CzechIdM 11.1

The new version 11.1.0 of the CzechIdM has been already released! This version brings, as we could already get used to, many new features and improvements. Native synchronization of groups and Wizard for MS Active Directory groups both cooperatively enables and simplifies a manner how to create roles in the IdM according to the existing groups in a target system. The wizard is a user friendly approach how to do so for MS Active Directory system. The new version also brings brand new IdM Monitoring and prepares the IdM for running in so called high availability (HA) mode.

Among other the most important features belong:

1. Adding decision reason for all user tasks related to workflows
2. Full support of the virtual system import and export
3. Force delete for roles
4. Extended permission control
5. and many others…

Many target systems (such as MS Active Directory) use the principle of group membership. Membership in a group can grant users some permissions, licenses etc. Such membership in a group is usually represented in the CzechIdM by assigned role. The feature of group synchronization is a tool enabling to create roles in the IdM representing groups in a target system. Administrators are therefore saved from manual creating of the 'group' roles in the IdM which is very demanding in case of many systems with many groups. During the synchronization process there can be created also role catalogues serving as role aggregators for their better organizing.

You can find more about this feature here.

This new wizard goes hand in hand with the Native synchronization of groups feature and moves it on another level. It is a significant tool for the group synchronization setting of the MS Active Directory system which is very common use case. It allows to perform all necessary setting in only several easy steps.

You can find more about this feature here.

The version 11.1.0 gets a brand new monitoring system. This monitoring system provides a convenient way how to inform administrator that some of the observed IdM parameters are reaching the set limit. The observed parameters are set via fully configurable probes. Among common parameters to watch belong the result of performed synchronization runs or occupancy of monitored IdM tables. Administrator is kept informed through notification icon at the top dash of the application as can be seen below in the picture.

<p align="center">

<img src="https://user-images.githubusercontent.com/57331664/125438752-991f90e1-026c-47f6-b932-ebc36b34d8d2.png" />

</p>

You can find more about this feature here.

1. #2765 - Native sync of groups to IdM roles - implementation
2. #1865 - IdM monitoring
3. #2690 - Wizard - MSAD - Groups
4. #2669 - Add rejection reason to approval task
5. #2696 - HA - move scheduled tasks and events to the current instance
6. #2792 - Develop evaluation and source data modification methods for IdM Integration test
7. #2550 - Export+import of a virtual system - empty additional attributes in virtual requests, error when using the "rights" attribute
8. #2859 - IdM test automation - Creating user accounts when employment commencing
9. #1555 - Force delete for roles
10. #2693 - Initialization of mock target system for product integration tests
11. #2852 - Support permissions by role guarantee for role concepts in role request detail
12. #2795 - Remove bulk action for role-request agenda
13. #1566 - Eav: Add form definition order for FE
14. #2763 - Audit: Show info card with revision for deleted entities (uuid is show now only)
15. #2838 - Conflicting dependencies jaxb-core and istack
16. #2810 - Bulk action: Delete active provisioning operations
17. #2855 - Create wizard for groups and WinRM connector
18. #2862 - CSV and DB wizard - automatic creation of mapped attributes for synchronization
19. #2868 - Monitoring: synchronization monitoring autoconfiguration
20. #2173 - (Request Role → Add role) pre-select main contract when adding a new role
21. #2869 - Monitoring: init database and synchronization monitoring evaluators
22. #2814 - Support custom label and placeholder setting for basic attributes used in form projections
23. #1367 - Entity event queue - add base permissions
24. #2776 - Configuration item with value longer than 255 characters can't be saved
25. #2732 - Add filter for identities without projection
26. #2808 - Propose for differential report IdM vs connected system
27. #2815 - Hide codes in the role catalog tree
28. #2403 - Add filter for surname
29. #2785 - Authorization policy: add bulk action for enable / disable authorization policy
30. #2764 - Role: Support column configuration (show, order) in role table
31. #2851 - VS: Update form definition name, when virtual system name is changed
32. #2870 - Monitoring: show results on monitoring evaluator detail
33. #2871 - LRT: Delete scheduled synchronization task, when synchronization is deleted
34. #283 - EAV form - script area
35. #2812 - FE: Shorten personal code on identity detail, nicelabel and in all info components
36. #881 - Add gui warning for H2
37. #2822 - Change default PostgreSQL system name created by wizard

1. 🟡 #981 - Wrong object class is used when retrieving account attributes
2. 🟡 #2350 - Cannot view active operations in provisioning queue (error in communication with server)
3. 🟡 #2842 - Audit displays misleading warning for a unique role attribute, can't edit already assigned role
4. 🟡 #2813 - If automatic role creating is controlled by WF approving process, its rejection causes script failure
5. 🟡 #2864 - Role attributes values in a request reusing id.
6. 🟡 #1705 - Check running operation for same automatic role (recount automatic role task ends with exception, after last rule is removed)
7. 🟡 #2754 - Wrong message for character limit on the role request detail
8. 🟡 #2811 - Some flyway scripts depend on a "public" schema (Postgresql).
9. 🟡 #2860 - Some validation errors are not localized
10. 🟡 #2840 - Cannot view entity events after deleting an identity
11. 🟡 #2841 - When we can assign only one role, the modal window is stuck
12. 🟡 #2866 - Wrong script category for transform username from password filter
13. 🟢 #1991 - Contact slice cannot be created from FE, when contract form definition contains required attributes
14. 🟢 #2778 - Contract slices: Contract guarantee can be added / deleted when contract is controlled by slices - FE parts
15. 🟢 #2805 - Cannot open the detail of the synchronization sometimes
16. 🟢 #2804 - The tab More information is not accessible on first load when using validation on basic attributes

The changelog for this and previouse versions can be found here.