Identity Governance as a Service Release Notes

September 2021

This version of Identity Governance includes new features, improves usability, and resolves several previous issues.

Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the Identity Governance and Administration forum on Micro Focus Communities website, our online community that also includes product information, blogs, and links to helpful resources.

For more information about this release, see the Identity Governance as a Service Documentation website.

1.0 What’s New

This release provides functional, infrastructure, and performance-related fixes and enhancements. It includes:

  • Enhanced review scheduling capability for compliance with auditing requirements. When creating weekly and monthly review schedules, users can now specify the day of the week or month and set the time of the day for all intervals.

    For more information, see Scheduling a Review in the Identity Governance as a Service User and Administration Guide.

  • Improved ability to browse for request items, and enhanced technical role and related permissions approval process.

  • A new Identity Governance report that displays the merging rules set for the Identity Sources, along with the attribute mapping (Match rules) for each Identity Source.

  • Improvements to the Identity Governance role mining processes. Business role mining and technical role mining now occur as background processes, increasing role mining performance and allowing users to perform other tasks within Identity Governance without interrupting role mining.

  • Improvements to the Identity Governance download processes. Data sources emulation and test collection creation and download processes now occur as background processes. In addition, Identity Governance now streams the downloaded data directly from the databases to improve download performance.

  • Miscellaneous infrastructure updates to improve deployment time and process, and updates to existing reports to provide additional governance insights.

2.0 Technical Requirements

This release requires, at a minimum, the hardware and software listed in this section for Cloud Bridge and for Identity Governance.

2.1 Cloud Bridge Agent Requirements

You must have administrator privileges to install the Cloud Bridge Agent.

  • Hardware Requirements

    • CPUs: 4

    • Memory: 16 GB

    • Disk Space: 200 GB

  • Operating System Requirements

    • Debian 10

    • RHEL 8.3

    • SUSE Linux Enterprise Server 15.1 or later patched version of 15.x

    • Ubuntu 18.04 LTS Server Edition or later

  • Container Requirements

    • Docker 19.03.x or later

    • Podman 1.6.4

2.2 Identity Governance Requirements

  • Apple Safari 14 or later

  • Google Chrome 86 or later

  • Microsoft Edge 86 or later

  • Mozilla Firefox 81 or later (PC)

  • Mozilla Firefox 82 or later (Mac)

2.3 Supported Cloud Bridge Version

  • Cloud Bridge 1.6.2

3.0 Known Issues

We strive to ensure that our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.

3.1 Workday Permission Collection Might Take Significant Time

Micro Focus recommends that you work with technical support if you want to configure your Workday permission collectors. The collector will be enhanced in a future release to address holder to permission mapping and performance issues.

3.2 Deleted Audit Log Files Not Automatically Recreated

If you delete an audit log file while auditing is enabled and the server is running, a new audit log file will not automatically be generated. If you need to delete an audit log file while auditing is enabled, you must either first disable auditing and then enable it again, or you must restart the server.

3.3 Forms Comparison Displays Incorrectly When Using Inline Scripts

In the Form Builder, one can create inline scripts that can be used as helper functions. Be aware, however, that since these inline scripts are published to the global javascript context, unexpected results may occur. One example of this is in the compare to draft to published area, where one has two forms up at the same time. In this case, both forms will end up sharing the same inline function, even if the definition of the function was different between the draft and published form.

3.4 In Custom Forms, Text on Some Tabs Cannot be Localized

In the Form Builder, text that appears on the following component tabs cannot be localized, because Form.io does not currently support localization for this text:

  • The Templates tab of the Edit Grid Component window

  • The Data tab of the Text Field Component window

  • The Logic tab of the Text Field Component window

Click here for more information.

3.5 Items in the Form Builder Editing Pane are Partially Localized

When creating or editing a form in Form Builder, some field and button labels in the Editing pane appear in English, rather than language selected for localization. The completed form will be correctly localized, however. You can click the Preview icon on the left navigation to verify that the form is correctly localized.

3.6 Custom Forms Do Not Display Request Item Description in Bold Italics By Default

Though we support markdown for permission and application description, currently we do not have a markdown viewer for request forms. Because of this, any markdown syntax in an application or permission form will display as it is instead of being rendered as expected.

3.7 In Custom Forms, Approval Address Component Does Not Receive Information from Request When Using a Custom Default Value Field

When creating a custom form, the Approval Address field accepts values from the request address field only if using the Calculate Value. The Approval Address field does not receive information if using the Custom Default Value. The issue lies with Form.io, who is aware of the issue and is working toward a solution.

3.8 In Custom Forms, Validate On: Blur Does Not Function as Expected

Validations are not triggered if the ValidateOn property of a component is set to Validate on Blur, but will, instead, validate on change. The issue lies with Form.io, who is aware of the issue and is working toward a solution.

3.9 In Custom Forms, Action Type Properties Can Appear When They Are Not Applicable

When adding a layout component to a form and configuring Action Types, Value appears as an option, but this option is not applicable for a layout component. The issue lies with Form.io, who is aware of the issue and is working toward a solution.

3.10 In Custom Forms, Online Help Does Not Exist for Tree Component

When you click Help while adding a tree component to the layout of a custom form, an error appears. The issue lies with Form.io, who is aware of the issue and is working toward a solution.

3.11 In Custom Forms, Date/Time Values Appear as Invalid in Firefox

If you use Mozilla Firefox as your browser, and you create a custom form in which you incorporate a Date/Time component and then use the Modal Edit options, the date is shown to be invalid. The issue lies with Form.io, who is aware of the issue and is working toward a solution.

3.12 A Custom Form Configured for Multiple Phone Numbers Displays A Single Phone Number Field

If you create a form with a phone number component, and select Multiple Values, the Form Renderer displays only a single phone number entry field. The issue lies with Form.io, who is aware of the issue and is working toward a solution.

3.13 In Custom Forms, the Default Value is not Retained When “Multiple Values” and “Clear Value on Refresh” Options Are Selected

If you add a field to a form and configure Multiple Values and Clear Value on Refresh for the field component, the field is not set back to the default value when you refresh the component. The issue lies with Form.io, who is aware of the issue and is working toward a solution.

3.14 In Custom Forms, Setting a Check Box to be Selected as a Default does not Function as Expected

If you use the JS editor to set the custom default value for a check box component to be selected, the check box does not appear selected. The issue lies with Form.io, who is aware of the issue and is working toward a solution.

3.15 On the Custom Forms Logic Tab, Event Trigger Types with the “Hidden” Property Set, Do Not Hide the Configured Component

If you configure a component to be hidden by setting the following properties:

  • Trigger Type: Event

  • Event Name: <Event Name>

  • Action Type: Property

  • Hidden Property Type: True

  • Add a Text Field

  • Add a button that executes the <Event Name> event

Clicking the button does not hide the component as configured. This behavior is observed for the following components:

  • Data Grid

  • Tabs

  • Edit Grid

  • Tree

  • Data Map

The issue lies with Form.io, who is aware of the issue and is working toward a solution.

3.16 Moving a User from One Business Role to Another Using Curation Makes User Lose Authorized Permissions

Issue: If two business roles (BR1 and BR2) authorize the same permissions and specify auto-grant and auto-revoke on those permissions, and a manual or bulk data update (also know as curation) occurs which moves a user from BR1 to BR2, the user could lose the permission for a period of time between the fulfillment of the auto-revoke request and the fulfillment of the compensating auto-grant request.

This is possible because after curation, separate detections are triggered for BR1 and BR2, instead of a single detection that does both together. If detection is first done on BR1 (the role the user lost membership in) followed by BR2 (the role the user gained membership in), Identity Governance would issue an auto-revoke, followed by a compensating auto-grant. If detection is first done on BR2 followed by BR1, auto-revoke or auto-grant request will not be issued. Based on your fulfillment approach (manual, workflow, automatic, custom), in the case where detection first occurs on BR1 and then BR2, causing an auto-revoke request and compensating auto-grant request to be issued, the user could lose the permission between the fulfillment of the auto-revoke request and the fulfillment of the compensating auto-grant request.

Workaround: It is recommended that you do not utilize curation if you have business roles with overlapping permissions which are enabled for auto grants and auto revocation. If data update occurs, check business role detections (Policy > Business Roles > Business Role Detections) to verify that a compensating grant request was issued and if not, detect inconsistencies (Policy > Business Roles > Manage Auto Requests) and issue a grant request.

3.17 Navigating Away from Unchanged Page Might Result in Erroneous Prompt to Save Changes

Issue: When using Chrome with autofill enabled, some product pages could prompt you to save changes when you navigate to another page, even if you have not made changes. This happens when Chrome automatically populates configuration fields as soon as the page loads.

Workaround: Temporarily turn off autofill when accessing the product using Chrome browser, or ignore erroneous save prompts when you know you have not changed anything on the page.

3.18 Cannot Recognize Date Values that Are Not in Default Java Format

Issue: If a date attribute in your data source uses a non-Java format, Identity Governance does not recognize the data as a date. For example, if the StartDate attribute uses “YYYY/MM/DD” fixed-length format and you want to collect it in date format, the collection will show an error. Identity Governance uses only the default format for Oracle Java for date attributes.

Workaround: Use one of the following workarounds:

  • Before collecting from the data source, “clean” the data by converting the attribute values to Java’s default date format, which uses the number of milliseconds that have elapsed since midnight, January 1, 1970.

  • Collect the value in string format so that you will be able to see the native value. This method also guarantees that the data does not have to be clean to be collected. For more information, contact Technical Support.

