Identity Governance as a Service Release Notes

November 2021

This version of Identity Governance includes new features, improves usability, and resolves several previous issues.

Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the Identity Governance and Administration forum on Micro Focus Communities website, our online community that also includes product information, blogs, and links to helpful resources.

For more information about this release, see the Identity Governance as a Service Documentation website.

1.0 What’s New

This release provides functional, infrastructure, and performance-related fixes and enhancements. It includes:

  • Enhanced capability to collect and publish only the changes in application and application definition data sources since the last publication. Authorized users can also schedule change event collection by creating new schedules or updating the existing schedules.

    For more information, see “Understanding Change Event Processing” in the Identity Governance as a Service User and Administration Guide.

  • A new out-of-the-box review type: Business Role Authorization Review. Authorized users can now review the authorizations defined by Business roles and request changes to the business authorization policy. Users can also create micro certifications for this review type.

  • Redesigned Governance Overview page to enhance customer experience and to include the ability to create custom widgets based on custom metrics. Users can also personalize the dashboard view within Identity Governance.

    For more information, see “Monitoring Governance System” in the Identity Governance as a Service User and Administration Guide.

  • Ability to collect identity, accounts, and permissions from SCIM 2.0 compatible applications and fulfill change requests.

    For more information, see “Collecting from SCIM Compatible Applications”, “Understanding SCIM Account and Permission Collectors”, and “Understanding Service Desk and Other Fulfillment Targets” in the Identity Governance as a Service User and Administration Guide.

  • Ability to monitor changes to user, permission, or account attributes by specifying attribute changes as criteria for a publication data policy.

  • Support for Identity Manager AE Permissions Collector in Identity Governance as a Service hybrid environments.

  • Ability to specify timeout values in each collector when using the Cloud Bridge.

  • The following new reports:

    • Access Request Policies - CSV

    • Requestable Items - CSV

    • Users in Business Role Grace Period - CSV

  • Miscellaneous infrastructure updates to improve deployment time and process, and updates to existing reports to provide additional governance. insights.

2.0 Technical Requirements

This release requires, at a minimum, the hardware and software listed in this section for Cloud Bridge and for Identity Governance.

2.1 Cloud Bridge Agent Requirements

You must have administrator privileges to install the Cloud Bridge Agent.

  • Hardware Requirements

    • CPUs: 4

    • Memory: 16 GB

    • Disk Space: 200 GB

  • Operating System Requirements

    • Debian 10

    • RHEL 8.3

    • SUSE Linux Enterprise Server 15.1 or later patched version of 15.x

    • Ubuntu 18.04 LTS Server Edition or later

  • Container Requirements

    • Docker 19.03.x or later

    • Podman 1.6.4

2.2 Identity Governance Requirements

  • Apple Safari 14 or later

  • Google Chrome 86 or later

  • Microsoft Edge 86 or later

  • Mozilla Firefox 81 or later (PC)

  • Mozilla Firefox 82 or later (Mac)

2.3 Supported Cloud Bridge Version

  • Cloud Bridge 1.6.2

3.0 Known Issues

We strive to ensure that our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.

3.1 Workday Permission Collection Might Take Significant Time

Micro Focus recommends that you work with technical support if you want to configure your Workday permission collectors. The collector will be enhanced in a future release to address holder to permission mapping and performance issues.

3.2 Deleted Audit Log Files Not Automatically Recreated

If you delete an audit log file while auditing is enabled and the server is running, a new audit log file will not automatically be generated. If you need to delete an audit log file while auditing is enabled, you must either first disable auditing and then enable it again, or you must restart the server.

3.3 Forms Comparison Displays Incorrectly When Using Inline Scripts

In the Form Builder, one can create inline scripts that can be used as helper functions. Be aware, however, that since these inline scripts are published to the global javascript context, unexpected results may occur. One example of this is in the compare to draft to published area, where one has two forms up at the same time. In this case, both forms will end up sharing the same inline function, even if the definition of the function was different between the draft and published form.

3.4 Items in the Form Builder Editing Pane are Partially Localized

When creating or editing a form in Form Builder, some field and button labels in the Editing pane appear in English, rather than language selected for localization. The completed form will be correctly localized, however. You can click the Preview icon on the left navigation to verify that the form is correctly localized.

3.5 Custom Forms Do Not Display Request Item Description in Bold Italics By Default

Though we support markdown for permission and application description, currently we do not have a markdown viewer for request forms. Because of this, any markdown syntax in an application or permission form will display as it is instead of being rendered as expected.

3.6 Moving a User from One Business Role to Another Using Curation Makes User Lose Authorized Permissions

Issue: If two business roles (BR1 and BR2) authorize the same permissions and specify auto-grant and auto-revoke on those permissions, and a manual or bulk data update (also know as curation) occurs which moves a user from BR1 to BR2, the user could lose the permission for a period of time between the fulfillment of the auto-revoke request and the fulfillment of the compensating auto-grant request.

This is possible because after curation, separate detections are triggered for BR1 and BR2, instead of a single detection that does both together. If detection is first done on BR1 (the role the user lost membership in) followed by BR2 (the role the user gained membership in), Identity Governance would issue an auto-revoke, followed by a compensating auto-grant. If detection is first done on BR2 followed by BR1, auto-revoke or auto-grant request will not be issued. Based on your fulfillment approach (manual, workflow, automatic, custom), in the case where detection first occurs on BR1 and then BR2, causing an auto-revoke request and compensating auto-grant request to be issued, the user could lose the permission between the fulfillment of the auto-revoke request and the fulfillment of the compensating auto-grant request.

Workaround: It is recommended that you do not utilize curation if you have business roles with overlapping permissions which are enabled for auto grants and auto revocation. If data update occurs, check business role detections (Policy > Business Roles > Business Role Detections) to verify that a compensating grant request was issued and if not, detect inconsistencies (Policy > Business Roles > Manage Auto Requests) and issue a grant request.

3.7 Navigating Away from Unchanged Page Might Result in Erroneous Prompt to Save Changes

Issue: When using Chrome with autofill enabled, some product pages could prompt you to save changes when you navigate to another page, even if you have not made changes. This happens when Chrome automatically populates configuration fields as soon as the page loads.

Workaround: Temporarily turn off autofill when accessing the product using Chrome browser, or ignore erroneous save prompts when you know you have not changed anything on the page.

3.8 Cannot Recognize Date Values that Are Not in Default Java Format

Issue: If a date attribute in your data source uses a non-Java format, Identity Governance does not recognize the data as a date. For example, if the StartDate attribute uses “YYYY/MM/DD” fixed-length format and you want to collect it in date format, the collection will show an error. Identity Governance uses only the default format for Oracle Java for date attributes.

Workaround: Use one of the following workarounds:

  • Before collecting from the data source, “clean” the data by converting the attribute values to Java’s default date format, which uses the number of milliseconds that have elapsed since midnight, January 1, 1970.

  • Collect the value in string format so that you will be able to see the native value. This method also guarantees that the data does not have to be clean to be collected. For more information, contact Technical Support.

3.9 Inconsistent Behavior When Using Wildcards

Issue: When using wildcards as literal characters, you must precede the special character with an escape (\) character. This behavior might not be consistent when using wildcards like * in search strings. Additionally, wildcard behavior will differ based on the type of database and the location of the search field or advanced filter.

This issue will be fixed in a future release of the product. For more information, see Supported Wildcards and Handling Wildcards as Literal Characters in the Identity Governance as a Service User and Administration Guide.

3.10 NullPointerException (NPE) Can Occur When Starting and Canceling a Review

In some cases, if you start a review and then cancel the review as it starts, a stack trace containing a NullPointerException could be output to the server console or logs by the Quartz third-party library.

3.11 Unresponsive Script Error in Firefox Can Occur When Clicking a User in the Certification Policy Violation Popup Window

Issue: In some cases, when you click a User in the Certification Policy Violation window when using Identity Governance with Mozilla Firefox, an unresponsive script error can occur.

Workaround: The issue lies with Firefox. For information about correcting the issue, see this Mozilla knowledge base article.

3.12 Third-party Issues

Some known issues lie within third-party applications that are integrated with Identity Governance. The following known issues can be tracked with the third-party vendor. Micro Focus provides links to those issues, where available.

Form Builder Issues

  • In the Form Builder, text that appears on various component tabs cannot be localized, because Form.io does not currently support localization for this text. To track most localization issues on the Form.io site, you can refer to Form.io bug 4283, Form.io bug 4431, and Form.io bug 4437 In addition, you can click here for more information.

  • When creating a custom form, the Approval Address field accepts values from the request address field only if using the Calculate Value. The Approval Address field does not receive information if using the Custom Default Value. The issue lies with Form.io, who is aware of the issue and is working toward a solution.

  • Validations are not triggered if the ValidateOn property of a component is set to Validate on Blur, but will, instead, validate on change. The issue lies with Form.io, who is aware of the issue and is working toward a solution.

  • When adding a layout component to a form and configuring Action Types, Value appears as an option, but this option is not applicable for a layout component. The issue lies with Form.io, who is aware of the issue and is working toward a solution.

  • Online help does not exist for the tree component. The issue lies with Form.io, who is aware of the issue and is working toward a solution.

  • The Date/Time values appear as “Invalid” in Firefox. The issue lies with Form.io, who is aware of the issue and is working toward a solution.

  • A custom form configured for multiple phone numbers displays only a single phone number field. The issue lies with Form.io, who is aware of the issue and is working toward a solution.

  • The default value does not return when you select the “Multiple Values” and “Clear Value on Refresh” options. The issue lies with Form.io, who is aware of the issue and is working toward a solution.

  • Using the JS editor to set a check box component to appear selected by default does not function as expected. The issue lies with Form.io, who is aware of the issue and is working toward a solution.

  • Some event trigger types with the “Hidden” property set do not hide the configured component. The issue lies with Form.io, who is aware of the issue and is working toward a solution.

4.0 Resolved Issues

4.1 In Custom Forms, the Templates Tab Cannot be Localized

In the Form Builder, the Templates tab of the Edit Grid Component window was not localized, because Form.io did not support localization for that text. With this release, text on this tab appears localized.

5.0 Contact Information

Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.

For support, visit the CyberRes Support Website or email cyberressupport@microfocus.com.

For general corporate and product information, see the Micro Focus Website.

For interactive conversations with your peers and Micro Focus experts, become an active member of our community. The Micro Focus online community provides product information, useful links to helpful resources, blogs, and social media channels.

6.0 Legal Notices

The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro Focus”) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.

For additional information, such as certification-related notices and trademarks, see https://www.microfocus.com/about/legal/.

© Copyright 2021 Micro Focus or one of its affiliates.