Identity Governance 3.6.2 Release Notes

June 2021

This version of Identity Governance includes new features, improves usability, and resolves several previous issues.

Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the Identity Governance and Administration forum on Micro Focus Communities website, our online community that also includes product information, blogs, and links to helpful resources.

For more information about this release, see the Identity Governance Documentation website.

1.0 What’s New

The following outlines the key features and functions provided in this release:

1.1 Form Builder

This release includes Form Builder, a customized version of a third-party software application, that enables administrators and developers to design complex access request and approval forms and render them dynamically within Identity Governance. For more information about Form Builder, see the Administrator’s Guide to the Form Builder.

1.2 Reporting Enhancements

This release includes enhancements to various reports and the following three new reports:

  • Application Delta -CSV

  • Business Role Definition Reviews

  • Technical Role Assignment Coverage – CSV

1.3 Access Request and Approval Enhancements

The integration with Form Builder in this release provides the ability to create default and custom forms and to simulate workflow. For more information about customizing forms, see Creating and Editing Request and Approval Forms in the Identity Governance User and Administration Guide and Administrator’s Guide to the Form Builder.

In addition, this release includes the following enhancements:

  • Advanced search and sorting capabilities

  • Default table view for requests and ability to switch between table and tile views

  • Enhanced status monitoring capability

  • Ability to reassign approval tasks

  • Ability to approve all items in a request

  • Ability to import or export request and approval policies

1.4 Delegation Enhancements

This release includes self delegation, which allows all Identity Governance users to delegate their tasks. In addition, authorized administrators and their delegates can delegate request approval tasks. For more information about delegation related enhancements, see Creating and Managing Delegation in the Identity Governance User and Administration Guide.

1.5 Enhanced Archiving and Metrics Collection

This release includes the Metrics Data Store, which allows authorized administrators to associate multiple metrics collections with a single data store, and specify the correct data table for collection. This release also includes the ability to archive to Vertica or a separate database. For more information about archive destinations, see Creating an Archive Destination in the Identity Governance User and Administration Guide. For more information about the Metrics Data Store, see Configuring Metrics Data Stores for Custom Metrics in the Identity Governance User and Administration Guide.

1.6 Fulfillment Enhancements

This release includes updated fulfillment target templates to support the Cloud Bridge connection. It also includes a new Flow Data attribute that, when selected, enables Identity Governance to pass custom request form data to the fulfillment workflow. For more information about Flow Data attribute and Fulfillment configuration procedures, see Configuring Fulfillment in the Identity Governance User and Administration Guide.

1.7 Business Role Enhancements

This release includes role hierarchy, which lets you create a hierarchy of roles, based on the mining attributes, that allow you to assign resources either at the candidate level or by grouping the candidates at a higher level. In addition, it includes the ability to download and import business roles and approval policies. For more information, see Understanding Role Hierarchy with Role Mining and Downloading and Importing Business Roles and Approval Policies in the Identity Governance User and Administration Guide.

1.8 Technical Role Enhancements

This release includes the following enhancements:

  • Ability to assign technical owners who can perform technical role administration tasks

  • Enhanced technical role page display that includes new columns such as number of permissions and SoD policies

  • Ability to download and import role definitions and roles lists

For more information about technical roles, see Creating and Managing Technical Roles in the Identity Governance User and Administration Guide.

1.9 Separation of Duties (SoD) Policies Enhancements

This release adds Business Roles as an option when creating Separation of Duties (SoD) policies, which provides more granular control over access and SoD enforcement based upon those business roles. It also includes the ability to import and export SoD policies. For more information, see Creating and Managing Separation of Duties Policiesin the Identity Governance User and Administration Guide.

1.10 Cloud Bridge Supported Only in Identity Governance as a Service Deployments

Micro Focus now offers Identity Governance software as a hosted solution to customers interested in a cloud solution. The IGA hybrid solution includes Cloud Bridge that enables Identity Governance as a Service to collect identity and application data from on-premises data centers.

For more information about Cloud Bridge, see Understanding Cloud Bridge in the Identity Governance User and Administration Guide. For more information about the IGA hybrid solution, see Identity Governance as a Service Quick Start.

1.11 Miscellaneous Enhancements

In addition to the above new features and enhancements, this release also includes:

  • Enhanced capabilities such as configuration, auditing, and logging.

  • Optimized download and import process that enables download and import of zip files

  • Improved performance

  • Ability to create coverage maps for reviews and request approvals using the Identity Governance user interface in addition to the previous ability to upload CSV files

  • A new column available on the Business Role Detection tab that displays the action that triggered each Business Role detection

  • Deprecated GET /dcs/schema/{class}/download REST API. Added Data Administrator as a role that can use POST /dcs/schema/{class}/download API and DELETE /dcs/schema/download/{id} API.