3.19 Inconsistent Behavior When Using Wildcards

Issue: When using wildcards as literal characters, you must precede the special character with an escape (\) character. This behavior might not be consistent when using wildcards like * in search strings. Additionally, wildcard behavior will differ based on the type of database and the location of the search field or advanced filter.

This issue will be fixed in a future release of the product. For more information, see Supported Wildcards and Handling Wildcards as Literal Characters in the Identity Governance as a Service User and Administration Guide.

3.20 NullPointerException (NPE) Can Occur When Starting and Canceling a Review

In some cases, if you start a review and then cancel the review as it starts, a stack trace containing a NullPointerException could be output to the server console or logs by the Quartz third-party library.

3.21 Unresponsive Script Error in Firefox Can Occur When Clicking a User in the Certification Policy Violation Popup Window

Issue: In some cases, when you click a User in the Certification Policy Violation window when using Identity Governance with Mozilla Firefox, an unresponsive script error can occur.

Workaround: The issue lies with Firefox. For information about correcting the issue, see this Mozilla knowledge base article.

4.0 Resolved Issues

4.1 Accounts can be Incorrectly Considered Duplicates and Removed

In previous releases, if an account collector collected information from different sources, and if a user in one source and another user in another source had the same AccountID, Identity Governance considered the accounts to be duplicates, and removed all but one account. This release corrects the issue.

4.2 Simultaneous Bulk Updates Do Not Function Properly

In previous releases, if you performed simultaneous bulk updates, the feature did not function as expected and could produce errors. With this release, you can perform simultaneous bulk updates.

4.3 In Custom Forms, Text on the Data Tab of the Password Component is not Localized

In previous releases of the Form Builder, text on the Data tab of the Password Component appeared in English, regardless of the selected language. This issue no longer occurs.

4.4 The Form Builder User Interface is not Fully Localized

In previous releases, the Form Builder user interface was not fully localized for languages, other than English, that Identity Governance and Identity Reporting support. This issue no longer affects the following Form Builder components that, unless otherwise indicated, are accessible by clicking the Form Builder icon on the Form Builder left navigation pane:

  • The Display tab of the Data Grid Component window

  • The Allow Spellcheck check box label that appears on the Display tab of the Text Field Component window

  • The Search field label accessible by clicking the JS Editor icon on the Form Builder left navigation pane

  • The Storage Type drop-down list label that appears on the Data tab of the Select Component window

  • The Tree component button that appears under Form Builder > Data

  • The Display tab of the Edit Grid Component window

  • The Questions section label that appears on the Data tab of the Survey Component window

  • The Year tab on the Day Component window

  • The Unique Options check box label that appears on the Display tab of the Select Component window

  • The Auto Expand check box label that appears on the Display tab of the Text Area Component window

  • The Layout tab of the Text Field Component window

  • The tooltip text for the Form Builder Save icon

  • In Chinese locales, dragging and dropping any Form Builder component to the Editing pane does not produce the component dialog box.

  • If you click the Localization icon, the selection for “Polish” appears only as “pl,” and the selection for “Norwegian” is not localized.

  • The Month tab of the Day Component window

4.5 Reviews Started in Preview Mode does not Trigger Email Notification by Default for Review Owners

Identity Governance now sends email notification to review owners by default when you launch a review in the preview mode. You also have the option to change the recipients as per your requirement.

4.6 Coverage Maps are Using Cached Expressions

Previously for reviews with more than one permission and coverage maps, Identity Governance used to send the review items as per the coverage map condition for the first permission, thereafter Identity Governance was caching the reviewer details from the previous evaluation instead of following the coverage map. Now, review items are sent to the correct reviewer as per the coverage map.

4.7 A Technical Role Approval Incorrectly Approves the Permission when the Technical Role is Denied

Previously, permissions assigned to a technical role was approved even though the role was denied. The Status in the Requests page displayed In Progress for the permissions, whereas, Completed: Denied for the role. Now, when you deny a technical role, the role and the permissions are denied, and the Status displays Completed: Denied.

4.8 Performance of Browse > Application in Access Request is Slow When Installed with Lots of Permission and Request Policies

Enhanced the performance of the options available under Requests > Browse > Applications and Requests > Search in Access Request.

4.9 Approval Information on a Permission Granted From a Technical Role is Incorrect

Previously, when a technical role was approved, in the Requests page, the Approved by field displayed the name of the recipient or the requester instead of the approver. Now, Identity Governance displays the name of the approver in the Approved by field.

5.0 Contact Information

Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.

For support, visit the CyberRes Support Website or email cyberressupport@microfocus.com.

For general corporate and product information, see the Micro Focus Website.

For interactive conversations with your peers and Micro Focus experts, become an active member of our community. The Micro Focus online community provides product information, useful links to helpful resources, blogs, and social media channels.

6.0 Legal Notices

The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro Focus”) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.

For additional information, such as certification-related notices and trademarks, see https://www.microfocus.com/about/legal/.

© Copyright 2021 Micro Focus or one of its affiliates.