Release 7.3 is one of the major milestones with many important features.

- User-configurable data permissions (Identity and Role).

  1. Authorization policies could be assigned to standard roles. Policy evaluates permissions, what currently logged user can do with domain objects.

- Remote connector server is supported now.

  1. From now, we support an external server connector. Therefore, you are not only bound to the connectors that are supplied with the basic product. So you can use outside the base table, csv and LDAP connector for example, Active Directory, or Google Apps. You can also use secured login and password to connect to the server.

- New version of synchronization (Identity, Role, Trees).

  1. Now, we are able to synchronize new objects to/from CzechIdM - Roles and Tree structures. Thus we are e.g. able to automatically synchronize groups from MS Active Directory to CzechIdM as well as define those object in CzechIdM and provide the data to MS AD. Synchronizing trees effectively allows CzechIdM to fetch company structure, store it in CzechIdM and provide the data to the end system like LDAP.

- Automatic roles on organization tree.

  1. Identity gets role automatically by their work position. Automatic roles can be propagated recursively through the tree structures (up, down).

- Bulk change of identity permissions in one request.

  1. Now the user can ask to change their permissions in one package (request). This package goes on as a whole through the approval process and as a whole is also applied. This approach allows for greater integrity of accounts between CzechIdM and end systems.

- Password policy management.

  1. Password Policies allow us to set up a set of rules to improve security by users who may be forced to set up strong passwords and use them correctly. We distinguish the use of small, large characters, figures and special characters. We also support the minimum and maximum character limit settings. We also added enhanced password control, for example similarity with user attributes.

- Flyway scripts integrated.

  1. After enabling Flyway scripts, database migration is easy. Your database will be setup for first time exactly as it needs a system CzechIdMng. Moving to a newer version will be very easy with scripts.

- Registrable filters

  1. Custom module can register new filters on core endpoins for roles and identities. Identity can be found be by newly added criteria.

- Forest index integrated.

Citrine: (Citrine is a variety of quartz whose color ranges from a pale yellow to brown due to ferric impurities.) Foto


  • #638 Zero and negative values in password policy
  • #635 Remove role request check rigts for internal requests
  • Remove unvalid IdentityAccount during Account management (+test)


  • #655 Email notifications (dependency problem).
  • #653 Identity save for HR processes.
  • #652 java.util.Date is now allowed in Groovy scripts.
  • Duplicit permission group names removed.


  • #680 Fix showloading on task detail component.
  • #665 Fix deleting scripts.
  • #363 Refactoring for password reset module.
  • #683 Sent label on notification agenda is filled correctly.