CzechIdM 11.1
The new version 11.1.0 of the CzechIdM has been already released! This version brings, as we could already get used to, many new features and improvements. Native synchronization of groups and Wizard for MS Active Directory groups both cooperatively enables and simplifies a manner how to create roles in the IdM according to the existing groups in a target system. The wizard is a user friendly approach how to do so for MS Active Directory system. The new version also brings brand new IdM Monitoring and prepares the IdM for running in so called high availability (HA) mode.
Among other the most important features belong:
- Adding decision reason for all user tasks related to workflows
- Full support of the virtual system import and export
- Force delete for roles
- Extended permission control
- and many othersβ¦
Native synchronization of groups
Many target systems (such as MS Active Directory) use the principle of group membership. Membership in a group can grant users some permissions, licenses etc. Such membership in a group is usually represented in the CzechIdM by assigned role. The feature of group synchronization is a tool enabling to create roles in the IdM representing groups in a target system. Administrators are therefore saved from manual creating of the 'group' roles in the IdM which is very demanding in case of many systems with many groups. During the synchronization process there can be created also role catalogues serving as role aggregators for their better organizing.
You can find more about this feature here.
Wizard for MS Active Directory groups
This new wizard goes hand in hand with the Native synchronization of groups feature and moves it on another level. It is a significant tool for the group synchronization setting of the MS Active Directory system which is very common use case. It allows to perform all necessary setting in only several easy steps.
You can find more about this feature here.
IdM monitoring
The version 11.1.0 gets a brand new monitoring system. This monitoring system provides a convenient way how to inform administrator that some of the observed IdM parameters are reaching the set limit. The observed parameters are set via fully configurable probes. Among common parameters to watch belong the result of performed synchronization runs or occupancy of monitored IdM tables. Administrator is kept informed through notification icon at the top dash of the application as can be seen below in the picture.
<p align="center">
<img src="https://user-images.githubusercontent.com/57331664/125438752-991f90e1-026c-47f6-b932-ebc36b34d8d2.png" />
</p>
You can find more about this feature here.
π‘ New features in this version:
- #2765 - Native sync of groups to IdM roles - implementation
- #1865 - IdM monitoring
- #2690 - Wizard - MSAD - Groups
- #2669 - Add rejection reason to approval task
- #2696 - HA - move scheduled tasks and events to the current instance
- #2792 - Develop evaluation and source data modification methods for IdM Integration test
- #2550 - Export+import of a virtual system - empty additional attributes in virtual requests, error when using the "rights" attribute
- #2859 - IdM test automation - Creating user accounts when employment commencing
- #1555 - Force delete for roles
- #2693 - Initialization of mock target system for product integration tests
- #2852 - Support permissions by role guarantee for role concepts in role request detail
- #2795 - Remove bulk action for role-request agenda
- #1566 - Eav: Add form definition order for FE
- #2763 - Audit: Show info card with revision for deleted entities (uuid is show now only)
- #2838 - Conflicting dependencies jaxb-core and istack
- #2810 - Bulk action: Delete active provisioning operations
- #2855 - Create wizard for groups and WinRM connector
- #2862 - CSV and DB wizard - automatic creation of mapped attributes for synchronization
- #2868 - Monitoring: synchronization monitoring autoconfiguration
- #2173 - (Request Role β Add role) pre-select main contract when adding a new role
- #2869 - Monitoring: init database and synchronization monitoring evaluators
- #2814 - Support custom label and placeholder setting for basic attributes used in form projections
- #1367 - Entity event queue - add base permissions
- #2776 - Configuration item with value longer than 255 characters can't be saved
- #2732 - Add filter for identities without projection
- #2808 - Propose for differential report IdM vs connected system
- #2815 - Hide codes in the role catalog tree
- #2403 - Add filter for surname
- #2785 - Authorization policy: add bulk action for enable / disable authorization policy
- #2764 - Role: Support column configuration (show, order) in role table
- #2851 - VS: Update form definition name, when virtual system name is changed
- #2870 - Monitoring: show results on monitoring evaluator detail
- #2871 - LRT: Delete scheduled synchronization task, when synchronization is deleted
- #283 - EAV form - script area
- #2812 - FE: Shorten personal code on identity detail, nicelabel and in all info components
- #881 - Add gui warning for H2
- #2822 - Change default PostgreSQL system name created by wizard
π Defects fixed in this version:
- π‘ #981 - Wrong object class is used when retrieving account attributes
- π‘ #2350 - Cannot view active operations in provisioning queue (error in communication with server)
- π‘ #2842 - Audit displays misleading warning for a unique role attribute, can't edit already assigned role
- π‘ #2813 - If automatic role creating is controlled by WF approving process, its rejection causes script failure
- π‘ #2864 - Role attributes values in a request reusing id.
- π‘ #1705 - Check running operation for same automatic role (recount automatic role task ends with exception, after last rule is removed)
- π‘ #2754 - Wrong message for character limit on the role request detail
- π‘ #2811 - Some flyway scripts depend on a "public" schema (Postgresql).
- π‘ #2860 - Some validation errors are not localized
- π‘ #2840 - Cannot view entity events after deleting an identity
- π‘ #2841 - When we can assign only one role, the modal window is stuck
- π‘ #2866 - Wrong script category for transform username from password filter
- π’ #1991 - Contact slice cannot be created from FE, when contract form definition contains required attributes
- π’ #2778 - Contract slices: Contract guarantee can be added / deleted when contract is controlled by slices - FE parts
- π’ #2805 - Cannot open the detail of the synchronization sometimes
- π’ #2804 - The tab More information is not accessible on first load when using validation on basic attributes
β‘ The list of changes (compatibility):
The changelog for this and previouse versions can be found here.