CzechIdM 10.6.0

The main goal of version 10.6.0 was to improve UX. Therefore, a new wizard component was created, which was used for the first time to create a new system. Furthermore, the availability of bulk operations buttons and agenda scripts has been improved.

Less user-visible, but all the more important tasks were, for example: - Redesigning business roles. - Add more permission configuration options for delegations. - Security enhancements (AES-256 key support in confidential storage and use of dynamic vector in a password). - And much more …

Creating a new system in IdM so that it can communicate properly with an external system and allow provisioning or synchronization is not an easy task.

To make this task a bit easier, we have created a special wizard that will guide you step by step: Configuring the connector, creating a schema, creating a mapping, or configuring synchronization.

All steps are simplified as much as possible, so that the user has to fill in as little data as possible. Therefore, for example, a function has been created that automatically creates system attributes based on catalogs with typical usage. For example schema attribute with code 'lastName / surname / familyName' will be automatically mapped to the last name attribute of IdM identity.

step (3)

The bulk operations available on the tables have been redesigned to display the most commonly used operations without having to click the menu.


Scripts are an important mechanism for modifying the behavior of individual parts of IdM. A typical example are scripts for transforming the value of attributes of connected external systems.

In this version, the agenda for managing scripts has been improved so that they can be downloaded and uploaded directly from the GUI application.


Roles catalog contains folders in tree structure into which administrator of CzechIdM can place roles. Every Role can be part of one or more folders. Role catalog is accessible in user roles change GUI agenda, so users can easily find desired role.

A new option to directly synchronize the role catalog from an external system has been added.


You can find more about this feature here.

  • #2472 - Create the wizard component
  • #2258 - Implement support for sync of role-catalogue
  • #1981 - Separate Remove from other menu items in identity bulk actions
  • #2444 - Implement waiting for the completion of the LRT after all asynchronous events
  • #1075 - Synchronization duration sometimes not displayed properly
  • #2355 - Confidential storage cipher uses hardcoded initialization vector
  • #2516 - Add support of bulk actions for script definition
  • #2408 - Evaluator and new permissions for delegation: Create delegation only from subordinates and yourself
  • #2521 - Add support of bulk actions for notification templates
  • #2266 - Add filtering requests of a virtual systems by implementers
  • #1636 - Redesign business roles assignment
  • #2074 - Schedule a report and send it
  • #2298 - Workflow tasks - Allow to see all tasks for the user involved in the process.
  • #2479 - FE: fixed bottom buttons in modal window
  • #2482 - Notification: add entity for attachments
  • #2391 - Add support for changing AES-256 confidential storage keys
  • #2493 - Allow deploy script via dropdown zone
  • #2348 - Imported system for organizations/contracts has empty type of structure (→ synchronization of organizations ends with Unknown state)
  • #1142 - Add overview of events to more entites
  • #2494 - System - automatic creation of mapped attributes (for common identity schema attributes)
  • #2513 - UX - try to prevent blink (reload) of a page if new role request is created.
  • #2464 - Identity: Add tab with all identity authorities and authorization policies
  • #2481 - Bulk action: Skip prevalidation for role delete bulk action
  • #1365 - Business default role in synchronization creates 2 links
  • #2533 - Add download button for backup scripts and templates bulk action
  • #2504 - AbstractForm - implement onSubmit method - for all components of the form.
  • #2255 - Codelist: clean redux state after code list is changed.
  • #2519 - Filters: throw better exception, when more than database supported count of parameters is given in filter parameter
  • #2505 - Don't import synchronization token when importing a system (exclusion of fields)
  • #2534 - Improve automatic reload (long-polling) for sync.
  • #1997 - Add filtering for provisioning operation that have not yet been computed
  • #2509 - Implement a processor to automatic mapping schema attributes for Tree and RoleCatalogue.
  • #2508 - Authentication: Must change password with target system authentication.
  • #1621 - Change level on bulk action item for cancel / retry provisioning
  • #2055 - Recalculate identity state
  • #641 - Refresh redux state after configuration property is removed
  • #1773 - Move filter for role catalogue code for identity role
  • #2485 - Test: clear cache automatically in transactional integration tests
  • #479 - Show more details on script execution exception
  • #2510 - Idm tool - add support for override czechidm-app module
  • #1817 - Allow report run again with same configuration
  • #2492 - Change order enum field Authority type for script
  • #2489 - Sort attribute in backup XML's for scripts and templates
  • 🟡 #2487 - IdmTool - ignore CzechIdM module as maven dependency (more versions for the same third party library in build)
  • 🟡 #2488 - Recalculation of a large number of automatic roles on MS SQL Server ends in error
  • 🟡 #2496 - Importing the role with changed code fails
  • 🟡 #2515 - FE: login page is shown for logged identity
  • 🟡 #2535 - EAV values are not refreshed correctly on projection - values are removed after save
  • 🟢 #2530 - E-mails history - filter by "Sending status" doesn't work
  • 🟢 #2480 - Copy roles from user doesn't work for more than 20 copied roles
  • 🟢 #2532 - Delegations uses worng data type in MSSQL (varchar vs nvarchar)
  • 🟢 #2527 - Sorting by Description fails with multiple scheduled tasks of the same type and empty description
  • 🟢 #1493 - Component password field and rendered doesn't work correctly
  • 🟢 #2502 - Recipients are not displayed on the notification detail.

The changelog for this and previouse versions can be found here.