Chat now with support
Chat with Support

Identity Manager 9.1.1 - Release Notes

One Identity Manager 9.1.1

One Identity Manager 9.1.1

Release Notes

17 April 2023, 11:19

These release notes provide information about the One Identity Manager release version 9.1.1. You will find all the modifications since One Identity Manager version 9.1 listed here.

For the most recent documents and product information, see Online product documentation.

One Identity Manager 9.1.1 is a minor release with new functionality and improved behavior. See New features and Enhancements.

If you are updating a One Identity Manager version older than One Identity Manager 9.1, read the release notes from the previous versions as well. You will find the release notes and the release notes about the additional modules based on One Identity Manager technology under One Identity Manager Support.

One Identity Manager documentation is available in both English and German. The following documents are only available in English:

  • One Identity Manager Password Capture Agent Administration Guide

  • One Identity Manager LDAP Connector for CA Top Secret Reference Guide

  • One Identity Manager LDAP Connector for IBM RACF Reference Guide

  • One Identity Manager LDAP Connector for IBM AS/400 Reference Guide

  • One Identity Manager LDAP Connector for CA ACF2 Reference Guide

  • One Identity Manager REST API Reference Guide

  • One Identity Manager Web Runtime Documentation

  • One Identity Manager Object Layer Documentation

  • One Identity Manager Composition API Object Model Documentation

  • One Identity Manager Secure Password Extension Administration Guide

Topics:

About One Identity Manager 9.1.1

About One Identity Manager 9.1.1

One Identity Manager simplifies the process of managing user identities, access permissions, and security policies. It gives control over identity management and access decisions to your organization, freeing up the IT team to focus on their core competence.

With this product, you can:

  • Implement group management using self-service and attestation for Active Directory with the One Identity Manager Active Directory Edition

  • Realize Access Governance demands cross-platform within your entire company with One Identity Manager

Every one of these scenario specific products is based on an automation-optimized architecture that addresses major identity and access management challenges in a fraction of the time, complexity or expense of “traditional” solutions.

One Identity Starling

Initiate your subscription within your One Identity on-prem product and join your on-prem solutions to our One Identity Starling cloud platform. Giving your organization immediate access to a number of cloud-delivered microservices, which expand the capabilities of your One Identity on-prem solutions. We will continuously make available new products and features to One Identity Starling.

For a free trial of our One Identity Starling offerings and to get the latest product feature updates, visit https://www.cloud.oneidentity.com.

New features

New features in One Identity Manager 9.1.1:

General
  • Support for SQL Server 2022 with compatibility level SQL Server 2019 (150) for databases.

Target system connection
  • Now you can configure how the system handles group memberships of user accounts if the user accounts are linked to employees but do not use account definitions. Define the behavior in the QER | Person | User | KeepMembershipsOfLinkedAccount configuration parameter.

  • Support for Oracle E-Business Suite version 12.2.10.

  • Support for One Identity Safeguard version 7.1.

  • Support for Secure Password Extension Password Manager Version 5.11.1.

  • Active Roles version 8.1.1 is supported.

Identity and Access Governance
  • Support for Behavior Driven Governance for OneLogin. This includes:

    • Attestation and recertification of OneLogin application access. Assignments can be removed automatically after attestation is denied.

    • Identification of user accounts and applications that have not been used for a given period. Recertification of these assignments is started automatically. This identifies OneLogin roles that were used to assign the applications. Assignments are removed automatically if attestation is denied. The time period is stored in the TargetSystem | OneLogin | UnusedApplicationThresholdInDays configuration parameter.

    • User accounts that have not been used for a defined period can be identified. The required behavior is set up in the TargetSystem | UNS | UnusedUserAccountThresholdInDays configuration parameter.

    • Identification of applications assigned to more than one OneLogin role, and OneLogin roles that grant access to more than one application.

    NOTE: To use behavior driven governance, events with types 5, 6, 7, 8, 11, 22, 29 must be synchronized. To accelerate synchronization and reduce the number of entries in the change history, you can customize the scope of the Event schema type.

    To change the scope

    1. In the Synchronization Editor, open the synchronization project.

    2. In the navigation view, select Configuration > Target system.

    3. Select the Scope view.

    4. Click Edit scope.

    5. Select the Event schema type.

    6. Select the System filter tab and extend the existing filter definition as follows:

      event_type_id=5,6,7,8,11,22,29&since=$olgeventsincefilter$

    7. Save the changes.
  • In Microsoft Teams, you can attest teams and team memberships. Default attestation policies and default approval workflows are provided for this. There is support for automatic removal of team memberships if attestation is denied.

  • The authorization definition of an SAP function can be formulated such that all the permitted values of an authorization object must exist in order to match the SAP function. To do this, all the values to be tested are concatenated into a list delimited with + in the authorization definition.

  • Compliance rule properties extended for integrating with Easy Content Solution from IBS Schreiber. This allows the predefined Easy Content Solution rules to be imported into One Identity Manager and applied to the existing data.

See also:

Enhancements

The following is a list of enhancements implemented in One Identity Manager 9.1.1.

Table 1: General

Enhancement

Issue ID

Improved resetting of slots if the Database Agent Service causes processing errors.

35792

Improved spell checking of object keys.

35457

Improved performance when processing DBQueue Processor tasks.

36408

Improved performance of process handling.

35068, 36091

Improved help in command line tools.

35657

The Configuration Wizard displays an improved error message when selecting an existing database if the database's name contains illegal characters.

35643

Additional examples of Docker files for target systems now under https://github.com/OneIdentity in the Docker Files Repository.

34992

Improved documentation about the initial password in password policies.

35711

Improved documentation of language settings for database users.

35623

The trusted source key can be set for Docker containers.

36341

New optional parameter /alive in the DatabaseAgentServiceCmd.exe command line program for monitoring the status of the Database Agent Service. The status is checked on a 15-minute cycle.

36276

Auto-completion when writing scripts can now be enabled or disabled via an icon.

35895, 36479

The Data Import preferentially maps columns with identical names if the source columns and target columns are mapped automatically.

36047

Improved performance when generating triggers for change tracking.

35961

In the Docker container for the API Server, it now possible to connect a History Database.

36553

Improved support for manually setting the trusted source key in web applications.

36198

Improved treatment of attributes in the SCIM plugin.

36542

Table 2: General web applications

Enhancement

Issue ID

The Password Reset Portal does not display detected password policy violations as script errors.

35236

The Dojo Toolkit has been updated to version 1.17.3.

387671, 36188

The NPM packages have been updated.

385798

Requests from the API documentation (Swagger) no longer fail due to the missing X-XSRF-TOKEN header, as it is now included in the requests.

394255

Improved security of the web applications.

403744

Improved Web Portal performance.

36038, 36229, 392694

Table 3: Target system connection

Enhancement

Issue ID

Various functions required to manage a OneLogin domain are now provided in the Manager. It is now possible to:

  • Create account definitions for domains

  • Define exclusion of roles

  • Specify administrators for roles

  • Use the various reports on offer

35909

The list of permitted values for group claims of Azure Active Directory app registrations has been extended.

36441

Descriptions of Azure Active Directory policies can now be over multiple lines.

36442

Improved performance synchronizing Azure Active Directory user accounts.

35877

The BAPI transport SAPTRANSPORT_70.ZIP is also deployed as a Workbench transport for systems that do not support Unicode.

35460

Improved mapping of external identifiers (SAPUserExtID).

A patch with the patch ID VPR#35991 is available for synchronization projects.

35991

The list of Google Workspace products and SKUs was updated.

36175

Consistency checks are provided to test a system synchronization's configuration.

34371

Errors migrating synchronization projects can now be better identified and handled.

  • Migration errors are shown in the synchronization project.

  • If migration failed with an error (entry in DPRShell.LastMigrationError), changes to the synchronization project can now be saved.

  • The error message contains a reference to the patch that causes the error.

35773

Improved error message if synchronization unexpectedly quits.

36358

A single retry for loading single objects with the SCIM connector has now been implemented.

34740

Improved performance loading mailboxes in the Microsoft Exchange connector.

35175

Direct modifications of the RSECUSERAUTH table without maintaining the RSECUSERAUTH_CL change log that belongs to it in the /VIAENET/RSECUSERAUT_ADD and the /VIAENET/RSECUSERAUT_DEL functions, have been converted to the existing function modules in the SAP R/3 system (RSEC_ASSIGN_AUTHS_TO_USERS_DYN and RSEC_DELETE_AUTHS_FROM_USERS).

35917

Improved performance of SharePoint Online synchronization by optimizing the SharePoint Online connector.

35975

To allow the target system owners for SAP R/3 to handle outstanding objects, viewing permissions have been issued to the Person, Department tables, and the tables for synchronizing SAP authorization objects.

To allow the target system owners for Oracle E-Business Suite to handle outstanding objects, viewing permissions have been issued to the Person, Department, PersonInDepartment, Locality, and PersonInLocality tables.

35269

In synchronization projects for synchronizing external databases with the generic database connector, it is now possible to configure how to handle data that is not allowed in Microsoft .NET Framework and thus cannot be mapped in One Identity Manager.

34088

When setting up a synchronization project for a cloud application with the SCIM connector, the endpoint configuration data can be stored locally.

35698

Improved performance saving new synchronization projects in the project wizard.

35873

Optimized verification of object mapping rules in the Synchronization Editor. This displays any failed objects.

35959

Improved performance in the synchronization engine.

35687

The Synchronization Editor saves backup copies of scripts when they are being debugged.

35704

The maximum number of attempts at synchronizing failed objects can be set in the start up configuration.

34432

In the synchronization workflow, you can configure whether additional testing takes place if conflicts occur due to simultaneous handling of objects in the target system.

36472

A workaround has been implemented for the missing UI support for encrypted connections of the SAP HANA ADO.NET provider.

35828

Improved documentation of the permissions required for registering an enterprise application for One Identity Manager in the Azure Active Directory tenant.

36385

Table 4: Identity and Access Governance

Enhancement

Issue ID

Improved displaying of samples and policy collections in the Attestation category of the Manager.

35844

Attestation runs that were not completed due to processing errors can be canceled in the Manager and then restarted.

35566

Improved performance recalculating approvers for IT Shop requests.

33934, 35600

Improved delegation performance if the original approver needs to be notified.

36023

In the Manager, multi-request resources are displayed in the request history under Approved requests.

36504

The ReducedApproverCalculation configuration parameter is now considered when determining the fallback approver.

36483

See also:

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating