Chat now with support
Chat with Support

Password Manager 5.14.2 - Release Notes

Deprecated features

The following is a list of features that are no longer supported starting with Password Manager 5.14.2.

Legacy Password Manager User Site

CAUTION: Starting from release 5.14.2, the legacy Password Manager User Site is deprecated and removed from the product. Because of this, installing Password Manager 5.14.2 will remove any configured instances of the legacy User Site.

One Identity strongly recommends to configure the new Password Manager Self-Service Site for use before upgrading to Password Manager 5.14.2.

QESSO integration

QESSO integration has been deprecated.

Resolved issues

The following is a list of issues addressed in Password Manager 5.14.2.

Table 2: Resolved issues – General Password Manager issues

Resolved issue

Issue ID

Previously, if administrators have allowed users to authenticate with their expired passwords, then user authentication with the User must change password at next logon account flag selected did not succeed.

This issue has been fixed, so the password change functionality now allows users to provide their old passwords and change it to a new one.

458577

Fixed the handling of the mailNickname attribute in the User Properties Rule of password policies. The handling now works as expected.

442723

Increased stability when adding an Authenticate with password activity to a workflow, with the Authenticate user with expired password setting or Authenticate disabled user setting also enabled.

442090

Certain vulnerable libraries used by Password Manager have been updated to non-vulnerable libraries.

414327

Table 3: Resolved issues – Password Manager Administration Site

Resolved issue

Issue ID

The Auto Generated password radio button is now selectable without email and SMS options.

444629

You can now save the Clear old records from reporting database task settings with the Archive option selected.

440212

Previously, the Reset password in connected systems through embedded connectors workflow activity could not load its settings.

This is now fixed, so administrators can now edit the settings of this activity.

420963

Table 4: Resolved issues – Password Manager Self-Service Site

Resolved issue

Issue ID

Previously, Self-Service initialization did not work on servers other than PMService. This issue has been fixed.

455371

Removed a potentially vulnerable server setting from the Self-Service Site.

447194

The Self-Service Site API no longer requires opening its Swagger page after a restart to operate.

443152

In the Authentication methods activity, the personal authentication options are now available as configured.

441896

Fixed an issue where the Passcode and Phone authentication availability was not re-checked each time when the Authentication Methods activity was opened.

441143

Added the previously missing translation for the Authenticate via phone activity token input field.

441053

In some cases, the Manage My Profile activity could modify the answers without new inputs. Now the activity consistently keeps or updates the answers based on the user's actions.

441037

The Old password field in the Change Password in Active Directory activity is now available whenever the user must update their password.

441028

The title of the previous user search is now consistent and only updates when a new search action is initiated.

441016

Table 5: Resolved issues – Password Manager Helpdesk Site

Resolved issue

Issue ID

Previously, the search function of the Helpdesk Site might potentially fail even when entering valid search terms. This issue is now fixed.

444773

Table 6: Resolved issues – Password Manager Secure Password Extension

Resolved issue

Issue ID

Fixed a potential security vulnerability in Secure Password Extension (SPE).

The Chromium component of SPE has been also updated to 126.2.7.

460592

Known issues

The following is a list of issues, including those attributed to third-party products, known to exist at the time of release.

Table 7: Known issues

Known issue

Issue ID

When User Principal Name (UPN) is used as service account, installing a Password Manager hotfix can lock the service account.

Workaround

To solve the problem:

  1. Change the service account to the domainname\username format.

  2. Provide a password for the same service account user.

  3. Install the Password Manager hotfix.

255614

Following a Password Manager upgrade, the General > Settings > Scheduled Tasks > Active Directory Sites task is disabled.

Workaround

After upgrading Password Manager to a newer version, enable the Active Directory Sites task manually.

246147

When scheduled from the secondary instance of the Password Manager server, the General Settings > Unregister Users task does not run.

Workaround

Schedule the Unregister Users task on the primary instance of Password Manager.

233679

If the application pool identity is a domain user with minimal permissions, then Web interface customization changes are not applied to the Self-Service and Helpdesk Sites.

233658

In the General Settings > Instance Reinitalization page, the Corporate phone attribute is not imported from the primary instance to the secondary instance.

Workaround

Update the Corporate phone attribute manually on the secondary instance to have the same value as on the primary Password Manager instance.

229200

If the Password Manager Self-Service Site contains an IPv6 address, the location-sensitive authentication (LSA) feature does not work.

Workaround

LSA currently supports IPv4 addresses only. Therefore, do not access the Password Manager Self-Service Site from an external network where the request contains an IPV6 address.

221571

When configuring a dictionary rule in the Password Manager Administration Site, the Policy Rules > Dictionary Rule > Enable dictionary lookup to reject passwords that contain > Beginning characters of a dictionary word setting does not work correctly if you specify only 2 beginning characters.

Workaround

One Identity recommends using the A complete word from the dictionary (QPMDictionary.txt) setting when configuring a dictionary rule.

221468

If no appropriate authentication methods are configured for it, the Forgot My Password screen may appear blank in the Password Manager Self-Service Site or Helpdesk Site.

Workaround

In the Password Manager Administration Site, One Identity recommends configuring the Register workflow with Security Questions as one of its registration modes.

221389

When a symmetry rule is configured with the Policy Rules > Symmetry Rule setting of the Password Manager Administration Site, it may fail to validate passwords containing non-consecutive characters.

Workaround

Do not use the Policy Rules > Symmetry Rule > Maximum number of consecutive characters within a password, that read the same in both directions (pass4554word) setting.

220177

In a Password Manager for AD LDS environment, if the User Scope is configured with an AD LDS account, the Forgot My Password and Manage My Passwords workflows will fail.

Workaround

When configuring a User Scope, do not use The following AD LDS account setting of the Access account > Edit AD LDS Instance Connection dialog.

220171

When a Questions and Answers Policy is updated with any language other than English, users may receive both the default and the custom email notifications on the Password Manager Self-Service Site.

Workaround

For the Email user if workflow succeeds workflow, change the value of the Select email template to use setting to Customize.

219401

Upgrading Password Manager from version 5.6.3 to 5.9.x keeps the previous My Questions and Answers profile workflow.

Workaround

To solve the problem:

  1. In the Password Manager Administration Site, navigate to the My Questions and Answers profile workflow.

  2. Open Workflow Settings > Availability.

  3. Set Enable the workflow to Never.

  4. Select Show the workflow on the Self-Service Site.

  5. To apply your changes, click OK.

215892

The User Status Statistics scheduled task may fail intermittently.

171590

After upgrading to Password Manager 5.9.x, the My Notifications custom workflow cannot be edited in the Password Manager Self-Service Site.

Workaround

One Identity recommends to use the Self-Service Site to edit the My Notifications workflow.

171589

When using Password Manager for AD LDS, the Password Policies page of the Administration Site is not updated when a password policy is created.

Workaround

After a new Password Policy is created, click Save, and immediately cancel the Add New Policy wizard. The page will refresh and list the new policy.

170587

After upgrading to Password Manager for AD LDS 5.9.x, the General Settings > Search and Logon Options menu may display an error when its settings are modified.

Workaround

To solve this problem:

  1. In the Password Manager for AD LDS Helpdesk Site, navigate to General Settings > Search and Logon Options.

  2. In the Users must enter the following user account attribute for identification setting, change the value from sAMAccountName to cn.

170560

In Password Manager for AD LDS, certain column data required for custom activities are not available in generated reports.

170355

After upgrading Password Manager from an earlier version to 5.9.x, the upgrade process may create duplicate URL references for the Password Manager User Site.

Workaround

Manually delete URL shortcuts that are not required.

169921

When a Password Manager for AD LDS instance and the Password Manager for AD LDS server instance are not configured on the same machine, Password Policy Rules are not displayed in the Password Manager for AD LDS Self-Service Site.

Workaround

Configure the Password Manager for AD LDS instance and the Password Manager for AD LDS server instance on the same machine.

169763

The user search settings of the Password Manager for AD LDS Helpdesk Site may work incorrectly.

Workaround

To solve the problem:

  1. In the Password Manager for AD LDS Helpdesk Site, navigate to General Settings > Search and Logon Options.

  2. Use the cn attribute instead of mail to search for users.

169384

The Password Manager Self-Service Site may not launch on Secure Password Extension (SPE) through a 32-bit operating system.

Workaround

If you have a 32-bit operating system, One Identity recommends to use the Self-Service Site.

167871

When a password is changed from the target Active Directory (AD) system to that of the source AD, One Identity Quick Connect may be unable to synchronize passwords.

Workaround

Restart the Quick Connect Capture Agent Service on all the source and target systems.

167573

In Password Manager versions 5.8.2 and 5.9.x, you can only reconnect to a domain on the second attempt.

Workaround

To solve the problem:

  1. In the Password Manager Administration Site, select the User Scope, Helpdesk Scope or Password Policy you want to configure.

  2. Click Add domain connection twice to add a new domain connection.

166950

In email notifications, the #OPERATOR_ACCOUNT_NAME#, #OPERATOR_IP#, #WORKFLOW_RESULT#, and #WORKFLOW_SUMMARY# parameters are not populated.

141728

On Windows Server 2019, the Password Manager Service and One Identity rSMS Service may stop.

Workaround

To solve the problem, make sure that the domain controller machine and the clients are at two separate entities.

127587

When editing a dictionary file between the size of 10–20 MB from a Password Policy, the web browser session may crash, and an error may appear in the Windows Event Viewer.

Workaround

If you must modify a dictionary file larger than 10 MB, edit it from the domain machine where Password Policy Manager (PPM) is installed.

115957

When performing a password reset with the Password Manager Helpdesk Site, the site also accepts the previous/old password.

Workaround

Manually enter a different password during the short duration of the password reset.

114822

System requirements

Before installing Password Manager 5.14.2, ensure that your system meets the following minimum hardware and software requirements.

NOTE: When setting up a virtual environment, carefully consider the configuration aspects such as CPU, memory availability, I/O subsystem, and network infrastructure to ensure the virtual layer has the necessary resources available. For more information about environment virtualization, see One Identity's Product Support Policies.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating