Chat now with support
Chat with Support

Identity Manager 8.1.3 - Release Notes

Release Notes

One Identity Manager 8.1.3

Release Notes

June 2020

These release notes provide information about the One Identity Manager release, version 8.1.3. You will find all the modifications since One Identity Manager version 8.1.2 listed here.

One Identity Manager 8.1.3 is a patch release with new functionality and better behavior. See New features and Enhancements.

If you are updating a One Identity Manager version prior to One Identity Manager 8.1.2, read the release notes from the previous versions as well. You will find the release notes and the release notes about the additional modules based on One Identity Manager technology under One Identity Manager Support.

One Identity Manager documentation is available in both English and German. The following documents are only available in English:

  • One Identity Manager Password Capture Agent Administration Guide

  • One Identity Manager LDAP Connector for CA Top Secret Reference Guide

  • One Identity Manager LDAP Connector for IBM RACF Reference Guide

  • One Identity Manager LDAP Connector for IBM AS/400 Reference Guide

  • One Identity Manager LDAP Connector for CA ACF2 Reference Guide

  • One Identity Manager REST API Reference Guide

  • One Identity Manager Web Runtime Documentation

  • One Identity Manager Object Layer Documentation

  • One Identity Manager Composition API Object Model Documentation

  • One Identity Manager Secure Password Extension Administration Guide

Topics:

About One Identity Manager 8.1.3

One Identity Manager simplifies the process of managing user identities, access permissions and security policies. It gives control over identity management and access decisions to your organization, freeing up the IT team to focus on their core competence.

With this product, you can:

  • Implement group management using self-service and attestation for Active Directory with the One Identity Manager Active Directory Edition

  • Realize Access Governance demands cross-platform within your entire concern with One Identity Manager

Each one of these scenario specific products is based on an automation-optimized architecture that addresses major identity and access management challenges at a fraction of the complexity, time, or expense of "traditional" solutions.

Starling Cloud Join

Initiate your subscription within your One Identity on-prem product and join your on-prem solutions to our One Identity Starling cloud platform. Giving your organization immediate access to a number of cloud-delivered microservices, which expand the capabilities of your One Identity on-prem solutions. We will continuously make available new products and features to our Starling Cloud platform. For a free trial of our One Identity Starling offerings and to get the latest product feature updates, visit cloud.oneidentity.com.

New features

New features in One Identity Manager 8.1.3:

Basic functionality

  • Improved support for encrypting a database. If you are installing a new database, you can encrypt it immediately with the Configuration Wizard. To do this, the Configuration Wizard opens a new page called Database encryption.

  • To support troubleshooting in OAuth 2.0/OpenID Connect authentication you can log personal login data, such as information about tokens or issuers. The log is written to the object log file (<appName>_object.log) of the respective One Identity Manager component. The QBM | DebugMode | OAuth2 | LogPersonalInfoOnException configuration parameter defines whether the login data is recorded.

  • Running of all automatic schedules can be temporarily stopped. This behavior is controlled by the new QBM | Schedules configuration parameter. If the configuration parameter is set, schedules are run automatically. If the configuration parameter is not set, schedules are not run automatically. However, you can start the schedules manually.

Web applications

  • In the Web Portal, you can now use heatmaps to show how many requests have been generated for each department, cost center, location or business role. This allows "hot spots" to be identified, meaning places in the organization that generate an unusually high number of access requests. This helps determine common characteristics of such access requests to aid decisions for investments in policy and role management. In the Web Portal, open the heatmaps on the home page's Request | Explore tile.

  • In the Web Portal, it is now possible to control how table columns are sorted by using the keyboard.

Target system connection

  • One Identity Safeguard version 6.0 is supported.

  • Simplified system connection wizards for Active Roles.

    On the Target server page, the system connection wizard now tries to find the service entries under CN=Enterprise Directory Manager,CN=Aelita,CN=System,<Domain DN> using the current login credentials. If the entries are found, their DNS names are provided in a menu. If no entries are found, the user can enter the target server manually.

  • Support for dynamic Azure Active Directory groups.

  • Support for dynamic Office 365 groups.

  • HCL Domino Server Version 11 and HCL Notes Client Version 11.0.1 are supported.

See also:

Enhancements

The following is a list of enhancements implemented in One Identity Manager 8.1.3.

Table 1: General

Enhancement

Issue ID

The FileComponent process component support path lengths of more than 260 characters.

30846

New parameters of the ScriptComponent process component are available for the CSVExport and CSVExportSingle process tasks.

  • ValueMaskChar: Character for masking values. If the parameter exists, the character is automatically added at both ends of each value and every time the same character appears within the value, it is doubled.

  • Culture: Language to use for formatting the value.

  • ConvertUtcTimes: Specifies whether UTC times are converted to local times.

  • TimeZone: For converting to the timezone to use. Only used if the ConvertUtcTimes is set. If the parameter is not set, the Job server's local timezone is used.

  • ParameterSet: UID of the parameter set to use. If the parameter is set, the parameter set is loaded and the parameters are made available to the query as Query parameters.

32410, 32939, 33039

More tolerant handling of temporary errors in the schema update.

32867

Improved functionality for the Launchpad.

  • You can create tasks that can be run straight from the Launchpad.

  • Menu items in the Manager can be opened straight from the Launchpad.

32909, 33007, 33037

You can now enter more than one value in the TargetSystem | LDAP | Authentication | RootDN configuration parameter using a pipe (|) delimited list. For example, DC=Root1,DC=com|DC=Root2,DC=de. The LDAP authentication modules check authentication against each of the root domains.

Verification of login credentials with an LDAP authentication module has been optimized. LDAP user accounts that are not assigned to an employee, are not taken into account anymore. The domains entered in the user accounts are used for verification (LDAPAccount.UID_LDAPDomain).

33112

Improved error logging in the application server.

33115

Table 2: General web applications

Enhancement

Issue ID

In the Web Portal, keyboard shortcuts for buttons are now displayed in full (for example, [Alt-C]).

31882

In Web Portal, the version number is shortened (for example 8.1).

32966

In the Web Portal, the option to change the priority of all products when you edit the shopping cart has been renamed.

33057

Improved performance when checking the shopping cart in the Web Portal. 32765

Improved security generating reports in the Web Portal.

32869

Improved support for HTTP header authentication if the connection goes through an application server.

32794

Improved accessibility in the Web Portal when displaying tiles in high contrast mode.

203449

The Microsoft.OData library has been updated to the newest version.

235855

If API resources (Typescript client and Swagger JSON) are not required for compiling the API, The API resources can now be generated in the DbCompiler.exe file using the DoNotBuildResources parameter. For example, this might be necessary if problems occurs during compiling.

233720

The information saved in the sessions cookies of an API Server session now expire if the customer restarts the browser.

225773

Table 3: Target system connection

Enhancement

Issue ID

Improved error messaging for load operations in the synchronization log.

33006

The SCIM connector now uses the service provider's default value to find the maximum number of objects per page. The connector does not send values anymore.

32684

Improved performance provisioning G Suite user accounts.

32884

You can configure which user data is transferred to a different user account before G Suite user accounts are deleted.

33104

Improved documentation of permissions required for integrating One Identity Manager as an application in Azure Active Directory.

32820

The filter for the HRPerson_0709_IDEXT schema class was changed from a string to an integer comparison.

A patch with the patch ID VPR#32899 is available for synchronization projects.

32899

Improved messages for the SCIM connector in the synchronization log.

32689, 32690

The SCIM connector detects whether the service provider requires URLs with a closing slash.

32843

The recommendations from Microsoft about avoiding throttling during SharePoint Online synchronization have been implemented.

32929

The Active Directory connector can use the One Identity Manager Service's user account to log in on the target system. To do this, leave the login credentials on the project wizard's Login page empty.

32693

The Microsoft Exchange connector can use the One Identity Manager Service's user account to log in on the target system. To do this, in the project wizard enable the Use account of One Identity Manager Service option on the Enter connection credentials page.

A patch with the patch ID VPR#32703 is available for synchronization projects.

32703

In the project wizard for connecting cloud applications in the Universal Cloud Interface, the cloud application menu has been made larger.

32955

In an SAP schema extension file, you can provide a time offset for the revision counter (AddRevisionTimeOffset attribute) in the schema type definition. You can use this attribute if the revision counter only contains a change date but no timestamp. This allows objects that were changed after the previous synchronization run but on the same day, to be included in the next synchronization run.

32739

Adjustments required to the Exchange Online connector due to Microsoft turning off functionality in the cloud.

32403

You can configure whether the database to be connected takes case sensitivity into account for the generic ADO.NET provider.

33081

Improved performance calculating user account assignments to groups in custom target systems (UNSAccountBInUNSGroupB table).

33070

Table 4: Identity and Access Governance

Enhancement

Issue ID

Improved performance creating and by approval of attestation cases.

32940

Improved indexing of the PersonHasObject and BaseTreeHasObject tables.

32771

In the Manager, on the overview forms for application roles, departments, cost centers, location and business roles, you can now see which approval workflows they are used in.

