CzechIdm 11.0

The new version 11.0.0 of the CzechIdM is out now! It brings beside many new features also important technological upgrade. CzechIdM is now developed and run on Java 11. Frontend components were also updated. Specifically Gulp 4 and Babel 7 libraries are currently used. Among new features brought in this version belongs Setting of the same password to all systems for a new identity simplifying password distribution for newly hired people in companies. Another, UX improving, feature is extended and reorganized detail of provisioning changes. It is very useful for everyday work with user account management. In this version there was also extended Form projection by capability of value validation of its attributes. Such values can be now set as mandatory or being in the specified range can be enforced and so on.

In this version there were also implemented:

  • Support for duplication of the virtual systems
  • Added information about expired password to the table with identities
  • Improved checking of the minimum password validity
  • Added new bulk operation for contract modification
  • and many others…

Main benefit of this feature is simplifying of first days of a new employee in a company when access to various systems is established. It allows the new employee to receive only one ,often generated, password common for all systems the employee needs access to. It is very easy for administrators to set up this function as we can see in the picture below. It suffices just to enable it and set the list of systems the uniform password is supposed to be sent to.


You can find more about this feature here.

Redesigned provisioning detail newly displays also original values obtained directly from target systems. It provides easier way how to compare values of managed attributes on the target system and current values present in the CzechIdM. Differences which are to be sent to the target system are highlighted for better readability. User is also able to switch between displaying of changed values only or all attributes.


You can find more about this feature here.

Huge flexibility added into CzechIdM in previous versions by implementation of form projection enabling users to design custom forms has been even more extended in version 11.0.0. It is newly possible to enforce the filled attributes to meet the set requirements. They can be set as mandatory, their values can be limited from upper and lower bounds or tested that values meet required pattern.


You can find more about this feature here.

  • #2703 - Set same password to all systems for new identity.
  • #2685 - Display original values of attributes before provisioning changed them
  • #2568 - Support setting required basic attributes and validations (in form projections)
  • #2622 - FE: upgrade gulp - use version 4
  • #2398 - When copying default virtual system, multivalued attribute 'rights' is not created as multivalued in its form definition
  • #2700 - Bulk move users to a different work position and change their contract expiration
  • #2701 - Support to generate an anonymized username (abc123456)
  • #1974 - Native sync of groups to IdM roles - analysis
  • #2744 - Uniform password for new accounts - connect to the Uniform password agenda (and support set password to an identity)
  • #2679 - Change minimum number of days for password validity check
  • #2518 - Script definition duplication
  • #2579 - Notification of role change request result
  • #1787 - Send attribute to system ONLY with password
  • #2698 - Select the value if the required select box has only one value
  • #2667 - UX: Add information about password expiration to the Users table
  • #2697 - Set the creator of the identity as its direct manager
  • #2571 - System - Automatic mapping - add PASSWORD attribute.
  • #2736 - IdmTool - support build without frontend
  • #2758 - BE: Java 11 usage
  • #2716 - FE: DateTimePicker - support min and max date validations
  • #2200 - Automatic filling of the name attribute when creating new automatic role.
  • #2714 - Password policy: Implement BE bulk action for delete password policy
  • #2746 - Event: Show info card even for deleted entities in event queue
  • #2656 - Create default validation password policy with Minimum length requirement.
  • #2699 - Support setting maximal validity of a contract
  • #2747 - Provisioning: Improve subordinates provisioning, when manager is removed
  • #2740 - AD - password attribute in schema object is unmodifiable
  • #2727 - AD Wizard - The LdapGroups attribute should use a MERGE strategy (instead authoritative merge).
  • #2749 - Allow override protection duration in processor
  • #1640 - Add information about not passed form validation
  • #2775 - Obsolete old versions of browsers, databases, etc. for IdM 11.0
  • 🟑 #2684 - Some messages are missing in the Logging events
  • 🟑 #2705 - Synchronization - HR process (contract end) removes identity roles (and accounts) of invalid contract before new automatic roles are evaluated (account on target system is deleted and created again from synchronization)
  • 🟑 #2739 - AD - provisioning update fails on null val in getDefaultDN script
  • 🟑 #1572 - Logon attempts exceeded with SSO
  • 🟒 #2753 - Contract slices: Contract guarantee can be added / deleted when contract is controlled by slices
  • 🟒 #2708 - AD Wizard for users has to contain valid, existing DN for disabled accounts even if account protection not used
  • 🟒 #2743 - Event: Start event remains in running state, when long running task ends with exception.
  • 🟒 #2767 - SSO: Redundant token generated for public configuration endpoint, when SSO is enabled
  • 🟒 #2771 - Contracts controlled by time slices shouldn't be updated through form projection
  • 🟒 #2751 - Provisioning mapping couldn't be created for WinRM+AD connector
  • 🟒 #2742 - The workflow task contains twice "created on" time
  • 🟒 #2748 - Canceling all running LRT starts with canceling it's own LRT
  • 🟒 #2757 - Eav: Prevent to show configured default values for already saved entities (default value is shown on identity more informations for not persisted values)
  • 🟒 #2726 - taskHistory component in TaskDetail not showing task name and assignee
  • 🟒 #2724 - Report: General export report ends before attachment for download is created (download button is missing in modal window)
  • 🟒 #2750 - Configurable count of Role catalogue folders not apply on Roles agenda

The changelog for this and previouse versions can be found here.