release-notes.pdf

Hitachi ID Password Manager 10.0.4 Release Notes Software revision: 10.0.4 Document revision: 6484 Last changed: Sunday 23rd April, 2017 © 2017 Hitachi ID Systems, Inc. All rights reserved. Contents 1 Password Manager 10.0.4 3 1.1 Features and Improvements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1.1 Component framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1.2 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1.3 Privileged access usability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1.4 Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1.5 Plug-ins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1.6 Replication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1.7 Requests app . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.1.8 Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.1.9 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.1.10 Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.1.11 Workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.2 Resolved Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.2.1 API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.2.2 Auto discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.2.3 Component Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.2.4 Group management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.2.5 Identity management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 1.2.6 IDMlib . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 1.2.7 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 1.2.8 Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 1.2.9 Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 1.2.10 Mobile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 i Password Manager Release Notes 1.2.11 SKA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 1.2.12 Notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 1.2.13 Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 1.2.14 Privileged access configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 1.2.15 Privileged access usability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 1.2.16 Plug-ins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 1.2.17 Profile attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 1.2.18 Replication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 1.2.19 Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 1.2.20 Requests app . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 1.2.21 Session monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 1.2.22 Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 1.2.23 Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 1.2.24 Usability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 1.2.25 User Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 1.2.26 Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 1.2.27 Workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2 Password Manager 10.0.3 11 2.1 Features and Improvements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.1.1 Add-ons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.1.2 API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.1.3 Auto discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.1.4 Component Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.1.5 Logging / Health check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.1.6 Mobile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 2.1.7 Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 2.1.8 Python / IDMLib . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 2.1.9 Reports and dashboards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 2.1.10 Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.1.11 Usability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.1.12 Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 © 2017 Hitachi ID Systems, Inc. All rights reserved. . 19 3.2 Resolved Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 2. . 17 2. . . . . . . . . .8 User interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2. . . 15 2. . . . .2. . . . . . . . . . . . . . . . . . . . . .1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 © 2017 Hitachi ID Systems. .6 SKA / Login Assistant . . . . . . . . . . . . .1. . . . 15 2. . . . . . . . .5 Python / IDMLib . . . . . . . . 20 3. . . . . . . . . 14 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.11 Replication . . . . . . . .3 Auto discovery . . . . . . . . . . . . . . . . 16 2. . . 14 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .0. . . . . . . . . . . . . . . . . . . . . . . All rights reserved. . . . 19 3.1. 19 3. . . . . . . . . . . . . . . . .7 Mobile . . . . . . . . .2. . . . . . . . . . . . . . . . . . .1 Auto discovery . . . . .2. . . . . . .13 Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 3. . . . . . . . . . . .2. . . . . . . . . .14 Upgrade . . . . . . . . . .17 User interface . . . . . . . . . . . . Password Manager Release Notes 2. . . . . . . 14 2. . . . . .13 Workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1. . . . .12 Reports and dashboards . . . . . . . . . . . . . . . . .2. . . . . .2 19 3. . . . . . . . . . .15 Usability . . . . . . . . 20 3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.2. . . 20 3. . 19 3.1. . . . . . . . . . . . . . . . . . Inc. . . . .1 API . . . . . . . . .2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 2. . . . . . . . . . . . . . 15 2. . . . . . . . . . . . . . . . . . . . . . 14 2. . . . . .2 Applications . . . . . . . . . . .2 Component Framework . . . . . . . . . . . . 14 2. . . . . . . . . . . . .4 Component Framework . . . . . . . . . . . . . . . . . . . . . . . . . . .8 Notification . . . . . . . . . . . . . . . . . . .3 Performance . . . .2 Resolved Issues . . . . . . . . . . . . . . . 17 2. . . . . . . . .2. .2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 3.16 User classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4 Plug-ins / Event triggers . . . . . . . . . . . . . . . . . . . . .1. . . . . . . . 16 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10 Python / IDMLib . . . . 16 2. . . . . . . . . .6 Services . . . . . . . . . . . . . 13 2.2. . . . . . . . . . . . . . .18 Workflow . . . . . . . . . . . .1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 2. . . . . . . . .2. . . . . . . . . . . . . . . . . .2.9 Plug-ins / Event triggers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 3 Password Manager 10. . . .2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2. . . . . . . . . . . . . . . . . . . . . . . . . 17 2.1 Features and Improvements . . . . .5 Installation / Setup . . . . . . . . .1. . . . . . . . . . . . 17 2. . . . . . . . . . . . . . . .2. . . . . . . . . .1. . . . . . . . . . . . . . . . .7 Usability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2. . . . .1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1 API . . 27 4. . . . . . . . . . . . . . .5 Upgrade . . . . . . . . . .16 Telephone Password Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2 Authentication .1. 27 4.19 User interface . . . .2. . . . . . . . . . . . . . . . . . . .11 Profile attributes . . . . . . . . . . . . . 22 3. . . . . . . . . . . . . . . . . . . . . . 22 3. . . . .2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4 Plug-ins / Event triggers . . . . . 26 4. . . . . . . . . . . . . . . . . . . . .14 Reports and dashboards . . . . . . . . . . . . . . 27 © 2017 Hitachi ID Systems. . . . . . . . . . . . . . .2. . . . . . . . . 23 3. . . . . . . . . . . . .20 Workflow . . . . . .6 Maintenance . . .2. . . . . . . . . . . . . . . . . . . 21 3. . . . . . . . . . . . . . . . . . . . . . . . . . . .17 Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6 User interface . . . . . . . . . 21 3. . . . . . .2. . . . . . . . . . . . . . . . . . . . . . .2. . . . . . . . . . . . . . .5 Mobile . . . . . . . 21 3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2. . . . . 26 4. . . . . . . . . . . . . . . . . . . . . . . . . 24 3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2. .2. . . . . . . .1. . . . . . . . . . . . . 27 4. . . . . . . . . . . . . .9 Personal vault app . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2. . 27 4. . . 23 3. . . . . . . . . . . . . . . . . . . . . . . . 23 3. .1. . .2. . . . . . . . . . . . . . . . . . . . . . . . . . . 21 3.3 Auto discovery . . . .8 Performance .4 Component Framework . . . 26 4. . . 23 3. . . . . . .3 Installation / Setup . . . . . . . . . . . . .2. . . .10 Plug-ins / Event triggers . . . . 24 3. .1 API . . . . . . . . . . . . . . . . . . . . 22 3. . . . . . . . . .7 Workflow . . . . . . Password Manager Release Notes 3. . . . . . . .15 Security . . . . . . . . . . . . . . . . . . . .2. . . . . . . . . . . . . . . . .2. . . . . . . . . . . . . . . . . . . . . . . .2. . . . . . . . . . . All rights reserved. . . . . . . . . . . . . . 26 4. 23 3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2. . . . . . . .2 Authentication . . . . . . . . . . . . . . 22 3. . . .1.0. . . . . . . . . . . . . . . . .2. . . . . . . . . . . . . . . . . . .1 API . . . . . 25 4 Password Manager 10. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.1 26 4. . . . . . . . . . . . . . . . . . . . . . 27 4. . . . . . . . . . . . .13 Replication . . . . . . . . . . . . . . 24 3. . . . . . 21 3. . . . . . .1. . . . . .12 PSL ANG . . . . . . . . . . . . . . . . .7 Notification . . . . .18 Usability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Inc. . . . . . . . .1 Features and Improvements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 3. . . . . . . . . . . . . . . .2. . . . . . .2. . . . . . . . 24 3. . . . . . .2 Resolved Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8 Licensing . . .12 Profile and request attributes . . . 29 4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 4. . . . . . . . . . . . . . . . . . . . . . . .14 Reference build . . .2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 5. . . . . . . . . . .18 User classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . All rights reserved. . . . . . . . . . . . . . . . .1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 5. . . . . . . . . . . . . . . . . . . . . . . . 35 5. . . 28 4. . . . . . . . . . . . . . 30 4. . . . . 30 4. . . . . . . . 28 4. . . . . . .0 32 5. . . . . . . . . . . . . . . . . . . . . . . . . 31 5 Password Manager 10. . 35 © 2017 Hitachi ID Systems. . . . . . . . . . . . . . . . . .4 Auto discovery . . . . . . . . . . . . . . . .2. . . . . . .7 Notification . . .13 Python / IDMLib .2 Authentication . . .15 Replication . . . . 31 4. . . . . . . . . . . . . . . .2. . . . . . . . . . . .1. . . . . . . . .1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 4. . . . . . . . .10 Performance . . . . . . . . . . . . . . . . . . . . . . . . . . 30 4. . . . . . .2. . .2. . . . . . . . . . . . .2. . . . . . . . . . . . . . . . . . . . . . . .1 Add-ons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5 Mobile .1. .2. . . . . . . . .9 Password policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 5. . . . . . . . . . . . . . . 28 4. . . . . . .10 Mobile . . . .11 Plug-ins / Event triggers . . . . . .1. . . . . . . . . . . . . . . . .19 User interface .2. . . . . . . . . . . . . . . . . . . . . . . .7 Installation / Setup . . . . . . . . . .16 Reports and dashboards . . . . . . . . . . . . . . . .6 Database . . . . . . . . . . . . . . . . . Inc. . . . . . . . . . 34 5. . .1. . . . . . .3 Installation / Setup . . . . . . . . . . . . . . 28 4. . . . . . . . . . . . . .20 Workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2. . 34 5.1. . . . .2 API . . . . . . . . . . . . . 32 5. . . . . . . . . . . . . . . 32 5. . . . .1. . . . . . . .2. . . . . . .8 Password management . . . . . . . . . . . . . .2. . . . . . . . .3 Authentication . .2. . . . . .2. . . . . .2. . . . . . . . . . . . . . . . . 29 4. .17 Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1. . . . . . . . . . . . 29 4. . . . . . . . 30 4. .4 Logging / Health check . . . . . . . . .0. . . . . . . .2. . . . . . . . . . . . . . . . . . . . . . . . . . . .2. . . . 30 4. . . . . . . . . 29 4. . . . . . . . . . . 33 5. . . . . . . . .6 Miscellaneous .1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9 Logging / Health check . . . . . 27 4. . .1 Features and Improvements . . . Password Manager Release Notes 4. .2.2. . . . . . . . . . . . . . . . . . . . . . .2. . . . . . . . . . . . . .5 Branding . . . . . . . . . . . . . . . . . . 29 4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2. . . . . . . . . . . . . . 41 5. . . 45 5. . . . . . . . . . . . . . . . . . 45 5. . . . . . . . . . . . . . . 44 5. . . . 43 5. . . . . . . . . . . . . . . . . .2. . . . . 42 5. . 37 5. . . . . . . . . . . 41 5. . . . . . . . . . . . . . . . . 47 5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13 Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20 Services . . . . . . . . . . . . . . . . . . . .2 Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 5. . . . . . . . . . . . . . . . . . . . . . . . . .11 Managed Account Groups . . . . . . . 48 5. . . .2. . . . . . . . . . . . . . . . . . . . . .4 Database . . . . . . . . . . . . . . .1. . . . . . . . . . 46 5. . . . . . .2. . . . . . . . . . . . . . . . . . . . . .16 PSL ANG . . . . . . . . . . . . . . . . . . 46 5. . . . . . . . . . . . . .2.22 User classes . . . . 41 5. . . . . . . . . . . .19 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 5. .16 Replication . . . . . . . . . .2. . . .2 Resolved Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11 Notification . . . 36 5. . . . .2. . . . . . . . . . . . . . . . . . . . . . . . . 47 5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2. .17 Replication .1. . . . . . . . . . . . . . . . . . 42 5. . . . . . . . . . . . . . . . . . . . . .1 Add-ons . . . . . 46 5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2. . . . . . . . . . . .23 User interface . . . . . . . . 49 5. . . . . . . .12 Password reset . . .1. . . . . . .10 Miscellaneous . . . . . . . . . . . . . . . . . . . . . . . All rights reserved. . . . .13 Notification . . . . . . . .5 Installation / Setup . . . . . . . . . . . . . . . . . . . .14 Password management .1. . . . 49 © 2017 Hitachi ID Systems. . . .6 Licensing . . . . . . . . . . . . . . . . . . . . . . .1. . . .24 Utilities . . . . . . . . . 38 5.9 Managed Account Groups . . . . . . . . . 48 5. . . 45 5. . . . . . . . . . . . . . . . . . . . . . . 36 5. . . 38 5. . . . . . . . . . . . . . . . .15 Profile and request attributes . . . . . . . . . . . . . . .1. . . . Password Manager Release Notes 5. . . . . . . . . . . . . . . . . .2. . . . . .1. . . . . . . . . . . . . Inc. . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 5. .2. . . . .1. . . 36 5. . . . . . . . . . . . . . . . . . . 36 5. . . . . .15 Plug-ins / Event triggers .18 Reports and dashboards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3 Auto discovery . . . 48 5. . . .21 Usability . . . . . . . .2.1. . . 45 5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2. . . . . . . . .8 Maintenance . . . . .2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2. . . .14 Plug-ins / Event triggers .12 Miscellaneous . . . . . . . . . . . . . . . .7 Logging / Health check . . . . . . . . . . . . . .1. . . . . . . . . . . . . . . . . . . . . . . .1. . . . . . .25 Workflow . . . . . . . .1. . . . . . . . .1. . . . . . . . . . . . . . . . . . . .1. .2. . . . . . . . . . 47 5. . . . . .1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17 Reports and dashboards . . . . . . 52 © 2017 Hitachi ID Systems. . . . . . . . . . . . Inc. . . 51 5. .2. . 50 5. . . . . . . . . . . . . . . . . . . . . . . . . . . . Password Manager Release Notes 5. . . . . . . . . . . . . . . . . . .18 Security . . . . . . .24 Utilities .23 User interface . . . . . . . . . . . . . . .21 Usability . .2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . All rights reserved. . . . . . . . . . 52 5. . . 51 5. . . . . . . . . . . . . . . .2.2. . . . . . . . . . . . . . . . .2. . . . . . . . . . . . . . . . . . . . . . . . . . .20 Upgrade . . . . . . .22 User classes . . . . .2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19 Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 5. . . . . 50 5. . 51 5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25 Workflow . .2. . . . . . . . . . . . . 49 5. . . . .2. . . . . . . . . . . . . . . . . .2. . . . . . Hypertext links – click the link to jump to a section in this Purple text document or a web site External document – click the link to jump to a section in another Magenta text document. . . 1 . . text fields. © 2017 Hitachi ID Systems. The links only work if the documents are kept in the relative directory path. . displayed in . All rights reserved. batch files. [brackets] Terms unique to Hitachi ID Identity and Access Management italics Suite Button names. as typed into configuration files. and data entry fields Wrapped lines of literal text (indicated by the → character) Write this string as a →single line of text. and menu items boldface Web pages (names) italics and boldface Literal text. [Enter] key on a keyboard. monospace font command prompts. Inc. Variable text (substituted for your own text) <angle brackets> Non-text keystrokes – for example. Hitachi ID Password Manager Release Notes Conventions This document uses the following conventions: This information . Inc. Password Manager Release Notes DISCLAIMER!: The following is a list of features and enhancements made to Password Manager for the Password Manager 10.0.4 release. they may contain minor errors or omissions. 2 . © 2017 Hitachi ID Systems. Although every effort has been made to ensure the accuracy of these release notes. All rights reserved. 1. Scenario.1.1 Component framework • Added a new component. 3 .3 Privileged access usability • When searching by resource attributes.Password Manager 10.pam_disclosure_sqldeveloper.1.1 Features and Improvements 1.1.2 Installation • Python 3.1.pam_disclosure_mysql_cli.0.5 Plug-ins • Added model user information to attribute validation.5. which creates a disclosure plug-in designed to run SQL Developer.4 Provisioning • Added new system variable MODELAFTER_SHOW_DIFFS. 1.6 Replication • Added pwdconflicts utility to list. up to seven additional columns can be added. restricted values.1. 1. the profile compari- son page will show only the different entitlements by default.3 is now required for installation by agtpython and pxpython. 1. which creates a disclosure plug-in designed to run MySQL client tools.1. • Added new component. and request rewrite plug-ins.4 1 features1004 1. 1. resolve or force randomize accounts with passwords in conflict. Scenario. When it is enabled. © 2017 Hitachi ID Systems.10 Utilities • Modified utility licviewer to list limited-license Hitachi ID Privileged Access Manager. 1.9 Security • Split the user access rule reset privilege into reset and resetexpirepw.1.1. 1.11 Workflow • For phased authorization.1. Hitachi ID Password Manager Release Notes 1. 1. 1. IDWFM_AUTH_PHASE_PROPAGATION allows the authorizer’s response in the first phase to be propagated to later phases. if an authorizer is configured to be in more than one phase. Inc.8 Search • The advanced user search has been improved to allow searching for users based on configured profile attributes.7 Requests app • Update made to the Requests app to include authorization reasons in detail panel pop-up for the authorizers. All rights reserved. 4 .1.1. 2. • Corrected an issue so that groups can be re-managed after being un-managed as a result of being invalidated. Hitachi ID Password Manager Release Notes issues1004 1. • Fixed auto discovery so that it no longer tries to delete discovered computer systems. All rights reserved. • Corrected a race condition causing failure to pick up work from queue.2. © 2017 Hitachi ID Systems.1 API • Corrected an issue so that administrator group ACLs are propagated for API Service (idapi) sessions.2 Auto discovery • The psupdate_loaddb_pre script will not be executed until after the agent has completed listing. • Fixed an issue with discovery so there are no AccountMerge errors if an account ID case is changed on the target system. • Processing does not halt after looking up attributes in empty lookup tables with the attribute calculation policy table. • The im_corp_detect_automated_rehire component now includes the implementor related components.2 Resolved Issues 1. 1.2. 5 . • The gm_folder_create component has been improved to allow the use of the im_policy_implementer_tasks_plugin component. • Updated the hid_impersonate component to verify and correct the case of userids.4 Group management • Unmanaged groups are now properly removed from user profiles.2.3 Component Framework • Fixed health check to properly handle changed configurations by clearing last run results between health check runs. 1. • Change made to component management to improve upgrade of internal database. 1. Inc. • Fixed proxy list validation when creating a target via API Service. 2. All rights reserved.8 Logging • Fixed a logging issue for the event triggered by unbinding managed accounts that no longer satisfy an import rule.6 IDMlib • Updated the Python IDMLib library log handler to handle exceptions during emit in the same way as the parent logging handler class. • Added a pre-upgrade license check for limited-license Hitachi ID Privileged Access Manager to the installer. 1.9 Maintenance • Scheduled jobs will now allow administrators to select nodes if any of the nodes associated with the job are orphaned. 1. • Profiles with NULL audittimes can now be invalidated when resyncing profiles.2. • Discovered subscribers are no longer cleared by the list operation. 1. • Fix an issue where access to a network resource is either restricted or not managed by the Hitachi ID Group Manager shell extension.7 Installation • Messaging service is installed correctly after a reinstall. Hitachi ID Password Manager Release Notes 1.2.2.5 Identity management • Roles with auto-assignment are disabled for removal in PDR. 1. • Corrected issue so that the CHECKED_LOCKED_ACCOUNTS system variable is ignored when as- sisting users as a help desk user. © 2017 Hitachi ID Systems. 6 . • Updated installer to check that the default database of the SQL Server login account is set to the dedicated database.2. • Enhanced UserattrMerge performance during auto discovery. 1. • Changed setup to report an error when the account running services is not the expected account.10 Mobile • Updated Mobile Worker Service (mobworker) such that push notification will be properly sent. Inc.2. 1.14 Privileged access configuration • Invalid accounts are no longer available when selecting accounts to add to a managed system policy. • Disabled Windows Script Host and PowerShell for Login Assistant SKA account. • KVGroup input to the attribute validation plug-in now includes a KVGroup for managed system policy in group set requests. • RDP connections with Login Assistant SKA installed will not prompt for credentials twice. 1.2. 7 . Hitachi ID Password Manager Release Notes 1. • Added a database query to remove a potential deadlock situation when running a database re-index during an ImportTestProfileList stored procedure call. • Fixed password reset to properly resolve procedures that are run out of sequence. 1. • Checked out accounts are not unbound unexpectedly by an import rule with "Unbind objects if they no longer satisfy this rule" selected. • Corrected an issue so that LWSGrpMbrLoad stored procedure handles duplicate group memberships of an account that differs in case. • Fixed managed system policies to properly release local service mode policies. • Modified behavior so that orchestration only happens when managed accounts have at least one subscriber defined. © 2017 Hitachi ID Systems. • Enhanced ImportTestProfileList stored procedure by omitting history table for a select statement.2. Inc.2.12 Notification • Changed user notifications to support additional session parameters for redirection. • Fixed pslocalr ActiveX control to work properly on a workstation where SKA is installed. • Added multiple credential support for import rule credential plug-ins. • Corrected behavior so that an unsuccessful initial password randomization on managed credentials does not break target system credentials.13 Performance • The authorization chains selection has been improved to prevent multiple executions. All rights reserved.2.11 SKA • Fixed Hitachi ID Login Assistant on Mac OS X Sierra to no longer launch system prompts when logging in to the secure kiosk account (SKA). • Corrected an issue so that the Browser control access disclosure plug-in correctly passes in the value set in the usernamefieldids field. 1.exe plug-in to allow for the proper authentication of RSA Authentication Manager tokens. • Removed duplicate colons for attribute descriptions from the update attributes pop-up.15 Privileged access usability • Disclosure plug-ins can now be run consecutively in the Privileged access app. 1. 8 .2. • Updated the installer and database procedures to avoid resynchronization failures on replication nodes caused by foreign key constraints. 1. • The implementor task component plug-in will default the isimpltask setting to true. Inc. • Fixed the valiace. • Fixed scheduled reports so that they can be re-assigned to other replica nodes. • Corrected an issue so that child attribute values can be updated in a pre-defined request regardless of whether their parent attribute value is updated in the same request. All rights reserved.18 Replication • Corrected issue so that passwords ending up in the incomplete status are fixed in a tri-node replication environment. © 2017 Hitachi ID Systems.2. 1. the dropdown list only contains applicable restricted values based on the parent attribute and can be properly updated.17 Profile attributes • Fixed an issue so that in a hierarchical attribute setup that requires a child attribute value.16 Plug-ins • Changed input to AUTH CRITERIA MOD plug-in to provide the initial event in the extras KVGroup. access. Passwords for personal vault accounts are no longer optional. • Restricted the number of characters for personal vault accounts. • Fixed behavior so that managed systems. Hitachi ID Password Manager Release Notes 1. • Explicitly attaching a group to a group set marks all same name groups as attached. and monitored users can be properly defined using the search widget when updating user attributes in a Sessmon request search request.2.2.19 Reports • Reports can be e-mailed in PDF format without excessive system usage. • Corrected logic when filtering on minimum or maximum entitlements in summary mode of Resources per user report.2. • Upgrade removes dirty data to avoid upgrade failures. 1.2. Hitachi ID Password Manager Release Notes • Implementers report now can correctly return explicitly assigned implementers.x to current release. All rights reserved. • Sessions without screen captures can be viewed. • After upgrading from IDM v8. 1. © 2017 Hitachi ID Systems.status (TERRQ) and logic around it with the revokedby column in PAM checkout tables. • Fixed issue so that Guacamole session package generation containing video is successful. • User search displays invalidated users to have a strike on them. • Replaced termination request smstatus.22 Services • The Workflow Manager Service (idwfm) will allow the authorization script to finish before allowing authorizers to take action on requests.20 Requests app • The Requests app now can be accessed by notification and e-mail links if the module link was removed due to customization. Other capture types are displayed.2.2. • Fixed installer so that it does not fail during pre-installation tasks during upgrade if the replication nodes contain different data keys. • Removed system variables SMON_TERMINATE_ON_CHECKIN and SMON_TERMINATE_BY_ADMINISTRATOR. 9 . the override button in the PSA console is available.2. 1. 1. • Modified behavior so that only content types that were recorded in a session package can be included in a session package download request.x and 9. Inc. • Guacamole video recordings are now generated correctly when downloaded.23 Upgrade • Fixed an upgrading issue from 8.4 on SQL Standard. • Corrected an issue so that the status of Guacamole sessions is set to complete when account access is checked in. • Size of screenshot is now calculated and displayed for guacamole sessions.21 Session monitor • Added an icon to indicate the video can be resized in the session monitor view session virtual window.2. 1.2. • New subscribers that have an account ID that differs in case with other subscribers can be listed after upgrade. • Improved upgrade process to make sure the API user is enabled during upgrade. 10 .X. • Fixed a potential race condition issue for new group create requests. • Changed CGIs to prevent HTTP response splitting. • Enhanced workflow performance by reviewing workflow request table indexes.2. • Updated the Requests app to display the ellipsis properly across different browsers. © 2017 Hitachi ID Systems.24 Usability • "Configure event" pop-up now updates the parent page properly upon closing. Hitachi ID Password Manager Release Notes • The "Password database synchronizer" scheduled job is removed when upgrading from 9. • Upgrading will not cause component errors if IDMSuite Health check Disk space is missing non- required arguments.27 Workflow • The Workflow Manager Service (idwfm) no longer sends administrator e-mails when no escalation plug-in is set.2.25 User Interface • Changed user interface inclusions to allow components to add custom user interface modifications. • Improved upgrade to avoid database failure when the value of segid is zero in table deleg. • A check for orphaned managed accounts is performed when upgrading from 9.X instances.0. • Corrected an issue so that the "List resources from discovered target systems" scheduled job contains the updated command-line arguments after upgrade. NodeName and idarch registry keys during syncreg. 1.26 Utilities • Fixed updinst ignore GUIDMask. The orphaned accounts must be fixed or ignored. 1. 1. All rights reserved. Inc.2.0. 1 Features and Improvements 2. Scenario.1.1.4 Component Framework • Added a new component.3 2 features1003 2. • Cleaned up Health check UI by eliminating the redundant inclusion of ‘Health Check’ in the name of the components. 2. 2. request attributes whose values are already matching their mapped profile attribute values will be kept in the request.3 Auto discovery • Auto Discovery has been improved to resynchronize newly discovered accounts with existing profiles.5 Logging / Health check • Removed secondary IDMLib request logging.Password Manager 10. 11 . 2.2 API • Add InstanceProxyList IDAPI function to list the configured proxy servers to run operations on target systems. which creates a disclosure plug-in designed to run MySQL client tools.pam_disclosure_mysql_cli.1 Add-ons • Added support for MAC OS X Sierra for the Login Assistant and SKA.0. When includeRedundant is set to true. • Limited the UserClassPointCacheUpdateUser stored procedure calls when submitting IDMLib idtrack requests. Otherwise. • Added new argument includeRedundant in API service WFRequestAttrsSet.1.1. 2.1. they will be removed from the request. • Added support for managed account attributes in ResourceAttrsSet/Get/Del API calls. © 2017 Hitachi ID Systems. • Added the Private proxy server URL parameter for the Mobile Worker Service (mobworker) to allow for session persistence with the Hitachi ID Mobile Access proxy servers. • Enhanced the ’Effective role assignment report’ with new search criteria so that report2pdr can automatically assign roles to users who already have most of the entitlements required for a role. Inc.7 Performance • Improved the response time of the ’Accounts’ report for systems with many accounts. Also added the last 6 digits of the request ID in KVG log file names to make it easier to group. • Minimized calls made to the plugin_passgen plug-in during request submission. 2.9 Reports and dashboards • Revise ‘Manage reports’ to ‘Reports dashboard’ in the tab and the title of the report landing page.1. group memberships that are consistent or not consistent with auto-assignment. • Improved performance of userclass procedures when submitting requests. This report shows the leverage provided by roles by calculating the percentage of entitlements from roles and the percentage of entitlements not included in roles.1. 2. All rights reserved. • Added the User and service metrics to list user and service statistics report. • Reduced calls to the plugin_authmod plug-in when submitting requests.8 Python / IDMLib • The IDMLib library has been enhanced to allow the encrypting of plain text and the decrypting of encrypted text.6 Mobile • Added support for load balanced environments for the Hitachi ID Mobile Access proxy servers. and group memberships by how they were assigned. This report compares numbers of group memberships by counting group memberships that are consistent or not consistent with assigned roles. • Changed IDMLib class DBCmd to support Python date types. 2. • Improved the performance of the plugin_attrval plug-in when submitting requests.1. • Improves performance of Python IDAPI functions. • Added the new report ’Compare numbers of group memberships’.1. 12 . 2. • Added the new report ’Role entitlement leverage’. Hitachi ID Password Manager Release Notes • Enhanced logging service to avoid KVG log files overwriting each other. the authorizer table will be hidden when viewing requests. 2. the request App and request details page will only show operations the authorizer is assigned to when an authorizer views a request. • Added system variable ADMIN_ATTACH_USERS_ONLY_TO_EXISTING_ACCOUNTS that will allow help desk users to only attach users to existing accounts.1.10 Services • Changed the AJAX service to close database connections when no longer required. 2.13 Workflow • Added system variables WF_HIDE_AUTHORIZERS and WF_HIDE_OTHER_OPERATIONS. 2. • Added system variable ADMIN_ATTACH_USERS_ONLY_TO_VALID_ACCOUNTS that will allow help desk users to only attach users to valid accounts.11 Usability • Added the DiscoveredSystemGetByAttr API function. When WF_HIDE_AUTHORIZERS is enabled.1. 13 . • Updated Hitachi ID Access Certifier search engines to support filter based on resource attribute. which is used for searching for targets based on discovered system attributes.12 Utilities • Removed the pwdsync utility. When WF_HIDE_OTHER_OPERATIONS is enabled.1. Inc.1. Hitachi ID Password Manager Release Notes 2. All rights reserved. © 2017 Hitachi ID Systems. 2.1 API • Updated UserSearch API such that it will return correct results when search by ALL_MANAGERS.5 Installation / Setup • Fixed setup.2 Applications • Disclosure options are no longer available in the Personal vault app for accounts created with no password.3 Auto discovery • Changed auto discovery to retain attribute information recorded on account creation. • IDM messaging service is removed upon uninstallation of Password Manager.2.2. 2. Inc. 2.x. 2. • Changed component hid_user_interface to rebuild both language and skins when a component updates the user interface. • Searches are now correctly saved in the Personal vault app for custom filters. Hitachi ID Password Manager Release Notes issues1003 2. • Corrected hid_policy_attrval_validation component to handle reservation of unique attribute value. All rights reserved.2. • Fixed issue so that the correct schema is used when creating database objects during product installation when the schema install user is defined.4 Component Framework • Changed hid_browser_fingerprint component to support longer client addresses.x instances.2. • Fix upgrades from pre-9.exe to support MSSQL Windows Authentication. 14 . • Fixed an issue with the search criteria in the Requests app when the search type is changed. • Added AuthMode support for upduserclassdsql to fix upgrades from 10.2. • Change IDAPI call InstanceList to check against reason rather than boolean to determine db_commit_suspend status.0. • Users are no longer allowed to check-out access while randomization is disabled in the Privileged access app unless otherwise configured. © 2017 Hitachi ID Systems.2 Resolved Issues 2. 2.8 Notification • Fixed an issue where authorizers where incorrectly getting multiple e-mail notifications for a single request. All rights reserved. • Modified the Login Assistant for MAC OS X to remove the Dock and Spotlight Search. • Fixed an issue with the Credential Provider to properly display the ‘Other user’ tile when logging in to Windows.2. • Fixed Transaction Monitor Service (idtm) to limit calls to VectorStageAdd stored procedure during request submission.2. • Minimized user class and userclasspoint cache recalculations during request submission. • Fixed an issue to ensure that the cgilocalr.6 SKA / Login Assistant • SKA installation requires CleanupProfiles policy to be disabled. © 2017 Hitachi ID Systems. 2. Inc. 15 . • Modified the Login Assistant for MAC OS X to ensure that the Safari session is restored to its original login state when logging back in to the SKA. • Changed IDMLib to allow simultaneous addition and deletion of resources in IDWFM_REQUEST_REWRITE_PLUGIN.exe plug-in for S_STATUS_EXT will run properly even when S_RESET_TO_PUSHPASS is set to Automatic.2. 2. 2. • The flags PreSelectTemplate. • IDMLib authorizer class catches invalid authorizer status and will place the request on hold.2.7 Mobile • Fixed a registration issue with the Hitachi ID Mobile Access application for Android mobile devices.10 Python / IDMLib • Python scripted connectors will properly process custom operations. Hitachi ID Password Manager Release Notes 2. PreSelectRole and PreSelectGroup are set when selecting a pre- defined request in the IDR module such that the hide screen functions will work properly for the request rewrite plug-in.9 Plug-ins / Event triggers • Updated search filter plug-in such that it will work properly when searching by a boolean attribute. • Modified the process and user interface for registering the Hitachi ID Mobile Access application from the Mobile devices self-service pages in Front-end (PSF).2. 2. • Corrected request details pop-up in reports to display complete information. Inc. • Added the "Last load time" to the Account/subscriber dependencies report. • Added new utility "smonmove" that changes the location of session monitoring data in the database in the event that the replication node becomes decommissioned. • Corrected an issue where the search criteria text file sent with emailed reports did not have the correct value for date and integer search criteria.13 Services • Fixed a potential issue in Database Service (iddb) to avoid hanging when it starts up while auto- discovery is running. 2. • Deleted users are filtered out of Incomplete roles and Role assignments reports. • Hide unnecessary search criteria in ’Profile’ report in summary mode. © 2017 Hitachi ID Systems.2. • Changed the AJAX service to close database connections when no longer required. 16 . • Operation dropdown in ’Implementers’ report now only contains operations relevant to implementers defined by different resources. All rights reserved. • Fixed an issue with the ’Profiles’ report to properly return user attributes when searching on managed groups. • Updated node assignments to force update of a service ID for a managed system policy in the event that a replication node is decommissioned. • Changed SendQueueThread to improve on node replication.2. Hitachi ID Password Manager Release Notes 2. 2. • Minor wording changes for certification reports. • Search criteria in reports is properly collapsing.11 Replication • High water mark warnings and e-mails are no longer triggered when a replication minimum queue length is equal to the maximum length.12 Reports and dashboards • ’Role assignments’ report no longer generates entries for invalidated users. • Reports can be generated while Password Manager’s language is set to Italian. 15 Usability • Changed the display of multi-valued attributes for user types to display the label for the attribute correctly. All rights reserved. Inc.2.2.0. • Fixed an issue so that the correct number of displays captured is returned for Sessmon after upgrading from 9. • After upgrading from 8. 17 .x. • Changed IDSYNCH_ID_PLUGIN to allow invalid users to be reused correctly.16 User classes • Changed user class cache processing to support omitted IDs. © 2017 Hitachi ID Systems. provided that GLOBAL_ MAIL_PLUGIN is correct.0.14 Upgrade • After upgrading from 8. • Request attributes with a value of ’None’ can be upgraded correctly. 2.2. • Guacamole session recordings can be viewed after upgrading from 10.2.2. • Default options for pamlite are now pre-configured after upgrading from versions before 10.0.0. 2.17 User interface • Changed request application to use attribute group display settings when updating a request.2 to current release users can successfully request memberships to NT groups. Database Service can successfully load groups with owners.2.0. • Improved upgrade process to refresh all configured e-mail events so that exit traps will work immediately after upgrade.x to current release. 2. • Custom reports in 8.0 to current release.18 Workflow • Changed requests submitted through IDAPI to retain the password set for account creation operations added later. 2.1.x releases can successfully be upgraded. the help desk dashboard can display help desk operations that were executed before the upgrade properly.2. Hitachi ID Password Manager Release Notes 2. • Removed unsupported reference type from advanced search for resource attributes.2 and 9. • After upgrading from IDM v8.x to 10.0.x and 9.0. All rights reserved. This will prevent e-mails being sent to authorizers too early. © 2017 Hitachi ID Systems. 18 . Inc. • Changed workflow authorization to evaluate authorizations consistently where the requester and manager are the same. Password Manager Release Notes • Updated workflow functions such that CheckBatchApprovalStatus events always run before any e-mail events. • Default values defined in attributes having a parent/child configuration will be displayed to users. 1.Password Manager 10.pam_disclosure_ssh components for Guacamole In-browser RDP and In-browser SSH disclosure plug-ins respectively.1 Auto discovery • Added ‘Use valid credential from template target system’ to the list of options for ‘Initial credentials to use when creating new local account’ in target system import rule. • Improved the performance of account creation requests through IDR module.im_corp_temporary_entitlement component to allow the updating of users accounts and profile. • Enhanced scenario. • Renamed scenario.1.pam_disclosure_guacamole_rdp and scenario.im_policy_authorization component.hid_authchain_smspin component to use system settings and display an error message when unable to send e-mail. • Improved authorizer assignment based on policy rules for functional. 3.2 Component Framework • Updated functional. • Added an option to functional.3 Performance • Improved performance to end user login. 19 .pam_disclosure_sqlplus component to allow users to connect to Oracle databases using SQLPlus.1 Features and Improvements 3.im_corp_termination component to use a fallback e-mail when the manager is not assigned.im_corp_self_service component to scenario.im_policy_authorization to allow the policy to be applied to matching resources only.0.2 3 features1002 3.im_corp_update_contact.im_policy_authorization component such that authorizer’s note will be populated into request details page. • Enhanced functional. • Enhanced component framework to allow the configuration of multiple search filters. • Added scenario. • Enhanced scenario. 3.1. • Added scenario. exe) performance when under heavy load. 3. 3.1. 3.1.py and call to smtplib() for when there are connection issues with the SMTP server. • Hover text in Requests app now displays and closes upon mouse click. • Improved style sheets to make it simpler for administrators to customize theme colours in the product.8 User interface • Added support for custom report pinning.5 Python / IDMLib • Added IDMLib support to load original request details for check-out extension. Hitachi ID Password Manager Release Notes 3. 20 . 3.4 Plug-ins / Event triggers • Added a timeout for global-mail-plugin.1.6 Services • Enhanced API Service (idapi. All rights reserved.1.1. © 2017 Hitachi ID Systems. Inc.7 Usability • Enhanced language translator skin to present a drop-down list of each language tag that that object uses by right-clicking. Inc. 3. 3.5 Mobile • Corrected issue where users are unable to navigate between panels in the Personal vault app if using a mobile device. • The ID case plug-in will be correctly set for the specified target when set outside the target configuration.2. © 2017 Hitachi ID Systems. All rights reserved. • Updated manage components so that it cannot remove themselves. • Default installation of credential provider package does not include the smart-card tile option. 3.2 Authentication • Cookie validation is temporarily skipped during authchain execution to allow the use of ‘forgot my password’ scenarios.4 Component Framework • Updated component hid-configuration to fix error when calling api_update() from some objects.2. • An API user with OTP IDAPI caller privilege can now be created through the UI.3 Auto discovery • Modified auto discovery to better handle errors associating accounts based on the same attribute having the same value. 21 .2.2. • Changed hid_user_interface component to allow non-default skins to be managed. • Changed hid_policy_wfemail component to use the default sender. Hitachi ID Password Manager Release Notes issues1002 3. • Fixed an issue where adding a product administrator with a CIDR mask via command line using adm_set. • Fixed the pam_disclosure_policy_plugin component to properly filter disclosures by ‘Group set’ Re- questType.exe fails with iddb error messages.2.2 Resolved Issues 3. • Fixed attribute validation to properly display notice that the user has validated the attribute change. 3.1 API • Changed Reservation IDAPI function to return a proper error when trying to reserve an attribute owned by a user that is no longer valid. • Modified the mobile user interface to ensure that menus.2. 3. and other screens are shown properly and fit better on mobile devices that have smaller screens. • Fixed an issue where opening Requests app occasionally runs into an error on mobile. 3. • Updated e-mail function such that Health check monitor e-mails can be sent via SMTP servers that requires authentication.2. © 2017 Hitachi ID Systems.7 Notification • %USERNAME% macro is now properly replaced in user notifications. mobile layout. The performance of the following reports and operations has been improved: – User class recalculation – Enrollment dashboard – Enrollment report – Accounts report – Orphan/Inactive report – Profiles report – Question set configurations report – Users qualifying for notifications report – Synchronization report 3. Hitachi ID Password Manager Release Notes • Corrected an issue in the mobile app so that users can now properly enter a request note. 3. Inc.2.8 Performance • Resolved an issue affecting the performance of certain user enrollment operations. 22 . • Fixed the size and position of the circular countdown timer in Personal vault app for mobile.6 Maintenance • Fixed the operating system version number reported by Windows 10 and Windows 2016 systems. • Fixed the position of the spinner and the loading overlay in mobile to now cover the entire panel while content is loading. All rights reserved.9 Personal vault app • Corrected issue where account passwords are not immediately updated in the Personal vault app.2. • Corrected issue where users were unable to submit check-out requests on Android mobile devices. © 2017 Hitachi ID Systems. • The request rewrite plug-in now allows rewrite requests that contain OrgChart or pluggable authentication module (PAM) session operations. • Corrected issue where users are unable to specify a file for profile and request attributes. • Fixed an issue where the ‘Next run time’ was not adjusted for different timezones on the Scheduled jobs page.12 PSL ANG • PSL ANG expressions must now be used when defining the list of proxy servers in discovery templates. All rights reserved. • Enhanced the display of report cell columns in PDF format.2. Also fixed an issue where the ‘Next run time’ for scheduled reports is incorrect. 3.2.13 Replication • Error message ‘Discovery may only be run on the instance that is configured to run auto discovery’ displays when trying to run auto discovery on a replica node. 23 .11 Profile attributes • Restricted value drop-downs in ‘View and update profile’ page now display ‘Select one’ by default for required restricted attributes.2. • Minor rewording for Saved configuration certification setups report. Hitachi ID Password Manager Release Notes 3. Inc.2. • Fixed a case mismatch issue when reusing profile ID with a different character case. regardless of default value setting. • Fixed an issue in workflow reports to use the proper immutable create date to indicate when the requests were created. 3. 3. 3.2. • Uncertified approved exceptions to Segregation of Duties are now shown in ‘Uncertified data’ report. • Improved the evaluation and validation of server proxies during auto discovery.10 Plug-ins / Event triggers • Fixed an issue that caused targetid not to propagate after being changed by a request rewrite.14 Reports and dashboards • Export report output and e-mail report in PDF format are now properly working. • Added Profile attribute report histogram. Moved the source proxy attribute for discovery templates to the $comp variable. 17 Upgrade • Fixed an issue to ensure that custom registry entries are retained when upgrading from a 32-bit instance to a 64-bit instance. • Fixed a bug where the pinning menu was not accessible on ‘Environment variables’ page. ‘User’. such as e-mails and reports are now being displayed in accordance with the user’s date/time preferences. ‘Link’.2. • Fixed URL when switching languages. • Star outline in Personal vault app is now clearly visible on all row backgrounds.16 Telephone Password Manager • Resolved an issue where Transaction Monitor Service (idtm) could make repeated attempts to delete a network resource that no longer exists. • Corrected advanced search issues in the apps that were caused by using account or discovered attributes in the search criteria. All rights reserved.2.0 to ensure that the 32-bit registry location for the instance is mirrored over to the 64-bit registry location.Radio’.2. • Fixed an issue in the external data store. 3. 24 . • Fixed an issue when upgrading from versions prior to 8.19 User interface • Request attributes of type ‘Boolean . • Navigating away from Target system information page with unsaved target address changes will now display a warning message. • Context mode of the translator has been fixed. • Improved navigation for using the back button in pop-up windows in the product. 3.2.18 Usability • Date/time information within the product.1. Hitachi ID Password Manager Release Notes 3. Inc. • The translator now works in grid mode. allowing users to search using the backslash character.15 Security • Disabled Internet option tabs (except Connections) from SKA. © 2017 Hitachi ID Systems. ‘Password’ are now supported in the apps. • Updated installer so IIS gets updated with font MIME types on 9.x upgrades. 3. 3. • Drag-selecting text or input fields in a selectable row will no longer trigger the row to be selected.2. 2. • Improved performance for DelegSubstituteList stored procedure in order to process delegations faster. Inc.20 Workflow • Modified Workflow Manager Service (idwfm) to process e-mail events more efficiently in order to avoid backlogs. • Corrected issue so that the response code is properly displayed in the hdd module for the agtsge7 connector. • Corrected issue so that the hdd module properly displays all multiple encrypted systems and accounts to unlock for a user profile. © 2017 Hitachi ID Systems. • Fixed an issue where tables overlap and checkboxes are minimized into an expand button when the screen is narrow in the ‘Change password’ page. Hitachi ID Password Manager Release Notes • Fixed the display for SoD exceptions in Requests app to not show an unnecessary dash next to role names. 3. All rights reserved. 25 . 1.2 Authentication • Added browser fingerprinting component.dll – ajaxmobileauth.dll – ajaxrequests.1.dll – ajaxdashcollator.dll – ajaxusersettings. 4.1 4 features1001 4. hid_browser_fingerprint and hid_authchain_fingerprint.dll – ajaxprivilegedaccess.Password Manager 10.dll 26 .dll – ajaxsession.dll – ajaxsearchcollator.0.dll – ajaxsearchactions.dll – ajaxlanguage.1 API • Enhanced TargetAttributeGet API function to include additional data.dll – ajaxsessmonplay. which will attempt to uniquely identify users based on attributes of their web browser.dll – ajaxpersonalvault.3 Installation / Setup • The following new dlls will be installed into the <instance>\service\ folder: – ajaxcheckpasswordrules.1.dll – ajaxsessmonparams. 4.dll – ajaxplugin.dll – ajaxreportcollator.1 Features and Improvements 4.dll – ajaxsessionmonitor. • Advanced search options in Requests app now allows searching by relative date. • Added functionality for searching and browsing lists in pop-up windows when specifying input fields in Privileged access app and Session monitor app.2.2 Resolved Issues 4. • Users can now be redirected from an external link.4 Plug-ins / Event triggers • Removed unused IDARCHIVE_FILTER_PASSWORD_PLUGIN variable.1 API • Resource API functions correctly set attribute group manipulation operation. Hitachi ID Password Manager Release Notes 4.1.1. 4. • Added functionality for copying account passwords in Personal vault app. 4.1. Inc. to Requests app.1.2. issues1001 4.5 Upgrade • Replaced ‘Patch’ option on setup page for minor release upgrades with ‘Upgrade’ for both main instances and connector packs. 4. 27 .7 Workflow • Added recipient search in report driven pre-defined requests.6 User interface • Added ability to switch between mobile or desktop view before logging in. • The host case generator is properly validated in both the web interface and the API. All rights reserved.2 Authentication • ‘Bypass security check provided by this module’ in help desk authentication chains is respected. 4. © 2017 Hitachi ID Systems. such as from an e-mail. • Enhanced the error messages for mobpushcli. • Corrected issue where QR codes do not regenerate when using mobile authentication.4 Logging / Health check • Modified behavior so that the Hitachi ID Health Check scheduled task is removed and re-installed during a patch. 4. 4.exe when mobile push notifications cannot be sent successfully to the mobile devices.3 Installation / Setup • Uninstall removes component and customizations artifacts.6 Miscellaneous • Clarified connection timeout error message from SSH connector (agtssh) by providing specific information such as the address and target ID. • Modified product installation to stop and disable HID scheduled tasks before proceeding.2. Hitachi ID Password Manager Release Notes 4.2.exe on Windows 8 64-bit for a user that has web notifications no longer causes script errors when the browser opens. • Fixed database foreign key constraint errors caused when upgrading a Hitachi ID Privileged Access Manager instance that has inactive managed accounts.2. • Newer versions of Microsoft Visual C++ Redistributables no longer prevent the installation of Password Manager.7 Notification • Launching psntfclient.5 Mobile • Corrected issues that resulted from specifying incorrect values for QR code durations for mobile authentication. All rights reserved. 4. • Modified the iOS Hitachi ID Mobile Access application to ensure that push notifications may still be sent to iOS mobile devices when the notifications have been disabled and then re-enabled from the iOS settings for the application. • Improved link navigation when using applications on mobile devices.2. • Fixed an issue to prevent a connection timeout when contacting the Apple push notification server when notifications are sent to mobile devices. 4.2. 28 . © 2017 Hitachi ID Systems. Inc. Inc. • Updated IDMLib core module to improve login security. 29 . • Improved the reliability of login with e-mail PIN. Session monitor app. • Attribute validation plug-in messages now appear in the Requests app when selecting a request. • Added a more user-friendly error message to the authchain selector component in situations where the plug-in output does not contain valid data. 4.8 Password management • Resolved an issue where associated accounts excluded by FILTER_ACCOUNT_PLUGIN could have their passwords reset alongside other accounts in their target group.2. • Changed IDAPI proxy helper class in IDMLib to support threads gracefully.2. 4.2. 4. © 2017 Hitachi ID Systems. • Corrected behavior so that existing and new accounts are properly listed when an ID filter is defined. • Changed IDMLib logging to emit separate file while the IDM Logging service is stopped. • Updated authmod methods to create the phase if a phase is specified but does not exist. 4.12 Profile and request attributes • Modified Privileged access app. All rights reserved.2. 4.11 Plug-ins / Event triggers • Corrected issue where some e-mail variables used in exit traps were not populated. and Requests app so that profile and request attribute values are displayed correctly.2. Hitachi ID Password Manager Release Notes 4.9 Password policy • Password policy rules must not have N occurrences of the same character and have at most N pairs of repeating characters are now case sensitive.2.13 Python / IDMLib • Improved components to evaluate expressions included in policy tables.10 Performance • Improved reliability of Database Service (iddb) and API Service (idapi) in a high stress environment. • Fixed an issue where managing components stopped accepting requests. 14 Reference build • The pam_authmod_policy_plugin component can now handle managed groups that contain users without profiles for determining authorizers. 4.2. • Modified behavior of the pam_disclosure_policy component so that access disclosure plug-ins also need to be configured in the managed system policy.0. • Fixed replication watermark and queue full logs to respect ratelimit. • Corrected issue so that conflicting passwords can be automatically resolved when an Oracle data replication node is part of the replication environment. 4.exe is no longer available when upgrading instances from versions earlier than 10.15 Replication • Registry settings are now correctly handled when nodes have different installation paths.1. • Fixed a potential crash when upgrading a saved report in vertical mode to current IDM version. © 2017 Hitachi ID Systems.16 Reports and dashboards • Fixed an issue where download of saved report graphs failed. • Modified behavior so that the Hitachi ID Messaging Service is removed and re-installed during a patch. • Backing up files using setup. 30 . 4.2. Hitachi ID Password Manager Release Notes 4. • Fix an issue in upgrade process so that iddiscover can detect and invalidate accounts in post 8. • Pinned reports and graphs now display appropriate error messages when users try to access them in replicated nodes.2.2.17 Upgrade • Modified behaviour of product installation so that an error message dialog box is displayed when components fail to be upgraded successfully. • Corrected issue where resynchronization overwrites timestamps with the current time. 4. Inc. All rights reserved.18 User classes • Radio button is correctly selected and applied in ‘Membership Criteria’ after updating.x upgrade.2. Hitachi ID Password Manager Release Notes 4.2.19 User interface • Corrected a minor ‘Show/hide columns’ tab display problem across pages. • Improved the use and display of UTC time offsets. • Fixed an issue when customizing skins for common styles in the user interface. • Hovering over the PSA console menu or RPT module menu when it exceeds the browser size vertically will now provide arrows to scroll through the menu items. • Corrected issue where all skins were not rebuilt when installing some components. • Custom app filters now save a basic search correctly. • Front-end (PSF) homepage links are updated when closing an app. • Fixed the apps to display relative date as request submit date. • Style.m4 calculates header height and will adjust accordingly depending on custom logo height size. Other UI position fixes for searchAction bar, status message positioning and icons on header for mobile view. • Listing tables are responsive and will provide an expand button (+) to display additional information if the browser size is too narrow • User is able to refresh the ‘Request List’ and ‘Request Details’ page successfully with the IDS_LEGACY_ENABLED option enabled in IDS module. • Enhanced manage components web UI to provide warnings when the required messaging service is unavailable. • Improved usability of priority sorting lists, such as authentication priority, identification priority, and attribute group members. • Customizations for custom operations in pre-defined request are correctly reflected in Requests app. • Updated components web UI so that selection can be cleared after install. 4.2.20 Workflow • The MAX_AUTH_ALLOWED system variable will be correctly applied to the resources in a request. © 2017 Hitachi ID Systems, Inc. All rights reserved. 31 Password Manager 10.0.0 5 features10 5.1 Features and Improvements 5.1.1 Add-ons • The OS/400 exit program has been improved to allow the installation on iSeries 7.2 operating system and use the latest encryption protocol used by Password Manager. • Dropped support on Lotus Notes lower than 8 for the Lotus Notes Extension client tools (psns.msi). • Added a Universal CRT check to the Login Assistant installer. An error message is presented to the user if the Universal CRT is not installed on the machine before Login Assistant is installed. • Removed Firefox support module from Hitachi ID Login Manager. • Enhanced cgilocalr/pslocalr to handle multiple domains within an Active Directory DN forest. • Added non-IE browser(Chrome and Firefox) support to pslocalr. • Hitachi ID Login Assistant installer is now available for Mac OS X allowing users to reset passwords from a Mac workstation. • GINA is no longer installable on older operating systems, such as Windows XP or Windows 2003. ska*.msi can be used to run a successful installation of Hitachi ID Login Assistant on Windows 7 or Windows 2008 R2 and higher. 5.1.2 API • The UserGroupsGet API function has been enhanced to allow the listing of a user’s indirect membership to groups. • The UserGetByGroup API function has been enhanced to allow the listing of users from child groups. • The WFRequestActionsSet and WFRequestActionsGet function support the child group options for adding and removing nested groups. • The IDAPI has been enhanced to allow the listing of users and group in both parent and child groups. • Changed IDAPI to report an error for managed groups that are managed by auto resource assignment. • Added a new Administrator privilege "Guacamole IDAPI caller" to limit Hitachi ID Systems API Ser- vice (IDAPI) calls to only those allowed for Guacamole. Added a dedicated Guacamole IDAPI user "_API_USER_GUACAMOLE". 32 Hitachi ID Password Manager Release Notes • The ability to submit a workflow request in a single API call has been added to the Hitachi ID Systems API Service (IDAPI). • The following updates were made to support enable/disable of user profiles in workflow: – New operation added to workflow requests to support enabling and disabling of user profiles. – New operation type added to WFRequestActionsSet idapi function to support enabling and disabling of user profiles. – New resource type added to idmlib request to support enabling and disabling of user profiles. – New resource type and operation type added to PreRequestMemberAdd/Delete idapi function to support adding/deleting profile operations into pre-defined requests. • Added options to IDAPI function call RoleResourceList to specify which kinds of resource members to return. • CertStartSingleUserRound API now accepts groupmembertype as a parameter. See idapi.pdf for details. • The IDAPI ResourceCreateSet function can set the ’Groups whose membership will be listed:’ options by setting TARGET_LIST_MEMBER_TYPE. • Enhanced API to support authentication, performing the function and logging out in a single API call. • Added an implementer policy component to the component framework. 5.1.3 Authentication • Enhanced the installer to properly check for invalid characters in username and password fields for database authentication. 5.1.4 Auto discovery • Auto discovery has been enhanced so that it can be run on a limited set of targets. This is more efficient than doing a full discovery, as it limits the amount of data that the discovery process must consider. • Added the ability to enable/disable incremental listing during auto-discovery. • Modified auto discovery, so that invalid user data can be cleaned up even if psupdate is run in parts. • Added the "Groups whose membership will be listed" option to the auto discovery section for target system information. • Removed obsolete auto discovery plug-in for (un)binding discovered systems and discovered members. Removed obsolete options for discovering new target information and members in auto discovery utility (psupdate). • Enhanced psupdate utility. © 2017 Hitachi ID Systems, Inc. All rights reserved. 33 -dbserver.5 Branding • Re-branded SKA by updating the existing title "Local SKA" to "Login Assistant". • Unified PAM database tables ’wstnuser’ and ’xwstnuser’ into a single table called ’pamaccountpoli- cies’. • Windows 2003/XP are not supported as local workstation mode targets. All rights reserved. • The installer will install all product binaries regardless what license is used. 5. • The External Data store will allow the use of HTML in the column descriptions. • Remove following parameter from setup.exe -useoracle. whether successful or not. • Support for server 2012 core mode has been included. © 2017 Hitachi ID Systems. • Changed install in order to add _IT_SECURITY_ by default.7 Installation / Setup • Added a Universal CRT check to the pre-installation check for the product setup to check for the existance of the KB2999226 windows update hotfix and Visual C++ Runtime 2015 redistributable pre-requisites. Hitachi ID Password Manager Release Notes 5. Inc. • Enhanced installation by providing a warning at the ’Pre-Installation Check page’ when the wrong version of python is installed. • Excluded vault-only systems from the number of used systems in a Hitachi ID Privileged Access Manager (PAM) license.1. 5. -dbusername and - dbuserpwd. get recorded. 34 . 5.1.6 Database • Changes have been made to loadplatform.exe in order to detect and report on target template differ- ences.1. -usemssql. • Introduced new produce "Hitachi ID Oracle Data Replication Service" for oracle data replication. • The Microsoft Visual C++ 2015 Redistributable (x64) will now be installed by the installer during the pre-installation check if it is not previously installed. • Modified behavior of managed account passwords so that passwords from all randomization attempts.8 Licensing • Template system and system import rules made available on Hitachi ID Identity Manager (IM) and Hitachi ID Password Manager (PM) licenses.1. • Added HTTPS support for communication between the Mobile Worker Service (mobworker) for URL of the local instance and the instance for BASE_IDSYNCH_URL. Added the ’URL of the local instance’ parameter for load balancing support for the Mobile Worker Service for Hitachi ID Mobile Access.cfg configuration. 5. Added the mobpushcli utility to send push notifications to Android and iOS mobile devices. 5. • Unexpected errors in IDM Suite stored procedures will now be logged in Windows Event Viewer. © 2017 Hitachi ID Systems. • The Scenario. • Added extended log level option for recording performance runtime messages for Ajax requests. • Updated psdebug to add a perf_replication extended log flag. • Deprecated support for iOS 7 and earlier for theHitachi ID Mobile Access application. • Added new licensing model using Hitachi ID Group Manager (GM) and Hitachi ID Password Manager (PM) ’limited license’. • Added an authentication chain module for Mobile Access two factor authentication to allow for a qr code from the Hitachi ID Mobile Access application to be used. Inc. which logs messages relating to replication events and procedures. All rights reserved.9 Logging / Health check • Modified logging so that idmsuite.log can be configured to exclude certain type of data based on idmlogsvc. • Added multiple profile support for the Hitachi ID Mobile Access application that and allows a mobile device to be registered under multiple Hitachi ID Suite instances. • The orchestration issues health check monitor component has been removed from the product.1.pm_push_notification_enrollment and Scenario. Hitachi ID Password Manager Release Notes • Modified components license information by removing ’installed’ and adding ’limited license’ • Added a limited licensed Privileged Access Manager(PAM) module to allow access to PAM pages and functionalities for all non-HiPAM licenses. 35 . – Removed mobile skins and added a new responsive default skin that is adaptive to different mobile devices and browser sizes. • Added Health check component to replace legacy Health check from the product. • Added back button support in the Hitachi ID Mobile Access application. 5.im_pam_push_notification_enrollment have been added to the component framework to allow push notifications to mobile devices.1.1 User interface – Static popup pages fit the screen on mobile devices.1.10.10 Mobile • Enhanced the Mobile Proxy Service (mobproxy) to be able to send push notifications to Android and iOS mobile devices for users that have a registered Hitachi ID Mobile Access application. • Group segregation of duties (SOD) rules will detect both nested group violations with domains and on cross target groups (NT local groups).10. a warning message will be displayed to the administrator when he or she accesses the role or segregation of duties rule pages in PSA. Enhanced the Enrollment report to add "Mobile devices" for the enrollment type to be able to show information for users that have registered a mobile device. 5.10. child groups only. This is set before a round is started and applies to all group entitlements. • Added relative dates to applications.1. 5.1.3 Reports and dashboards – Enhanced the Enrollment dashboard to now be able to show the enrollment statistics for "Register mobile devices" for users that have registered a mobile device.14 Password management • ID filter rules now correctly handle all cases when attributes are used to construct profile IDs. or both. Hitachi ID Password Manager Release Notes 5.1. All rights reserved.1. 36 . Inc.1.1.2 Add-ons – Mobproxy is now shipped as an . 5.13 Notification • Enhanced web and psntfclient notification pages so that users are redirected to notification page if there are outstanding notifications and redirected to home page if all notifications are fulfilled. 5. • Changed IE support to a minimum of IE11.rpm installation package along with other add-on software. • Managed account groups have been renamed as Managed groups. However. the old request pages can still be accessed (and notifications enabled for them) by enabling the option in the module. • If the configuration of a role or a segregation of duties rule is being reviewed in a certification round. • Request notifications now redirect users to the new request app. 5. © 2017 Hitachi ID Systems.11 Managed Account Groups • Entitlement certification rounds now have the option of reviewing only group account members.12 Miscellaneous • Binaries are now all dual signed with SHA-1 and SHA-256 signatures using the SHA-2 certificate. allowing it to authenticate users on behalf of several popular web applications. • Added Firefox and Chrome support for native access disclosure controls. Also.exe to to generate a list of targets. these are called when a user is successfully identified by the instance. © 2017 Hitachi ID Systems. Added new exit trap AUTH_CHAIN_SUCCESS / AUTH_CHAIN_FAILURE. • IDM Suite now supports SAML federated login. triggered during user authentication: – USER_IDENTIFY_SUCCESS – USER_IDENTIFY_FAILURE – AUTH_CHAIN_SUCCESS – AUTH_CHAIN_FAILURE The USER_LOGIN_SUCCESS and USER_LOGIN_FAILURE events are now called only once per login attempt. instead of once per authentication script. which are used to track federated login. • Added an additional pswxtsvc disclosure plug-in to support the updated Windows NT Server address format. These are used to configure authentication chains for SAML requests. • Deprecated support for the Windows LDAP trigger (psldap-sunldap. • Fixed an issue where password reset may fail if dcselect is used to generate a list of target system and target administrator is defined in NT4 format. these are now called when a user completes the authentication process. Hitachi ID Password Manager Release Notes 5. Removed the USER_LOGIN_START exit trap. Removed exit trap USER_LOGIN_START. which is triggered whenever an authentication chain is executed. which did not distinguish authorization and identification events. which has been replaced by USER_IDENTIFY_SUCCESS.dll). • The subgroup adds and deletes can trigger exit traps when the operations are successful or not.exe. and support for extdb table SP_ACCESS. Inc. 37 . • Added exit traps FEDIDP_IDENTIFY_SUCCESS/FAILURE and FEDIDP_AUTH_SUCCESS/FAILURE. at the conclusion of an authentication chain. added one-time ability to view native access disclosure controls. • Updated exit traps USER_LOGIN_SUCCESS / USER_LOGIN_FAILURE. • FILTER GROUP MEMBER PLUGIN has been added to filter nested groups. • Added Search filter plugin to filter search results from selected search engines. • Changed batch request to display more detailed error messages when plugins fail. All rights reserved. Adds the following event traps. • Added exit traps USER_IDENTIFY_SUCCESS and USER_IDENTIFY_FAILURE.1. Patching the instance will update the associated system variable accordingly. • Add plug-in fedidp-cs. • Added a new plug-in to determine if a request viewer should see the authorization details.15 Plug-ins / Event triggers • Improved reliability of using dcselect. Hitachi ID Password Manager Release Notes 5. • Updated workflow reports to include operations with nested groups. Inc.16 PSL ANG • The SSH script connector will not crash when using the trim() function in certain situations. • Update reports to display date format. memberOfByNameNested and memberOfBySIDNested. for evaluating group memberships in managed accounts import rules. log analyzer.18 Reports and dashboards • Enhanced Pre-defined requests report by adding a new column "Completed with mixed authorization statuses" to usage mode. All rights reserved. which is used to count the number of requests containing different authorization status within each request.17 Replication • Added additional database. • Added a new filter to the Event log report to show only Help desk events. • Added two PSLang functions. and healthcheck files to the blacklist for replication. • Added new report ’Configuration certifier details’ to show details of configuration certification rounds assigned to the certifier. time format and time zone according to users preferences for the resources category.1. 5. • Modified the format of macros for filename fields in reports to be suitable for file names. • Added macros for message and note fields in reports with new macro expansion formats. • Modified help desk dashboard by adding a user search and improving layout for subdashboards. 5. Changed format of date macros from MM-DD-YYYY to YYYY-MM-DD and fixed formula that calculates hour in 12 hours clock. • The Search requests report has been modified to distinguish between requesters and recipients in the headers for the profile attributes that are returned for the report. © 2017 Hitachi ID Systems.1.1. 38 . • Groups report has been updated to include child groups and indirect group members. • Enhanced the Discovery template to allow pslang expressions in the proxy field. to be updated in docs. • Added new drill-down window feature to graphs within reports in order to provide more in depth information. • Added capability to Help desk dashboard to show graph for top 5 statistics. • Updated Certification details and Certifier details report to display the actual certifier for delegated certification rounds. • Added drill-down functionality to the Help desk dashboard. • Added new role mining report to discover clusters of users based on profile and request attributes as well as entitlements. • Added drill-down capability to the graphs in the group sets dashboard. • Enhanced certification reports by having certifcation round descriptions clickable and when clicked. • Reports can now be exported to DFS namespaces. 39 . • Enhanced Sent Notifications report by having drill-down chart functionality. Password Manager Release Notes • Added two new columns("Target system ID" and "Target system Description") for Resource type: Managed account group in Request popularity report. • Added drill-down functionality to the Request Volume trend report. • Added drill-down to Group set access check-out trend report. All rights reserved. Inc. Removed Current activity from Certification dashboard. • Added drill-down functionality to Daily notifications report. • Added new report to list explicit users who had been added to or deleted from user clases. • Enhanced summarized ’Assigned entitlement’ report performance in a large environment. • Added a system variable DASH TIMEOUT DELAY to set dashboard cache recalculation maximum timeout. a popup page with information about the round will be displayed. • Changed the "Request status" header to "Synchronization status" in the Report > System operation > Synchronization report. • Added drill-down functionality to the Onboarding and offboarding trend report. • Enhanced Reports by allowing templates to be clickable. • "Notification description" column is added to the Daily notification statistic report tables. • Enhanced reports to display request id as link. • Added new report drill-down functionality to generated graphs in Question Set configurations report. • "Use within the last N days" and "Use N or more days ago" options are now available for defining a date range for reports. • Added a popup menu to overlapping points on the managed account access trend dashboard line graph in order to allow the user to select which line series to drill-down into. • Added drill-down functionality to Enrollment dashboard. • Enhanced authentication chain reports by adding drill-down functionality. • Added drill-down capability to the user profiles dashboard. • Add drill-down functionality to Certification dashboard. • Enhanced Reports by allowing pre-defined request IDs to be clickable. © 2017 Hitachi ID Systems. in hours. • Added drill-down capability to the graphs in the managed accounts dashboard. • Performance metric report now displays PDRs as clickable links. • Modified the date and time formats to a standardized format for all Certification reports. © 2017 Hitachi ID Systems. • Made changes to dashboard to allow pinning dashboard objects while highlighting them. • Merge subtotal date columns into one in reports. Inc. • Enrollment dashboard can now be pinned to home page. • Added a circle data point in dashboard line graphs to make it consistent with report line graphs. • Added new column to the auto-assignment setup report to include child group auto-removal status. – Saved configuration certification setups.3.1. • Enhanced Roles violating segregation of duties rules report to support nested groups. All rights reserved. they cannot be re-run. • Changed Trend reports and Performance metrics report to adjust search date to comply with the specified interval unit. • Saved reports are preserved through upgrade of 7. • Add drill-down functionality to the Requester and recipient affinity report. • Added the four new search criteria (min/max # of distinct values and min/max % of users with a value) to Profile attribute coverage report. • Enhanced the Enrollment dashboard and report as well as access for the View enrollment dashboard administrative privilege to be available for all licenses. Hitachi ID Password Manager Release Notes • Added new Privileged access operations report: "Privileged access frequency analysis". Also. • Modified the date and time formats to a standardized format for all Users reports. • Revised existing certification reports to handle only entitlement certification. However. • The privileged access license information dashboard object can now be pinned. • Certification dashboard can now be pinned to home page. • Added search criteria ’request attribute’ in search request report • Certification of entitlements reports have been updated to return console only user properly. • Enhanced report "Resources per user" to report access privileges for console only user properly. 40 . • Enhanced dashboard drill-downs to display user configured preferred date/time formats. • Users are able to pin pages or objects on pages. added 2 new reports for configuration certification: – Certification of configurations rounds. • Cleaned up search field prefixes to make search fields easier to use.20 Services • Updated the Idarch service to handle manual reset requests for multiple (accountid. Group type. • Added new search bar in the page header that offer suggested page links based on the typed key- word(s). and custom resource attributes. 5. • Enhanced protection against Cross site scripting (XSS) attack on profile attributes with Link type 5.19 Security • Improved browser security by preventing our product from being loaded in non-local frames. • Added authentication chain module "Fedidp_assert". • Modified instance name to allow names that are shorter than three characters. • Enhanced navigation usability in Hitachi ID Org Manager (HIOM) © 2017 Hitachi ID Systems. 41 .1. Inc. • When using advanced search to search for a managed group. • fedidp_ident authentication chain module is created in order to intercept and save the SAML request and perform any initial triage and validation. All rights reserved.21 Usability • Report graph and data table can now be pinned to the home page. which is used to generate signed SAML asser- tions from a SAML authorization request. Hitachi ID Password Manager Release Notes 5. workstation) pairs. • Added hover menu to ease navigation across the product.1. • Resource descriptions on the pre-defined request summary page and report to PDR summary page are now displayed as clickable links. • Improved usability by saving contents of note/reason field to the request details page. the following attributes can be used in the search: Is security group. Owner. Parent group ID. • Improved all of the search engines for a better look and functionality and to include an AJAX interface and infrastructure to provide dynamic searching.1. • Improved user experience with product by limiting scope of popup window to warn about loosing unsaved content. • Added functionality to ensure old address line inputs are cleared as soon as target type is changed. • Enhanced the Target system address configuration page to retain user-entered values for required and non-required parameters when the address parameters are blanked out. • The CGI will accept valid content types that can be used in authentication chains for pre-authorization. • Enhanced priority ordering pages by using drag and drop. 1. • Added a system variable to handle the selection of "Records per page" to be displayed on search pages. All rights reserved. 5. • Requests are universally displayed as clickable links. 42 . • The PSA_LOGIN_DISABLE system variable has been removed to no longer allow direct login to the Administrative console (psa).1. © 2017 Hitachi ID Systems. • Enhanced user interface customization to include widgets. • Users can view whether a group is a security or a distribution group when requesting group membership. • Administrators can view and filter search results based on a group’s type and whether it’s a security group or not. • Corrected the request details page to correctly render the "Escalate now" button. • Rename operation label "View / Update profile information" to "Update profile". 5. Inc. • Added a numerical ’percentage complete’ to the certification progress bar to increase readability. • Added new feature to allow users to customize the home page layout. • Minor edit to ’View and update profile’ pages. • Remove the "Advanced search help" link • Modified address input style by removing ability to manually enter addresses. • IDAPI functions have been added to allow the testing and configuration of multi-participant user class points. • Enhanced functionality by adding clickable accounts that display information about the account. Hitachi ID Password Manager Release Notes • Enhance usability by merging ’Choose PDR’ and ’View profile’ pages. • Updated Certification segments page to display entitlements and configuration segments in separate tables. • Modified text in HIAC from ’Certification configuration’ to ’Certification setup’ Renamed ’Resources not in saved configurations’ to ’Resources not in saved certification setups’. • Updated text of the link to review certification rounds under Compliance and audit.22 User classes • Added error message when required authorizer is not mapped in user class point.m4.23 User interface • Added the option to user interface skin customizations to support the override using sytle-custom. by forcing the use of the address wizard only. with no re-direction to PSW module. used to generate certificate store data used for federated login. so that. All rights reserved. • A ’Check all’ checkbox has been added to search table headers. Configuration is now called Certification setup. enabling users to select an alternate language from a drop down menu.exe.exe. managed accounts. • Added -idfiledir to upddid.write_file utility to write an . Internet Explorer 11 is the only fully supported version. • Updated screen so that users can see which groups they already have indirect membership to. • Added black list and white list for UserAccountSearch search engine. Hitachi ID Password Manager Release Notes • Change embedded help links to show link separately. • Clickable links made available for user profiles. • If multiple languages are installed. product now includes a language selector in the top right hand corner. • Redesigned the Password Manager user interface. • Enhanced request details page to handle check out button properly when no account can be checked out. • Added options -delete and -deletemaxage for dbarc. • Fixed idmemail. Inc. managed systems and target systems. the check out button now appears with a magnifying glass which allows a user to view more information on the check out. 43 . -idfiledir represents the folder used to store retrieved digital ID files. • Rewording changes in Hitachi ID Access Certifier (HIAC). when they are requesting group membership changes. 5.1. • Users are able to pin pages or objects on pages for the following dashboards: – PAM Managed accounts – PAM Group sets – Account sets. This flag is used to determine whether the user is able to request access for an undefined network resource from the Shell Extension utility. • Added a new section called "Conflicting passwords" to handle managed accounts that have more than one candidate password. © 2017 Hitachi ID Systems.24 Utilities • Added fedidp-util. • Added support in loadplatform for setting the directory for loading agents. • When viewing the status of a single account or account set request. • Modified the check-in button from requests details page (IDS) so that check-in happens with a single click. • A new system variable (IDR NETWORK RESOURCE VALID ONLY) was added under the IDR module options.eml file for every To recipient.exe. • When Microsoft Internet Explorer is chosen to navigate features on Hitachi ID identity and Access Management Suite. old archive data can be deleted in bulk from the database. • Reword text from ’access certification’ to ’entitlement certification’. • Updated the search engine for the download recorded sessions page. • Request Application support acting as a delegate/escalate. • Improve workflow manager performance on authorizer email notification under heavy load. 44 . • Implemented cache control for search engines.1. users are warned to refine their search. Inc. • Enhanced pre-defined requests by displaying proper information in the summary page. as it can legitimately have large data posted to it. • Updated the search engine for the recorded sessions request table.exe module is removed. • Nested group memberships are evaluated during segregation of duties rules evaluation.25 Workflow • Added functionality for alerting authorizers when users or their user class have never checked out the requested account before. • Upgraded the ResourceGroupSearch engine for Password policies. All rights reserved. • Enhanced SesslogSearch search engine in order to make it more usable and user friendly. • Enhanced resource inheritance when choosing not to inherit by allowing users to be able to choose the implementer that was chosen at target level. • POST content length limit for dbe. • Locations can now only be updated in the Inventory menu when managing the system. and Privileged access to systems. • Added a Clone button under the Target system information page that will clone a target and its configuration/attributes. If there are more matches. • Resource operations for targets can be now set group-group add and group-group delete operations. • Enhanced consistency by having the proper module set with the corresponding actions. Hitachi ID Password Manager returns a maximum of 10. • Added attribute support to the advanced search criteria in the discovered accounts table. • Updated the search engine for managed system policy tables. • Added four new advanced search keys in blackboard advance search. • The group-group-add and group-group-delete operations are correctly passed to the agents when submitted to the workflow manager. • "Stop managing all groups" button prompts message that displays the success and failed counts (if applicable) of all unmanaged groups. Password Manager Release Notes 5.000 matches by default. • Added implementer and escalation support to the search request application. • Updated the search engine for the remove recorded session packages page. © 2017 Hitachi ID Systems. • Added dynamic headers for search data tables that allows some data columns to be shown/hidden and sorted. The inactive state applied when an object that passed an import rule no longer passes it. • Fixed an issue with emailsmspin. Now. All rights reserved. fixed loadalias. • The ability to create a pre-defined request for Network resource has been added.pss authentication chain to generate correct emails. and the "Archive failed evaluated objects if they were managed before evaluation" box on that rule is not checked.2 Authentication • Authentication chains will correctly handle invalid authentication chain behaviour. until it is archived.2 Resolved Issues 5. • Fixed so that invalid user data can be cleaned up even if psupdate is run in parts.2. so it will still be randomized. 45 .2.1 Add-ons • Fixed Hitachi ID Login Assistant to support Internet Explorer 11 mode and web fonts to ensure all icons are displayed and functioning as expected.2. • Added protection to avoid adding resources to a pre-defined request that will cause the pre-defined request in violation of a segregation of duties rule • Fixed an issue with the list timeout for connectors where it could occasionally cause the connectors to list indefinitely. • Users can now login using case insensitive email address. Hitachi ID Password Manager Release Notes • Enhanced segregation of duties (SOD) violation checking to detect violations caused by role and child groups. • Enable advanced search for finding certification resources.3 Auto discovery • Corrected template targets not to be listed by proxy server. • Enhance delegation process by having option to delegate only workflow requests. 5. © 2017 Hitachi ID Systems. issues10 5. • Added search functionality in the request application. Inc. 5. • For Hitachi ID Login Manager. the object remains active on the policy.exe to attempt passing alias information to only accounts that are on the specified target and give proper return codes. • Updated ’Delegate certification segment’ pages to support the Configuration certification segments. • The ’inactive’ state for managed systems and accounts is no longer available. implementer tasks or access certification. Pslang connectors will also duplicate the values with the "sysid" and "syspw" keys for backwards compatibility.2.2. 46 .7 Logging / Health check • Resolved an issue where setting PsTempDir to a value that contains. © 2017 Hitachi ID Systems. 5. • Changed psa to properly display the Authorization tab warning icon. Inc. but does not exactly match the instance name would cause incorrect log rotation. • Improvement on warning message for synchronous exit traps. • Corrected an issue to ensure import rules containing a condition that matches a long distinguished name do not get truncated on SQL generation. 5. • Removed over limit license sleep delay so that the user interface response will not slow down once license limit exceeded. • Fixed issue where pre-defined requests for "Non-user-based" recipients could not be created after upgrade. • Fixed an issue in the installer to honor all the settings from the setup.inf file.4 Database • loadplatform will now report database or script errors on the command line when a missing/invalid name failure occurs.otherid column size.5 Installation / Setup • Updated instructions in samples directory to reflect current convention on where to store image files. • Increased rtaudit. 5. • IDMSuite installation now creates a database with a simple recovery model. • Modified upgrade scripts so that system variables that contain a boolean value do not get overridden after upgrade. All rights reserved. • Locking out certain queries to resolve an issue where SQL error handling could fail. Hitachi ID Password Manager Release Notes • Added back the "sysID" and "syspassword" keys for all connectors and for backwards compatibility for targets that support the system id and system password credentials. • Added support in the hid_loaddb component to allow use of remove_duplicates decorator.2. 5.2.6 Licensing • Attribute options are open to Hitachi ID Privilege Access Manager (PAM only) license for ’Account change history’ and ’User and account history’ audit reports. log at the time needed.8 Maintenance • Fixed an issue in loaddb when the accounts on the source of profile (SoP) do not have a value set for the attributes (meaning they should not get a profile). • Removed Workflow Manager Service (idwfm) warning message to display. 5. • Modified the error message on target system information page to return a descriptive message about an agent operation failure. © 2017 Hitachi ID Systems.2. "PAM requests do not require processing" for event EVENT_RECIP_EMAIL_BATCH_PROCESSED.2. 5. • Remove redundant timezone string from report notification messages. 5. by first detecting if a port is already in use.10 Miscellaneous • Updated API documentation for ReserveCheck function. • Fixed health-check script so that a database lockdown is not caused. Inc.exe to cache messages and dumps to idmsuite. All rights reserved. • Fixed checklogs errors regarding component framework. • Modified the process to start a service. • Corrected updinst. • Fixed notifications to show multiple toast notifications when appropriate.9 Managed Account Groups • Role enforcement and automatic assignment cannot be enabled at the same time for managed account groups. The purpose of this is to produce error logs and prevent port failures. when health-check script and loganalyzer script are running at same time. 47 .2. All timestamps in system logs are displayed following the server timezone.2. • Resolved a number of memory allocation issues in the notification service.11 Notification • Fixed an issue for macro detection within exit traps as well as notifications and modified regex to parse through dashes and numbers and to show the message content correctly. Hitachi ID Password Manager Release Notes • Fixed an issue in system logs to not adjust ’Current server time’ to user preference. 5. • Fixed an issue in question set configurations report to escape quote properly. 5.2. • Fixed e-mail customization to save consistently. • Changed implementer plug-in to be called only once.12 Password reset • Fixed an issue where password reset may fail if dcselect is used to generate a list of target system and target administrator is defined in NT4 format.13 Performance • Improved page performance for product administrators when the system has a high number of administrator groups. 48 . 5.2. SEARCH_USER_WITH_ACCOUNTS. requests will remain in the pending state until authentication module has finished running. • Changed IDMLib to allow direct import of extras modules. • Added an additional pswxtsvc disclosure plug-in to support the updated Windows NT Server address format. • Modified the clipboard module to minimize the amount of time the clipboard gets locked.2. • Improved performance for implementers searching for pending implementation requests. • A system variable has been added. • Fixed licensing issue with user notification plug-in pop-ups. • Corrected pswxcmd keystroke data capture so that it does not crash third-party processes when multiple sessmon session are active and so that it works for impersonated processes. • Fixed an issue to populate the password for all of the resources in a request when the password generator plugin does not return a password. custom components can be written to filter out accounts in the orgchart. Hitachi ID Password Manager Release Notes 5. © 2017 Hitachi ID Systems. which is available on the chrome web store. to allow user searches that could previously search on account short ID to once again do so.14 Plug-ins / Event triggers • When using an authentication module plug-in. Inc. • Fixed an issue that would occasionally cause the command prompt control disclosure plug-in to crash on exit. • Modified access disclosure plug-in behavior to disclose expired managed account passwords in the event that the password fails to be randomized. • Added disclosure plug-in support for Chrome through the Hitachi ID Browser Extension. • Removed IDO FILTER USER PLUGIN. • Made changes to exit trap DBE DATA MODIFIED are made to include query data from the event. All rights reserved. 15 Profile and request attributes • Fixed an issue in profile attribute to suppress errors when switching to boolean attribute type. 49 . 5.2. • Fixed enrollment report to calculate profile attribute enrollment type properly. • Fixed an issue in report to calculated the number of request properly. • All account IDs are now clickable in the ’Compare users report’ and the ’Users with common entitlements’ report. Inc. caused database service not functional. • Fixed an issue in Search requests report to allow "Account set access" filter option to be available for Operation field and "account set access" requests to show up in reports. • Changed Password change history report so that current passwords display the scheduled expiration time in the Expiration time column.exe) issue when multiple node replication environment is configured and primary node system has multiple CPUs. Hitachi ID Password Manager Release Notes 5.2. • Corrected issue where the drill-down for the ’Sent notifications’ report was missing some information.16 Replication • Corrected the database replication page to correctly escape the values in the description input field. • Standardized display of date in reports for the following categories: – User – Workflow – Privileged access: Configuration category.17 Reports and dashboards • Fixed report and dashboard drill-down windows to not exceed the height of the browser window. All rights reserved. • Component Framework files and database are replicated to nodes after changes are made. Rebooting primary node. • Fixed an issue in Event log report to ensure long group id is displaying properly. 5. • Changed the Stuck requests report to calculate subtotals correctly to be inline with other reports. • License re-alignment has been performed for both Enrollment and Workflow dashboards. sometimes. • Improved the account sets dashboard and drill-down. • Fixed a data replication configuration issue where the service list in the source node was not com- pletely propagated to replicated node.2. • Fixed a Database service(iddb. © 2017 Hitachi ID Systems. • Session activity report no longer displays invalid users. • Display and compare date/time attributes properly in reports. Hitachi ID Password Manager Release Notes • Report type dropdown menu for Delegation report option changed from “Summary by user and login method” to "Summary by user”.2. • Fixed an issue with reports to display dates in preferred date format specified by user. • Performance metrics report now runs properly for users in UTC 1+ timezones.2. • Fixed a potential security issue that could have occurred when using javascript. • Fixed an issue for saved reports to ensure that the last run time indicates the proper date and time. otherwise they will just see an empty pop-up. • Fixed Hard Drive Encryption Systems end user pages so that response codes do not get removed when the page is refreshed. • Fixed an issue with notification related reports to not show clickable links for deleted notifications. • Any user can now click on entitlement descriptions. Modified Discovered subscribers report to include Sharepoint service accounts. • Remove redundant timezone string from report notification messages. 50 . • Fixed a bug to prevent users with only ’Recompute dashboard cache’ privilege from accessing the product administration console. Inc. 5. • Downloading a saved report containing graph should not freeze the user interface. • Menu based ACLs should be honored when jumping straight to the page. © 2017 Hitachi ID Systems. • Modified Discovered subscribers report to not include group memberships. • ’Last updated’ in dashboards now displays local time. All rights reserved. • Improved Managed accounts and Group sets dashboards. • Displayed data has been standarized for report and dashboard drill-downs. but they must have the required ACLs to see any data. 5.19 Services • Corrected a race condition in the iddb service startup logic that was causing the service to slowly start up when a large number of cgis are accessed concurrently.18 Security • The reCAPTCHA component has been added to allow easier implementation of the Google re- CAPTCHA authentication method. • Corrected privilege checks so that individual administrators can view drill-down reports on the workflow dashboard. All rights reserved.2. Inc. 5.exe). • Rewording "Schedule and submit" to "Schedule for submission" and "Run and submit" to "Run for submission".psl password rules so that they are properly displayed and evaulated. 5.2.2. • Corrected ’View and update profile (IDR)’ option to display the page properly on Chrome browser. • Fixed an issue where it was possible to add a user as a user class in a certification round by using the user selection screen. • Fixed listing in userclasses to properly deal with incorrect pslang criteria. © 2017 Hitachi ID Systems.1 to 10. in order to reduce unnecessary database growth.20 Upgrade • Fixed upgrading scripts to allow upgrades from 7. 5.22 User classes • Fixed Managed groups and profile attribute so that they can not be unmanaged or deleted when attached to a user class. • Password verification for a target administrator is no longer required when changing a target type or target address. • Fixed the Self-service ’View profile’ privilege to affect the clickable link availablity for a user’s own profile.2.0.2. • Fixed the user interface glitch by removing the "Authorizer action" column to improve user interaction with the product. • Fixed the issue of broken pending RENU actions when upgrading from version 8. 51 .7 to current version. Hitachi ID Password Manager Release Notes 5. • Change criteria of userclass "_PARTICIPANTS_DIFFER" to match when one of the actors is blank.21 Usability • Improved local workstation key management. • Fixed Administrative and User access privileges for clickable links so that they are not cached. • Fixed an issue with passfilt.23 User interface • Updated the Front-end (PSF) so that menu boxes re-order and re-size for desktop and mobile access. • User interface glitch is corrected. • In Administrative Module(psa. therefore. the ’Pattern’ field in Manage ID filters has been expended to 80 characters.0. • Changed drill-down to prevent clicking a previous page when a new popup comes up. no missing line segment under the “Authorization action" column in the “Accounts to be added:".2. 5. © 2017 Hitachi ID Systems. • Enhanced the "submitting pre-defined requests using report output" functionality by adding a space between the pre-defined request description and the pre-defined request ID in the drop down menu.24 Utilities • Changed autores utility (for Automated resource assignment) to only submit requests for deficits where there is also no pending request. 5. • Object types and locations are now only available through the Inventory menu. Inc.exe) and Manage implementation tasks(idv. All rights reserved.exe) modules in a large environment with a number of historical workflow authorization information. • Fixed an issue where duplicate requests are displayed to Worklfow manager when they also happens to be the request authorizer.25 Workflow • Fixed an issue with Identity Manager Workflow Manager Service (idwfm). • Fixed the initialization of server datetime to report the correct datetime when the server timezone is UTC (with or without DST). • Fixed target system information page to show only the applicable options based on license. • Fixed a file replication problem where certain files with ’db’ extension name were not replicated properly. • Fixed Segregation of Duties (SOD) Rules in the resource details pop-up to show the correct SODs. • Autores should not return variances or issue requests again when requests to resolve variances have been submitted and are pending approval.2. • Change Target system configuration to fix "Allow enabling accounts" from always being checked. Account and group object types are also deprecated. where when new accounts are created. • Repaired the user listing functionality when selecting the subordinates to attach to a manager. • Target system summary search is not valid. Hitachi ID Password Manager Release Notes • Suspend and update button should work properly in request detail page when IDP_APPROVE_SINGLE_RESOURCE is enabled. since. • Fixed account set checkout page to not show account disclosure magnifying glass if only run command plugin is configured. 52 . they do no get group membership. • Corrected a performance issue in Authorize requests(idp. • Fixed Administrative users to be able to update user group access control when they have the appropriate privileges. target system summary page link has been removed from under PSA > Ressources >Target System. • Disabled checkbox should be displayed in search results.2. • Changed CUST resource operations to accept the managed groups. target type level overrides and mappings as well as default mappings to profile attributes. The delegate now gets the correct list of tasks to accept/complete as a delegate.233. • Fixed an issue in IDWFM where it doesn’t search delegations based on the proper delegation type. • TargetAttributeGet API call now returns target level overrides and mappings. redirects user to the actual request page. Calgary AB Canada T2G 2J3 Tel: 1.403. submitting requests using the PDR should reflect the changes in the pre-defined request. • Removed "location" and "object type" fields from template account and managed account group pages. If the account creation operation was deemed to be a failure then USER_CREATE_FAILURE exit trap should not fire and the operation should be retried.com www. • Corrected issue so that WfRequestAttrsSet API function properly captures error messages that are returned from Workflow Manager Service (idwfm) in case of failure.0725 E-Mail: [email protected] Fax: 1. • Pre-defined requests with template accounts now correctly calculate associated implementers. • If the account creation operation was deemed to be a success then USER_CREATE_FAILURE exit trap should fire and no retry. Hitachi ID Password Manager Release Notes • URL found inside the email sent for delegation request. • Fixed an issue in pre-defined requests. • If a pre-defined request is modified.1 Street SE.tex . where non-user-based pre-defined request link is not available. • Profile attribute of type integer can now accept 0 as default value. • The Email class has been fixed to allow the attaching of image files to emails. • Target system address configuration page for official scripted agents will check for valid script.Hitachi-ID. 1401 .233.com Date: | 2017-04-23 File: git:fox:doc/fox/release/release-notes. • Enhanced PSF module to prevent cgi crashing when user settings are corrupted. • A role or segregation of duties rule should not be deleteable while it is present in a saved certification configuration or in an active certification configuration round. • Changed ResourceRead IDAPI function to return valid information on TARGET_USE_ID_FILTERS on target systems.403. • Removed DiscoveryComputerAttributeGet from idmlib and replaced it with ManagedSystemAttrGet. 500. • Fixed loophole where roleA and roleB could be an entitlement for each other. • Advance search on integer resource attributes should work properly.

Comments

Description