32745

Improved support for peer group analysis for attestation.

32328

See also:

Resolved issues

The following is a list of solved problems in this version.

Table 5: General known issues
Resolved issue Issue ID

Blocked slots are reset too frequently.

32585

Error calculating time periods for memberships in reports with historical data.

32726

Transaction scope of the DBQueue Processor's HDB-K-ProcessGroup task is too big.

32761

Processes are sporadically not generated from schedules.

32742

Input of dates in reports does not support every date format.

32775

When a report is translated, the description is not translated.

32875

The RPS_ParseReportDefinitionXML script takes disabled columns into account when calculating the row definition.

33025

The Table with XOrigin (XIsInEffect) without update handling consistency check does not take automatically generated triggers into account.

32902

The result of a SQL query in the Object Browser cannot be marked with Ctrl + A anymore.

32942

If you change the foreign key on an object in the Object Browser and use the Discard button to discard the changes, the foreign key is not reverted.

32387

If the time difference to UTC for a timezone changes, the mean time difference to UTC for the states in this timezone is not updated.

32973

In certain circumstances, the following error occurs when the Crypto Configuration encrypts long strings: String or binary data would be truncated.

32161

Some Austrian states are not shown in the national language.

32676

Deferred DBQueue Processor tasks are included in the performance calculation.

32747

Bad performance running DBQueue Processor tasks with 2 parameters.

32906

Bad performance when, in the Job queue, there are a lot of similar processes for different queues.

32813

Incorrect handling of custom triggers during database compilation after changes to the schema.

32793, 32962

Export definitions for data export are not saved in the user configuration and are therefore not available after the Manager has been restarted.

32887

In Launchpad, if you search for an item and right-click on the result, in the context menu Remove from favorites is shown instead of Add to favorites.

32828

In a One Identity Manager database with version 7.x, the \SDK\SQLSamples\Files\MSSQL2K\30374.sql script does not detect an empty ADSSite.UID_ADSDomain.

32891

For initial migration with the provided database, the user requires the SQL Server dbcreator server role.

33001

In certain circumstances, an object is saved more than once after running a template. The following message is displayed: <object> was changed by another user.

33063

Error automatically updating software after updating a One Identity Manager database from version 8.1 if the database is part of an AlwaysOn Availability Group.

33068

In certain circumstances, while using the LDAP authentication module, the Login failed or VI.Base.ViException: Wrong user name or password error occurs even though the correct login credentials were used.

33107

Changes to DialogTable.isMNTable and DialogTable.IsMAllTable do not generate a recalculation task for Watch* trigger.

33109

Table 6: General web applications

Resolved issue

Issue ID

In certain circumstances in the Web Portal, the scroll bars are missing in the product's detailed view and, therefore, not all the data is visible.

32511

In certain circumstances in the Web Portal, the View Settings menu is shown twice in the search results after a search.

32598

In the Web Portal date columns, if you filter with Before, objects that do not have a value in the corresponding field are, incorrectly, displayed as well.

32686

In certain circumstances in the Web Portal, pending attestation are not displayed.

32755

In the Web Portal, an error occurs if an empty grouped table is exported as a PDF.

32773

In the Web Portal, values are being validated in fields although the input is not yet complete.

32786

Under Safari, permitting browser notifications in the Web Portal causes an error.

32787

In the Web Portal, an error occurs if a request for a product is displayed and it is not assigned to an IT Shop.

32837

In the Web Portal, if a direct assignment of an SAP role to an SAP user account is removed, the associated entry in SAPUserInSAPRole is not deleted.

32842

If several products in the shopping cart are tested for requestability and there is a conflict, all products are marked the same.

To make it easier to differentiate, in the VI_ITShop_ShoppingCart Web Designer component, a new Warning value has been introduced for the CheckStatus property in the ShoppingCart collection. Customized components that show this property must also take this new value into account.

32863

An error occurs when an approver in the Web Portal adds an item to another employee's request and sends the request.

32880

In the Web Portal, requests to be approved can be selected in a list. In certain circumstances, the selection goes missing when you switch to the another page of the list.

32904

In the Web Portal, an error occurs if you use the function to split a role that you are responsible for.

32913

In the Web Portal, on the Pending attestations page, an error occurs when you click the Business roles tile.

32920

In the Web Portal, if you download a file with Internet Explorer 11 whose name contains non-ASCII characters, an incorrect file name is suggested for the file.

32921

When a request is being approved in the Web Portal, it is possible to set the end of the validity period before the beginning of the validity period.

32928

In the Web Portal, if a new child group is added, it is not shown in the list of child groups until the next login.

32981

In the Web Portal, deleting objects causes performance problems as well as problems with the search function. 32987

In the Web Portal, if you filter delegations by recipient and the number of results is more than 1000, only the first 1000 are shown.

33019

If an error alert is displayed in the Web Portal and you try to close it using the Escape key, the underlying dialog is closed instead of just the error alert.

33020

In the Web Portal, there is no information about what date format is expected.

33054

In the Web Portal, if an error occurs validating date input, the focus is not automatically set in the corresponding field.

33055

Logging in to the Web Portal using OAuth 2.0/OpenID Connect does not work flawlessly.

32879

Bad performance of the pre-defined Webportal.VI_ITShop_ProductSelection.AccProductStatusForPerson SQL statement.

32767

In Web Designer, if you add a column of XdateInserted or XdateUpdated type to a table, the filter function for the column does not work in the Web Portal.

32709

The Web Designer's GetDataState function does not work and returns a value of false even if columns have changed.

32790

In certain circumstances, memory usage increases whilst working with the Web Designer.

32900

In the Web Designer's navigation, none of the existing custom components are listed under Components.

33040

In the Web Designer, if you open a context menu in a tree view with a right click, an error occurs.

33085

If you deactivate the configuration key VI_RSTS_UseRedirect in the Web Designer, you can no longer log in to the Web Portal using RSTS.

33148

Incorrect translations in the Web Designer Configuration Editor for the OAuth 2.0/OpenID Connect configuration.

32806

The following error occurs running the API server: The CancellationTokenSource has been disposed.

32914

Logging in to the Manager web application fails if TLS 1.0 or TLS 1.1 is disabled on the web server.

32854

Table 7: Target system connection

Resolved issue

Issue ID

The IsSecret and IsSystemVariable properties of the DefaultUserPassword variable are not all correctly set in the synchronization project.

Patches with patch IDs VPR#32781_SCIM, VPR#32781_EBS, VPR#32781_NDO are available for synchronization projects.

32781

Error applying a patch to a synchronization project after migrating to One Identity Manager version 8.1.2.

32785

Error loading an object if an object class' unique key is defined as a column group and the value of one of the columns is NULL.

32817

Provisioning a single group membership takes too long.

33074

If synchronization projects are updated from the command line and the Patches=AllFixes parameter is set at the time, the milestones are not implemented.

33123

If an Active Directory object that already has the SAMAccountName exists in another container in Active Directory, an error occurs.

32504

The Value of parameter 'distinguishedName' cannot be converted to an ADSI path error message does not include the DN passed down.

32849

Error during synchronization if accessing special properties of Active Directory objects using a DirectoryEntry object's extension method.

32873

Active Directory account policies that are assigned through Active Directory groups are not taken into account in Active Directory user accounts.

32803

In the Manager, the Active Directory Change master data form does not show changes to the Dial-up permitted property in Active Directory user accounts (ADSAccount.AllowDialIn).

32889

Wrong reference scope for Active Directory locations.

A patch with the patch ID VPR#32965 is available for synchronization projects.

32965

In certain circumstances, Active Directory synchronization fails with the error: Value cannot be null.

33022

An error occurs when reading and writing Active Directory object properties that are read or written using an extension method.

33120

Error during provisioning when restoring a deleted Active Directory object with activated Active Directory recycle bin feature.

33125

The Active Roles connector does not support the function level for Windows Server 2016 domains.

A patch with the patch ID VPR#32844 is available for synchronization projects.

32844

The edsaWTSUserConfigInheritInitialProgram property in the User mapping is negated. This behavior is no longer required.

A patch with the patch ID VPR#32871 is available for synchronization projects.

32871

Error serializing complex properties from schema extensions in synchronization projects with the SCIM connector.

32696

The SCIM connector uses the wrong media type for POST queries in the HTTP header. The data is swapped around.

32712

The User.address~primary schema property is set to True even if no address data is given.

A patch with the patch ID VPR#32754 is available for synchronization projects.

32754

Error loading the object list during a cloud application synchronization if the object list contains an object without a creation date .

32757

The provisioning process for a cloud application's user accounts returns the wrong data for loading the objects.

32780

In synchronization projects that were created with the One Identity Starling Connect project template, mapping telephone numbers does not work when provisioning changes.

32831

Error provisioning in a cloud application if there is a read-only virtual schema property in the object matching rule.

32841

Error provisioning group memberships if the SCIM connector uses PATCH queries.

32846

Provisioning of deleted group memberships does not work under certain conditions.

32853

Changes to values of multi-valued schema properties are not correctly mapped in PUT queries.

32901

Checking for the existence of target system objects fails if there are several mappings.

32908

During synchronization, an invalid entitlement assignment is not re-enabled if it exists in Oracle E-Business Suite as a valid assignment. EBSUserInResp.XOrigin retains the value 16.

33024

Error provisioning Notes user accounts if the user account's certificate has been changed.

32705

After updating Notes group memberships, the Summary and Names options are not set on the Members schema property anymore.

32766

The process for locking Notes user accounts does not work correctly.

32947

If SAP user accounts marked for deletion are reset, the associated SAPUserInSAPRole entries remain marked for deletion and are not reset.

32727

The IsSecret and IsSystemVariable properties of the TempUserPassword variable are not all correctly set in the synchronization project.

A patch with the patch ID VPR#32781_SAP is available for synchronization projects.

32781

If a One Identity Manager user account is renamed in SAP, not all existing assignments are transferred to the new user account by provisioning, only the last one.

32807

Assigning or removing a direct membership in SAPUserInSAPRole that is already inherited generates the provisioning process.

32951

Synchronizing SAP authorizations does not load all authorization object assignments to SAP transactions (SAPTransactionHasSAPAuthObject).

33044

The reference scope for the SAPLicence table is so restrictive that in the SAP R/3 environment existing license assignments in the SAPUserHasLicence table cannot be added.

33071

On the SAP user accounts' overview form, the assigned composite profiles from a CUA's child system are not displayed.

33094

If single object synchronization is run several times sequentially on an Exchange Online mailbox, the value for XMarkedForDeletion swaps back and forth between 0 and 2.

A patch with the patch ID VPR#32768 is available for synchronization projects.

32768

Error provisioning G Suite user accounts in One Identity Manager version 8.1.2.

33073

Error loading single objects with Windows PowerShell if the parameter Identity is used.

32818

Performance problems deleting memberships during single object synchronization.

32673

In the Manager, custom columns of Datetime type are not displayed with the desired alternative column identifier for custom target systems.

32702

On the form for defining search criteria for employee assignment, employees' display names are not correctly formatted.

32876

The following error occurs when the UNSAccountB.CN template is run: Entry point was not found.

32825

In the Manager, on the Change master data form for custom groups, the category cannot be selected if it does not have a container.

31592

If an Exchange Online synchronization project is opened in an encrypted database in the Synchronization Editor, it is not possible to identify which password belongs to which user.

33118

Table 8: Identity and Access Governance

Resolved issue

Issue ID

Notifications from questions about an attestation case are sent to the wrong employee.

32809

Error adding attestation cases.

32988

Error automatically removing E-Business Suite entitlement assignments after attestation has been denied.

32961

The GenProcID in requests is emptied too quickly if an approved request's validity period is in the future.

32720

Automatic approval decisions caused by the QER | ITShop | DecisionOnInsert or QER | ITShop | AutoDecision configuration parameter settings are also decided for the chief approval team.

32743

The consistency check's repair script Requested products that are not assigned generates missing entries in the PersonInITShopOrg table with the wrong value for XOrigin.

32827

Under certain circumstances, when determining a request's approver, a fallback approver is not found although there is no regular approver.

32872

If in the second approval step of an approval workflow, the approval method EX is used and approval of the first approval step was decided automatically, the process for external approval is not triggered.

32886

If the QER-K-ShoppingRackMakeDecisionEX task is returned to the DBQueue, in One Identity Manager 8.1.2 external approval is triggered again. Therefore the process for external approval is started twice.

32898

The display name for the requested product is not displayed in requests (PersonWantsOrg.DisplayOrg) if the product exists on more than one shelf.

32969

Shops cannot be separated from shopping centers that are assigned a shopping center template.

32993

Error importing SAP functions if the One Identity Manager database is connected through an application server.

32678

If, in the permissions editor for SAP functions, one of the Add by tasks is run and One Identity Manager is running over an application server, the Manager freezes.

32789

Bad performance in the DBQueue Processor SAC-K-ProfileHasTCDInFID task.

32805

The Replace method is not available for requests with Renewal status.

33029

Error removing shops from shopping centers.

32999

In the Manager, the Additional information column (PersonWantsOrg.AdditionalData) is missing from the Request details form.

33102

Table 9: IT Service Management

Resolved issue

Issue ID

In the Manager, diverse master data are missing from the PC and server master data forms.

32922

Error adding a help desk call: Error executing script 'VI_AE_GetAttachmentPath'.

33019

See also:

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating