTANT: The revision algorithm can only be enabled in synchronization projects created with version 8.0. If usage of revisions is activated in old 7.x synchronization projects, modifications made directly in Exchange Online are not necessarily recognized.

    NOTE: Due to the complexity of the changes, existing synchronization projects are not automatically converted by using the patch. You can, however, continue to use existing synchronization projects (from 7.1.2 installations), unchanged until the next major release because the schema is compatible. The properties of the old "mailbox" schema type that has been transferred to the new schema types named above, are marked as obsolete in the "mailbox" type. This does not, however, have any affect on the functionality. These properties will certainly be removed in the next major release.

    Even if your 7.1.2 synchronization projects are compatible, it is recommended you recreate the synchronization project using the synchronization project template implemented in the version 8.0.

  • The LDAP connector supports connections at rootDSE level.

  • The LDAP connector provides information about object class hierarchy.

  • The Windows PowerShell connector supports SecureString parameters.

    A ConversionMethod can now be entered in the SetParameter definition. The ConversionMethod="ToSecureString" is currently supported. This allows connections parameters to be passed securely.

  • Extensions in the Synchronization Editor
    • New view for managing custom project templates in expert mode.
    • Synchronization workflows can be copied.

    • A schema editor for improved editing of virtual properties is integrated in the Schema Browser.
    • Start up configurations can be grouped. Behavior for simultaneous start up within a group can be defined.

      The delay between retries is specified in the configuration parameter "Common\Jobservice\RedoDelayMinutes".

    • Comprehensive logging and improved displaying of entries in the system journal.
    • New virtual property of type "Data mapping" for mapping predefined value lists.
    • New schema class type "Unique Objects" for creating unique objects to simplify the import of multiple object types from a single source such as a CSV file or a database table.

    • Patches can be automatically applied during One Identity Manager schema updates.
Identity and Access Governance
  • Introduction and versioning of approval workflows for IT Shop requests and attestations.

    • The configuration parameters "QER\ITShop\OnWorkflowAssign" and "QER\ITShop\OnWorkflowUpdate" specify whether pending requests are reset when the approval workflow is changed.
    • The configuration parameters "QER\Attestation\OnWorkflowAssign" and "QER\Attestation\OnWorkflowUpdate" specify whether pending attestations are reset when the approval workflow is changed.

    NOTE: If you have set up you own approval procedures and have used properties from approval steps in your queries for finding approvers, modify these queries as follows:

    If you referenced the table PWODecisionStep over the column UID_PWODecisionStep until now, then change this reference to the column UID_QERWorkingStep in the table QERWorkingStep.

  • The approval step of an attestation case can be used to specify whether the employee affected by the attestation case can also approve it. This overrides the setting in the configuration parameter "QER\Attestation\PersonToAttestNoDecide".
  • Assignment resources can be created for One Identity Manager application roles. The assignment resource can be requested in the Web Portal like any other company resource. After the request has been successfully assigned, the employee, for whom it was requested, becomes a member of the associated application role through internal inheritance processes.

See also:

Enhancements

The following is a list of enhancements implemented in One Identity Manager 8.0.

Table 1: General known issues

Enhancement

Issue ID

An employee's main identity can now be used for authentication with the authentication module "Person". 27863, 3962834

Improved performance in the DBQueue Processor.

27284, 28522, 28569, 27675, 4064153, 4064153

Labeling of DBQueue Processor tasks for load limiting. Limits for changes within an operation are configured in the configuration parameters "QBM\DBQueue\ChangeLimitMin" and "QBM\DBQueue\ChangeLimitMax".

12081

Dynamically determining statistics under Oracle Database. This is configured in the configuration parameter "QBM\DBQueue\OptimizerDynamicSampling".

28004

Tasks that require a connection to the application server are displayed in the Launchpad. 26864

Instead of only offering access to single values, an entity (and therefore all its values), accessed by FKs can now be returned through the IEntityWalker.

27105

Improved configuration options for importing transport with change labels. 26557
Improved monitoring of the entire Job queue in Job Queue Info. 26785
Improved identification of database staging levels by modifying colors in the status bar in all front-ends. 27148
Columns with a list of permitted values can be added in the full text search. 27469, 667442

Pending changes are now displayed in the Manager.

26340

Favorites can be removed in the Manager using the context menu. 27043
Improved display of permissions group hierarchy in the User & Permissions Group Editor. 26956, 28195, 4054136

The Language Editor now displays the language available in the front-end as optional languages for translation.

28359

Clarified error message [810025] User accounts: Write permission denied.

28587, 4087337

Improved update behavior for the One Identity Manager Service automatic software update.

28650

Improved error logging in the process component "FileComponent".

28656, 4093596

Minimum process query interval set to 10 seconds for the Job service.

27112, 3867374

Multiple One Identity Manager Service instances can be installed on one server using One Identity Manager Installation Wizards and the Server Installer. The different installation directories are numbered sequentially.

27231, 3965347

Out-Parameters are shown in the process history.

27237

The SQL Editor in the Designer and the Object Browser support auto-completion.

27688

The Script Editor in the Designer supports auto-completion for configuration parameters.

27422

Improved sorting by column in the Schema Editor in the Designer.

27482

Improved representation of result lists in the SQL Editor in the Designer and the Object Browser.

27445

Improved display of base data in the Designer.

28246

Customizations to default processes and default tables displayed in the Designer.

28230

Hidden parameters are displayed by a new program function in the Job Queue Info. To use this function, assign the respective permissions groups to the program function "JobQueue_ShowHiddenParameters"

27665, 3975588

The columns that trigger templates can be displayed in the Designer.

27852

Improved generation of indexes.

27921, 3988910

Extended functions for editing change labels in the Manager and the Designer.

The changes sort order can be modified. You can search inside the change labels. The change label's XML data can be edited.

26894

Improved transporting by change label.

28011

Syntax check for preprocessor condition now takes place on saving.

28021, 4053085, 4053085

Improved the Software Loader to prevent error conditions.

28158, 4051728

Custom event can now be added to default processes in the Designer.

28231

IT Shop tags can be transported.

28418, 4085515, 4085518

The generic form "VI_Generic_MasterData" supports the definition of bit masks.

28536

Improved representation of schema tables extensions in the Web Designer.

26980, 3705851

Improved definition of indexes in the Schema Extension program.

28598, 4064153

Optimized the Database Transporter to prevent deadlocks when transporting schema extensions.

28603, 4107215

Data modifications are no longer possible in the One Identity Manager database when triggers are disabled.

28610, 4107215

Improved re-enabling of triggers and constraints.

28637, 4107215, 4109588

The System Debugger differentiates between system scripts and custom scripts when exporting.

27667

The System Debugger can be used to upload templates, formatting scripts, table scripts and method definitions.

27918

Language culture codes can now be used in #LD notation in scripts.

28852

The configuration parameter "Common\ProcessState\ProgressView\WaitInJobChain" has been deleted. Customized usage might required modification.

27870

Table 2: General Web Portal and Web Designer

Enhancement

Issue ID

The authentication module setting installed in the Web Portal and the Web Designer is limited to authentication modules that are not capable of SSO. 20870, 690405
Certain CSS outlines are only shown in accessibility mode for visual reasons. 655773
The component VI_Edit_MultiValueProperty for entering multi-value properties has been reworked. 26254, 657785

The views 'Object state' and 'Solution' have been merged.

24475, 673888
The special definition of Hyper Views has been removed from the Web Portal code. The view is now exclusively generated from the content of the table DialogTree. 674809, 692057
The Master/Detail control supports low resolution better. 673729
Visual representation of read-only properties has been reworked. 676883
Visual representation of the heatmap has been reworked. 677380, 677385
Edit functions in the component VI_Roles_RolesAndEntitlements have been moved to the ObjectSheet component. 25974, 677572
A switch for controlling object dependent references has been added. 25841, 677573
Some unused images have been removed from the WebDesigner.ImageLibrary.dll. 677574
Code branches for desktop and mobile views have been standardized in the form templates. 678334
The old data model for configuring search fields has been removed because the search index can be used instead. 27088, 678805
The Web Portal login page has been adapted for low resolution. 678828
Some Web Portal functions cannot be used sensibly on smartphones. In these cases, an appropriate message is displayed. 715853
Option for automatically deriving a grid's lists view from the grid definition. 692572

The new composition API is available for use over .NET.

681359

A list view, which is optimized for smartphones can be defined for a grid in addition to a table-based view.

691223

There is an option for always displaying a grid as a list view.

692352

Processing of an employee's data is centralized in the component VI_Common_ObjectSheet_Person.

693277

Some properties, node types and values are marked as "obsolete".

693528

Optional condition for the grid, whether row selection is enabled for a specific row.

693632

Validator conditions can be defined in the control tree.

694767

Captcha is automatically updated after incorrect input.

27671, 694770

The compiler checks object dependent links for ambiguity and generates an error message.

694783

The compiler checks whether an element's identifier starts with the correct module prefix.

695006

Option for hiding a grid column in the automatically generated list view.

695200

"Create interactive entities" is disabled for new objects.

25800, 695769

The timeout for a Web Designer module's inactivity can be configured globally.

697175

New function "Try to fix compiler messages".

698451

Forwarding within forms of a form component is now possible.

705753

Improved handling of user configuration (QBMXUser), if a non-employee related authentication module is used.

706324

In the Master/Detail control the threshold for switching between vertical and horizontal view has been optimized.

706509

There is now a property on an extension to disable it.

710612

Custom controls can be added in the grid control header.

711465

Improved handling of control for auto-completion.

711679

Which button is linked to the ENTER key can be controlled in the component for displaying popups.

714531

The total number or results is shown in grids.

715617

Table 3: Target system connection

Enhancement

Issue ID

Faster loading of synchronization projects in the Synchronization Editor.

27555

Diverse optimizations of the synchronization buffer and cache behavior. 26832, 27662, 27563, 28350, 28576

Improved behavior of the Synchronization Editor when working with encrypted values. The default value of the configuration parameter "DPR\UI\EncryptedValueHandling" has been changed to "IgnoreAll". This means the encryption dialog is not shown when the synchronization project is opened. All encrypted values are ignored by default.

27274

German display names of property mapping rules and virtual schema properties are converted to English.

A patch for synchronization projects with the patch ID VPR#28560 is available.

28560

Converts connection parameter names and values.

A patch for synchronization projects with the patch ID VPR#27769 is available.

27769

Optimized pre-scripts for generating target system relevant processes.

28042, 3859791

The domain object SID is determined by Active Directory synchronization.

A patch for synchronization projects with the patch ID VPR#27457 is available.

27457

When Active Directory group memberships are synchronized, the global catalog query for resolving the SID is not carried out. The mapping "group" has been extended with additional virtual schema properties.

A patch for synchronization projects with the patch ID VPR#27997 is available.

NOTE: When the mode for member publishing (task "Configure tables for publishing") in Active Directory is changed from "Enable merging" (default) to do not "Enable merging", the mapping rules, which allows members to be written to the Active Directory group, must be changed.

27997

Improved mapping SAP license information for system measurement.

A patch for synchronization projects with the patch ID VPR#27289 is available.

27289
Improved transfer of the validity period for SAP role assignments and memberships in structural profiles. 26883, 28031, 3677202, 4041294, 4054671

The schema type SAPRCRange has been removed.

A patch for synchronization projects with the patch ID VPR#27539 is available.

27539

An additional tab for passwords is displayed on the Unix user account's master data form. 27947

Optimized provisioning of objects changes for the Universal Cloud Interface interface.

A patch for synchronization projects with the patch ID VPR#27371 is available.

27371

Changed the SCIM interface's property mapping rules for the schema properties "id", "canonical name" and "distinguished name" to the new schema properties added for them in the One Identity Manager schema.

A patch for synchronization projects with the patch ID VPR#27860 is available.

27860

Email notifications can be configured through login data in the case of custom target systems. This is configured in the configuration parameter "TargetSystem\UNS\Accounts\InitialRandomPassword" and its sub-parameters.

28111

The following configuration parameters have been deleted. When you update One Identity Manager version 7.x to version 8.0, the configuration parameter settings for forming passwords are passed on to the target system specific password policies.

Configuration parameters for Azure Active Directory

  • TargetSystem\AzureAD\Accounts\InitialPassword

  • TargetSystem\AzureAD\Accounts\InitialRandomPassword\
    Character

  • TargetSystem\AzureAD\Accounts\InitialRandomPassword\Length

  • TargetSystem\AzureAD\Accounts\InitialRandomPassword\Numeric

  • TargetSystem\AzureAD\Accounts\InitialRandomPassword\
    SpecialCharacter

  • TargetSystem\AzureAD\Accounts\InitialRandomPassword\
    UpperCase

Configuration parameters for Active Directory

  • TargetSystem\ADS\Accounts\InitialPassword

  • TargetSystem\NDO\Accounts\InitialRandomPassword\Character

  • TargetSystem\ADS\Accounts\InitialRandomPassword\Length

  • TargetSystem\ADS\Accounts\InitialRandomPassword\Numeric

  • TargetSystem\ADS\Accounts\InitialRandomPassword\
    SpecialCharacter

  • TargetSystem\ADS\Accounts\InitialRandomPassword\UpperCase

Configuration parameters for the new Universal Cloud Interface interface

  • TargetSystem\CSM\Accounts\InitialPassword

  • TargetSystem\CSM\Accounts\InitialRandomPassword\Character

  • TargetSystem\CSM\Accounts\InitialRandomPassword\Length

  • TargetSystem\CSM\Accounts\InitialRandomPassword\Numeric

  • TargetSystem\CSM\Accounts\InitialRandomPassword\
    SpecialCharacter

  • TargetSystem\CSM\Accounts\InitialRandomPassword\UpperCase

Configuration parameters for LDAP

  • TargetSystem\LDAP\Accounts\InitialPassword

  • TargetSystem\LDAP\Accounts\InitialRandomPassword\Character

  • TargetSystem\LDAP\Accounts\InitialRandomPassword\Length

  • TargetSystem\LDAP\Accounts\InitialRandomPassword\Numeric

  • TargetSystem\LDAP\Accounts\InitialRandomPassword\
    SpecialCharacter

  • TargetSystem\LDAP\Accounts\InitialRandomPassword\UpperCase

Configuration parameters for IBM Notes

  • TargetSystem\NDO\Accounts\InitialPassword

  • TargetSystem\NDO\Accounts\InitialRandomPassword\Character

  • TargetSystem\NDO\Accounts\InitialRandomPassword\Length

  • TargetSystem\NDO\Accounts\InitialRandomPassword\Numeric

  • TargetSystem\NDO\Accounts\InitialRandomPassword\
    SpecialCharacter

  • TargetSystem\NDO\Accounts\InitialRandomPassword\UpperCase

Configuration parameters for SAP R/3

  • TargetSystem\SAPR3\Accounts\InitialPassword

  • TargetSystem\SAPR3\Accounts\InitialRandomPassword\Character

  • TargetSystem\SAPR3\Accounts\InitialRandomPassword\Length

  • TargetSystem\SAPR3\Accounts\InitialRandomPassword\Numeric

  • TargetSystem\SAPR3\Accounts\InitialRandomPassword\
    SpecialCharacter

  • TargetSystem\SAPR3\Accounts\InitialRandomPassword\
    UpperCase

Configuration parameters for Unix

  • TargetSystem\Unix\Accounts\InitialPassword

  • TargetSystem\Unix\Accounts\InitialRandomPassword\Character

  • TargetSystem\Unix\Accounts\InitialRandomPassword\Length

  • TargetSystem\Unix\Accounts\InitialRandomPassword\Numeric

  • TargetSystem\Unix\Accounts\InitialRandomPassword\
    SpecialCharacter

  • TargetSystem\Unix\Accounts\InitialRandomPassword\UpperCase

28111

The following configuration parameters have been deleted. Customized usage might required modification.

Configuration parameters for Active Directory

  • TargetSystem\ADS\IsOperational
  • TargetSystem\ADS\RedoDelay

Configuration parameters for IBM Notes

  • TargetSystem\NDO\IsOperational
  • TargetSystem\NDO\RedoDelay

Configuration parameters for SAP R/3

  • TargetSystem\SAPR3\IsOperational
  • TargetSystem\SAPR3\RedoDelay
  • TargetSystem\SAPR3\SingleThread

Configuration parameters for SharePoint

  • TargetSystem\SharePoint\IsOperational
  • TargetSystem\SharePoint\RedoDelay
  • TargetSystem\SharePoint\SingleThread

28607

Table 4: Identity and Access Governance

Enhancement

Issue ID

The employee's overview reports have been extended to include additional information about assigned entitlements and sub identities.

26847

Report that provide the number of employees that are assigned to a department, a cost center or a location, have been extended by a grouping by identity types.

27913

Permitted values for employees' identity types have been extended by the value "Machine identity". 28324
The company can be set for internal and external employees. 28573

Employees can be deleted from the One Identity Manager using the procedures QBM_PDeleteDeep.

27643, 2657573

Improved tooltips in a request's approval sequence.

28540

The approval history shows whether the approval decision was met based on a delegation. 27431
Improved performance loading attestation cases. 28582, 4100881

Inactive employees are excluded when determining approvers and attestators.

27815, 4011577

  • The configuration parameter "QER\ITShop\ResetOnWorkflowChange" has been deleted. The old configuration parameter setting is not converted to the new configuration parameter.
  • 13224

    The configuration parameter "QER\Person\CentralPasswordHistoryLength" has been deleted. The value of the configuration parameter is copied to the password policy for the employees central password.

    28666

    See also:

    Deprecated features

    The following features are no longer supported with this version of One Identity Manager:

    • Provider mode, including the associated process component "ObjectTransferComponent".

      The One Identity Manager connector can be used for transporting data between One Identity Manager databases. For more detailed information about synchronizing using the One Identity Manager connector, see the One Identity Manager User Guide for the One Identity Manager Connector.

    The following functions will be discontinued in later One Identity Manager versions and should no longer be utilized:

    • Oracle Database as database system for the One Identity Manager database (no longer available after release of One Identity Manager version 8.1)
    Self Service Tools
    Knowledge Base
    Notifications & Alerts
    Product Support
    Software Downloads
    Technical Documentation
    User Forums
    Video Tutorials
    RSS Feed
    Contact Us
    Licensing Assistance
    Technical Support
    View All
    Related Documents