CzechIdM 10.7.0

The main goal of version 10.7.0 was to simplify the creation of new systems and bring support for two-factor authentication..

Less user-visible, but all the more important tasks were, for example:

  • The order of EAV attributes can now be changed directly in the table using drag and drop.
  • Virtual systems now support new actions for bulk cancellations or confirmation of requests.
  • The bulk role duplication action now supports copying authorization policies.
  • And much more …

Two-factor authentication is an important means of increasing security. In an IdM environment, the use of two-factor authentication is ideal for administrators, where it is crucial to ensure the maximum level of security for their accounts.

Feature is available from user profile (user main menu) in application. Two-factor authentication is optional and can be enabled from user profile:


After user sign in to CzechIdM using username and password, user will be prompted to provide an authentication code from a text message (notification) or from TOTP application. CzechIdM will only ask to provide two-factor authentication code again if user have logged out, is using a new device, or user session expires.

Supported methods to get authentication code:

  • Application - authentication code is generated by TOTP application (Google Authenticator, TOTP Authenticator, FreeOTP etc.).
  • Sms notification - authentication code is send by standard IdM notification. Sms notifications have to be supported to use this method (sms notification sender needs to be provided).

The first authentication code obtained by selected method is needed to enable using two-factor authentication:

You can find more about this feature here.

The first step in creating a new system is to select a connector. For better UX, we have created a new page, where each connector is displayed as a separate box, which can be newly enriched with a more detailed description and image of the connected system.

In the previous version, a universal wizard for creating a system was added. In this version, we focused on creating specialized wizards that simplify the configuration of the connector.

For example, in the case of a CSV wizard, the user does not have to fill in the location of the CSV file on the server, but can simply use the drag and drop zone to upload the file. Another simplification is the selection of the primary identifier, where the user does not have to remember the name of 'columns' in the CSV file, but they are all read from the file and offered in the selectbox.

Another specialized wizard is used to connect database tables. Previously, the user had to configure the attributes that are charged to the database. For example, the name of the database driver, the mask for the composition of the resulting URL, etc. Now the user is exempt from this and the wizard does this for him. Currently, three wizards are available for connecting database tables for PostgresSql, MS SQL server and MySQL. The wizard for the given database type is displayed only if the given IdM installation has the necessary database driver available.




You can find more about this feature here.

  • #2506 - Authentication: Two factor authentication
  • #2528 - Wizard - Implement connector templates.
  • #2585 - Wizard - JDBC (PostgreSql, MsSql, Mysql)
  • #439 - Eav order - change order from table (drag and drop)
  • #2552 - Wizard - CSV
  • #2584 - Wizard - Implement support for opening an existing system in the wizard.
  • #2603 - IdmTool: Support build without resolving third party dependencies (when private maven repository is not available)
  • #2562 - Abort requests on component will be unmount - Long polling doesn't work properly in some cases.
  • #2569 - Validation: Support BE validation in projection, show custom validation message for FE validations
  • #2598 - Cache: reduce authorization policies cache size for logged user
  • #2597 - Event: set EXECUTED event result state when task will continue asynchronously (when AcceptedException is returned, e.g. Role recalculation - change type of result code when 2 LRTs run simultaneously)
  • #1132 - Bulk resolve of virtual requests
  • #2517 - FE: persist collapsed / expanded filter to redux state (prevent to open / close it to default state after redirect)
  • #2522 - Copy authorization settings when duplicating a role
  • #2602 - Bulk action - performance - implement a transaction for each item.
  • #2574 - Local admin can't edit identity right after it's created
  • #2560 - FE: add info component for long running task
  • #2582 - Configurable count of Role catalogue folders shown by default
  • #1410 - Generate unique email in the standard email generator
  • #2558 - FE: improve info component for business role
  • #2536 - SelectBox: implement text filter with wildcard characters (doesn't show record for operators '%' and '_', but count is shown - eq. role request)
  • #2172 - Info cards: support quick link to audit in system informations
  • #2507 - Library struts-core-1.3.8.jar is no longer supported
  • #2559 - FE: add onReload callback to tables - reload counts of running and failed events in event agenda
  • #2557 - FE: add role select to automatic role detail
  • #473 - Public endpoints must bypass BE Authentication filters
  • 🟡 #2566 - Fill originalCreatorId and originalModifierId for assigned roles (possible loss of audit info when changing login of admin)
  • 🟡 #2589 - Fill originalModifier and originalModifierId for changed entities (possible loss of audit info when changing entities multiple times)
  • 🟡 #2601 - Configuration of Synchronization cannot be updated if was created via wizard.
  • 🟡 #2594 - Authentication: Disabled identity is not checked by sso and target system authentication (disabled identity can log in over sso or target system).
  • 🟢 #2565 - Identity form values are not refreshed after changing the order of form attributes
  • 🟢 #2577 - Long running task parameters are not refreshed in agenda after some changes
  • 🟢 #2563 - Missing loading on monitoring board
  • 🟢 #2596 - Copy roles by user works even for disabled roles
  • 🟢 #2578 - Changes in virtual system request not shown from e-mail link
  • 🟢 #2580 - Show full detail from second card doesn't work
  • 🟢 #2554 - Disapproved state not present in select box

The changelog for this and previouse versions can be found here.