2.0 System Requirements

This release requires the following components:

  • Operating System

    • Red Hat Enterprise Linux (RHEL) 8.0 (64-bit)

    • SUSE Linux Enterprise Server (SLES) 15.1

    • Microsoft Windows Server 2016

    • Microsoft Windows Server 2019

    IMPORTANT:Before installing Identity Governance, apply the latest operating system patches.

  • Database

    • Microsoft SQL Server

      • MS SQL 2017 or later patched versions of the SQL Server 2017

      • MS SQL 2019

      • MS SQL JDBC driver 7.2.2 or later patched versions of the Microsoft SQL JDBC driver

    • PostgreSQL

      • PostgreSQL 11.5, 11.7, or later patched versions of 11.x

      • PostgreSQL JDBC driver 42.2.6 or later patched versions of the PostgreSQL JDBC driver

    • Oracle

      • Oracle 18c or later patched versions of 18x

      • Oracle 19c or later patched versions of 19x

      • Oracle JDBC driver ojdbc8.jar

    • Vertica

      • Vertica 9.2.1 or later patched versions of 9.2.x

      • Vertica JDBC driver 9.2.x

  • Application Server

    • Apache Tomcat 9.0.22, 9.0.33, or later patched versions of 9.0.x

    • Download from the Apache Tomcat website

  • Authentication service

    • OSP 6.4.3

    • Access Manager 4.5 or later patched versions of 4.5.x

    • OSP 6.3.6 when deployed with Identity Manager

  • LDAP authentication server

    • Microsoft Active Directory that comes with Windows Server 2016 or Windows Server 2019

    • Microsoft Active Directory Federation Service (AD FS) that comes with Windows Server 2016 or Windows Server 2019

    • eDirectory 9.2 or later patched versions of 9.2.x

    • Identity Manager 4.7.3, 4.7.4, or later patched versions of 4.7.x

    • Identity Manager 4.8 or later patched versions of 4.8.x

  • Java Runtime Environment (JRE) Zulu JRE 8u222, 1.8.0_242 from Azul JRE or JDK, or later respective patched versions of 8uxxx and 1.8.0_xxx

  • ActiveMQ 5.15.9, 5.15.12, or later patched versions of 5.15.x

  • A supported Web browser (Microsoft Internet Explorer is not supported in Compatibility View)

NOTE:To fully integrate Identity Governance 3.6.2 features with NetIQ Identity Manager, you must have Identity Manager 4.7.3, at a minimum. For Single Sign On (SSO) between this version of Identity Governance and Identity Manager 4.8, you must have OSP 6.3.6 available in 4.7.x patch and later versions of Identity Manager, at a minimum.

The following components are optional:

  • NetIQ Identity Reporting

  • NetIQ Identity Manager

  • Audit Server

NOTE:Identity Governance requires the igops schema to have the additional privileges of create public synonym and drop public synonym.

For detailed information about hardware and software requirements for Identity Governance, see Hardware and Software Requirements in the Identity Governance 3.6 Installation and Configuration Guide.

3.0 Installing or Upgrading Identity Governance

For your convenience, NetIQ provides sample installation scripts to help you install components needed for Identity Governance, such as Tomcat, ActiveMQ, PostgreSQL, and OSP. To view the install scripts, download either of the following Zip files: Identity Governance Sample Installation Scripts - Linux or Identity Governance Sample Installation Scripts - Windows on the Identity Governance Documentation Web site.

NOTE:NetIQ no longer provides Tomcat, ActiveMQ or PostgreSQL software as part of the Identity Governance release.

You can upgrade to this version of Identity Governance from Identity Governance 3.5.1. As part of the upgrade process you must also migrate data since some of the collector templates and database tables and views have changed in this release. For more information, see Upgrading Identity Governance in the Identity Governance 3.6 Installation and Configuration Guide.

IMPORTANT:Ensure you have the DNS names to identify server hosts before beginning the upgrading procedure. Because of new standards-based authentication, using IP addresses might not work correctly in all circumstances. The side effect is that the OSP integration with Identity Governance and Identity Reporting will not work correctly in these circumstances.

If you installed the current or previous version of Identity Governance using IP addresses, you must replace the IP addresses with the fully qualified DNS names for these hosts in several configuration files. You can do this either before or after the upgrading procedure. For more information, see Changing Host File IP Addresses to DNS Names in the Identity Governance 3.6 Installation and Configuration Guide.

NetIQ provides scripts to help you upgrade the required components you installed for Identity Governance. One script scans your installations of Tomcat, ActiveMQ, Java, and PostgreSQL to determine which of those components require updates for the Identity Governance upgrade. The second script helps you upgrade those components, if needed, and leave your existing files intact and disabled. For more information, see Upgrading Identity Governance Framework Components in the Identity Governance 3.6 Installation and Configuration Guide

If you are upgrading and changing database platforms, you cannot migrate your existing data to the new platform. For example, if you are running Identity Governance with PostgreSQL as your database and you plan to upgrade and use Microsoft SQL Server as your database, your existing data is not migrated to the new database.

For more information about the supported versions of Identity Governance components, see System Requirements.

3.1 Installing Identity Governance

If you have not previously installed Identity Governance or want to create a new environment, see Planning to Install Identity Governance in the Identity Governance 3.6 Installation and Configuration Guide.

3.2 Upgrading from a Previous Version

Existing customers can upgrade to this version after preparing their current environment for a successful migration of data to the new version. For information about the upgrade process, see “Upgrading Identity Governance” in the Identity Governance 3.6 Installation and Configuration Guide.

3.3 Installing the Custom Collector SDK

The NetIQ Custom Collector SDK helps with custom collector and fulfillment template creation and maintenance. The Custom Collector SDK is available as a separate download package on the Identity Governance download page.

  1. Go to the Identity Governance page on the NetIQ download link from your sales representative.

  2. Download identity-governance-3.6-custom-connector-toolkit.zip.

  3. Extract the files for the operating system you have.

  4. Locate and run the idgov-sdk application for your environment.

4.0 Known Issues

NetIQ Corporation strives to ensure that our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.

4.1 Upgrading Will Enable Collector and Fulfillment Target Templates Disabled in a Prior Version

Issue: When upgrading to Identity Governance 3.6.2 from a prior version, Collector and Fulfillment Target templates that were disabled in the prior version will be enabled after the upgrade process. 

Workaround: After upgrading, log in as the Global Administrator and disable the templates that were disabled in the prior version. For more information about disabling templates, see Customizing the Collector Templates for Data Sources and Customizing Fulfillment Target Templates in the Identity Governance User and Administration Guide.

4.2 Upgrading Will Remove Currency setting

Issue: If you changed the default Currency setting in Identity Governance in a prior version, the setting will revert to the default value when you upgrade the software.

Workaround: After upgrading, log in as the Global Administrator, select Configuration > General Settings, then update the Currency setting.

4.3 Review Items Criteria is Not Displaying Properly When the Review is Imported

Issue: When using an attribute as selection criteria for review items in a review definition, the criteria might not display when either of the following events occur:

  • An administrator imports the review definition into a new target server that does not have the attribute enabled to display as selection criteria

  • The attribute was initially enabled as an attribute for selection but was later disabled by an administrator

Workaround: If you want to use the attribute as a selection criterion, enable the attribute on the new target server by enabling Display in Review Item Selection Criteria on the Data Administration > Entity Attributes > Attribute page.

4.4 “Remove Technical Role Assignment” Appears as an Unsupported Fulfillment Type

Issue: If you upgraded Identity Governance from a version earlier than 3.5.1, the fulfillment type “Remove Technical Role Assignment” appears as an unsupported fulfillment type.

Workaround: Use the following steps to manually add the mapping for this fulfillment type:

  1. Click Fulfillment > Configuration.

  2. Click Application Setup.

  3. Find the application that displays “Remove Technical Role Assignment” as unsupported, and then click Edit.

  4. Under Supported Change Request Types, select Remove Technical Role Assignment.

  5. Click Save.

4.5 Permissions, Technical Roles, and Applications Will Not Show Authorized by Business Role

The Identity Governance catalog will not display authorized by details for permissions, technical roles, or applications assigned to a business role when the business role does not have members.

4.6 Installation Program Displays Unreadable Text

Issue: When installing Identity Governance using the GUI mode in Linux, any message dialog box might contain unreadable text. The issue occurs because the installation program (InstallAnywhere) is preferring another font for the san-serif font family.

Workaround: If your server runs SUSE Linux Enterprise Server 15.1, we recommend that you edit a configuration file for the fonts named 60-family-prefer.conf on the server running SUSE Linux Enterprise Server 15.1 before you start the Identity Governance GUI installer. The 60-family-prefer.conf file configures or defines the preferred fonts when the programs use the standard aliases serif, san-serif, and monospace.

NOTE:This workaround applies only to servers running SUSE Linux Enterprise Server 15.1. Red Hat Enterprise Linux 8 does not include the 60-family-prefer.conf configuration file.

