Powered by Algolia

    New in v4.2.2

    Version 4.2.2 is a major release delivering new features, architectural upgrades, performance improvements, and substantial updates across Identity Governance, CIAM, and platform services. The complete list of changes is available in the change log. Below is an overview of the key enhancements included in this release.

    Platform Enhancements

    New Dashboards & Monitoring

    • Descriptive Analytics Dashboard Provides real-time operational and identity insights across your OpenIAM deployment.
    • Prometheus-based monitoring Adds deep observability into system health, performance, and service metrics.

    Groovy Manager Redesign

    A completely modernized Groovy Manager with:

    • Improved editing experience
    • Version history and auditability
    • Advanced search for large script repositories Enhancements help ensure safer and more controlled script lifecycle management.

    Performance & Resource Optimization

    • Memory and performance improvements allow the platform to run efficiently in 32GB environments.
    • Faster UI operations and reduced backend latency across core services.

    Core Platform Architecture Enhancements

    To improve scalability, resilience, and licensing alignment:

    • Elasticsearch → OpenSearch migration
    • ETCD → Consul migration for more robust service coordination and configuration management

    Platform-Level Notifications

    Administrators can now publish notifications to end users for:

    • Planned maintenance
    • Platform issues
    • Operational updates Notifications appear during login or within the console.

    UI Modernization (React Migration)

    Significant progress in migrating from the legacy UI to React. Updated components include:

    • WebConsole: User search, user templates, content providers, authentication providers, groups, roles, resources, provisioning (excluding connectors), policy management
    • Self-Service: Request administration and request history

    Additional UI refactoring continues in upcoming releases.

    Security Enhancements

    • Integrated with Have I Been Pwned to detect compromised or breached passwords during password changes.
    • Strengthened password evaluation during all authentication flows.

    Compliance Improvements

    • Deployment support for CJIS and STIG profiles on RHEL.

    Identity Governance Enhancements

    Segregation of Duties (SoD)

    New capabilities to strengthen internal controls:

    • Create and manage SoD policies directly from the UI
    • Enforce SoD rules during access request workflows
    • Continuously monitor for policy violations

    Access Certification (Major Refactor)

    A wide-ranging modernization effort including:

    • Redesigned, intuitive user interface
    • Substantial performance improvements for large-scale campaigns
    • Support for event-driven certification
    • Backend reporting infrastructure for Certification-specific reports
    • Introduction of tags for better organization and filtering
    • Enhanced search and filtering across campaigns and items

    Identity Verification Enhancements

    • Expanded verification methods to support workforce and customer onboarding
    • New adaptive flows for password change and forgot-password processes
    • Integrated Microsoft Teams Bot allowing approvers to take action directly within Teams

    Customer Identity Improvements

    Improved flexibility, Configurable Authentication Flows

    • Support for passwordless authentication using:
      • FIDO2 security keys
      • OpenIAM Auth App
    • Adaptive password change flows where users can verify identity using:
      • TOTP
      • Push notifications
      • Certificates
      • Other available authentication factors

    Next-Generation Adaptive & Risk-Based Authentication

    New risk engine enhancements:

    • Behavioral pattern detection
    • Risk scoring based on contextual and device attributes
    • Rules based on country, group membership, and roles
    • Expanded device intelligence and out-of-the-box factors

    Teams & Delegated Management

    • New Teams concept using group membership
    • Team owners can manage membership directly from the self-service portal

    Identity Verification for CIAM

    • Extended verification for customer onboarding and CIAM login flows

    Session Management Enhancements

    More flexible session lifetime controls:

    • Inactive session timeout
    • Maximum active session duration enforcing reauthentication even during continuous use

    User Profile Switching

    Users with multiple profiles (e.g., employee vs. administrative accounts) can seamlessly switch profiles in self-service without logging out.

    Summary

    OpenIAM v4.2.2 introduces foundational improvements across the platform, including a modernized UI, stronger governance controls, next-generation adaptive authentication, and significant architectural upgrades. These enhancements improve security, compliance, performance, and overall user experience across both workforce and customer identity scenarios.

    Previous
    New in v4.2.1.15
    Next
    New in v4.2.1.5