New in v4.2.1.10

Version 4.2.1.10 contains minor upgrades and security and vulnerability fixes. The full set of changes can be found in the change log. The sections below provide an overview of the improvements and steps required after upgrading.

Improvements

• Direct reports screen in SelfService had several issues related to performance, sorting and navigation, which were fixed.
• Access request (inbox) performance was improved.
• The issue with Administration page loading slowly on big data sets (Microsoft SQL database) was addressed.

New features

• New policy for minimum challenge responses questions’ answer length was introduced.
• The OTP resend code time is now configurable.
• A support for identity center in AWS connector was introduced.
• The frequency of OTP tokens that can be sent over SMS and Email was made limited.
• A support for proxying Twilio SMS and Voice OTP was added.
• Automatic organization hierarchy assignment is now allowed to be disabled.
• A new Password history screen is available in SelfService.
• Terminating users via SelfService Admin Actions now can trigger a workflow but remain compatible to process requests without invoking the workflow.

Connectors

Two new connectors were introduced to work with OpenIAM - Azure Graph R connector and SAP Fiori connector.

Additional steps after upgrade

1. An org.openiam.elasticsearch.model.UserDoc document in Elasticsearch needs to be reindexed. More on reindexing can be found in the document by the link.

2. The notify method in iamscripts/prov-helper/CustomConnectorResponseListenerHandler.groovy needs to be updated. The script can be found after following this link.

3. Since errors were fixed in OOTB were fixed, we recommend to update iamscripts/sync/identities/refreshIdentity.groovy. The updated script can be found here.

4. In case you are going to use synchronization of Licenses from Azure, note, that three new x files were added, being iamscripts/sync/group/azure/AzureLicenseSyncAttributes.groovy, iamscripts/sync/group/azure/AzureLisenceSync.groovy and iamscripts/sync/group/azure/AzureUserLicenseMappingSync.groovy.

5. New files were added for Azure Graph connector provisioning. They can be downloaded by following this link.

6. New synchronization scripts for AzureAuthenticationAssignments were provided. Follow the links below to find them.

• Attributes script: https://bitbucket.org/openiam/conf/src/RELEASE-4.2.1.10/iamscripts/sync/user/azure/AzureAuthenticationAssignmentsSyncAttributes.groovy.
• Transformation script: https://bitbucket.org/openiam/conf/src/RELEASE-4.2.1.10/iamscripts/sync/user/azure/AzureAuthenticationAssignmentsTransformation.groovy.
• Validation script: https://bitbucket.org/openiam/conf/src/RELEASE-4.2.1.10/iamscripts/sync/user/azure/AzureAuthenticationAssignmentsValidation.groovy.

7. An improvement in iamscripts/sync/user/ad/ADPowerShellTransformation.groovy was introduced to synchronize related accounts. The upgrade script is stored here.