Use the following steps to configure the proper fonts file:

  1. SSH to the Linux server as a user with read and write rights to the /etc/fonts/conf.d/60-family-prefer.conf file.

  2. Open /etc/fonts/conf.d/60-family-prefer.conf file in a text editor.

  3. Search the /etc/fonts/conf.d/60-family-prefer.conf file for the following block:

      <match target="pattern">
        <test name="family">
           <string>sans-serif</string>
        </test>
        <test name="force_bw">
           <bool>true</bool>
        </test>
        <edit name="family" mode="prepend">
           <string>Liberation Sans</string>
        </edit>
      </match>

    NOTE:This block prefers the Liberation Sans font when the font family alias is set to san-serif and force_bw is true.

  4. Add the following block below the block you found:

      <match target="pattern">
        <test name="family">
          <string>sans-serif</string>
        </test>
        <test name="force_bw">
          <bool>false</bool>
        </test>
        <edit name="family" mode="prepend">
          <string>DejaVu Sans</string>
        </edit>
      </match>

    NOTE:The new block prefers the DejaVu Sans font when the font family alias is set to san-serif and force_bw is false. Together both blocks provide a preferred font to use for the san-serif font family alias, whether or not force-bw is enabled.

  5. Save and close the file.

  6. Execute the script /usr/sbin/fonts-config to reload the /etc/fonts/conf.d/60-family-prefer.conf file and the fonts so that the system sees the changes.

    To execute the script access the sbin directory and from the command line, enter:

    ./fonts-config
  7. Restart the installation.

4.7 Compensating Request Cannot be Sent through an Automated Fulfillment Process

When compensating revoke requests are issued, they cannot be sent through any automated fulfillment process. The system will not have enough information about the permission assignment to determine the path upon which to fulfill the request. Revoke requests will be sent to the configured manual fall back for that type of request.

4.8 Moving a User from One Business Role to Another Using Curation Makes User Lose Authorized Permissions

Issue: If two business roles (BR1 and BR2) authorize the same permissions and specify auto-grant and auto-revoke on those permissions, and a manual or bulk data update (also know as curation) occurs which moves a user from BR1 to BR2, the user could lose the permission for a period of time between the fulfillment of the auto-revoke request and the fulfillment of the compensating auto-grant request.

This is possible because after curation, separate detections are triggered for BR1 and BR2, instead of a single detection that does both together. If detection is first done on BR1 (the role the user lost membership in) followed by BR2 (the role the user gained membership in), Identity Governance would issue an auto-revoke, followed by a compensating auto-grant. If detection is first done on BR2 followed by BR1, auto-revoke or auto-grant request will not be issued. Based on your fulfillment approach (manual, workflow, automatic, custom), in the case where detection first occurs on BR1 and then BR2, causing an auto-revoke request and compensating auto-grant request to be issued, the user could lose the permission between the fulfillment of the auto-revoke request and the fulfillment of the compensating auto-grant request.

Workaround: It is recommended that you do not utilize curation if you have business roles with overlapping permissions which are enabled for auto grants and auto revocation. If data update occurs, check business role detections (Policy > Business Roles > Business Role Detections) to verify that a compensating grant request was issued and if not, detect inconsistencies (Policy > Business Roles > Manage Auto Requests) and issue a grant request.

4.9 Installing on RHEL Might Require Additional Files

Issue: Installing Identity Governance on a minimal install RHEL server could fail due to known issues in openJDK: (Bug 1115625)

Workaround: Install the following files before installing the product on a minimal install RHEL server:

  • fontconfig-2.10.95-11.el7.x86_64.rpm

  • fontpackages-filesystem-1.44-8.el7.noarch.rpm

  • stix-fonts-1.1.0-5.el7.noarch.rpm

4.10 OSP Installer Hangs in GUI Mode When Using ssh X11 Forwarding

If you run a GUI-mode installer using ssh -Y, and the installer appears to hang, then either run the installer in console mode, or try a different client machine.

4.11 Browser Can Inadvertently Change the Credentials for the Identity Manager Connection

Issue: If you log in to Identity Governance as an administrator and allow the browser to remember your login credentials, the browser might apply those credentials to the values for connecting to the Identity Manager server. As a result, you might inadvertently change the credentials for Identity Manager.

You can observe this issue in Administration > Identity Manager System Connection Information. When the browser replaces the values for Identity Manager username and password, Identity Governance erroneously enables the save icon.

Workaround: Either do not allow the browser to remember your login credentials for Identity Governance, or ignore the option to change and save the settings in Administration > Identity Manager System Connection Information.

4.12 Cannot Recognize Date Values that Are Not in Default Java Format

Issue: If a date attribute in your data source uses a non-Java format, Identity Governance does not recognize the data as a date. For example, if the StartDate attribute uses “YYYY/MM/DD” fixed-length format and you want to collect it in date format, the collection will show an error. Identity Governance uses only the default format for Oracle Java for date attributes. (Bug 824779)

Workaround: Use one of the following workarounds:

  • Before collecting from the data source, “clean” the data by converting the attribute values to Java’s default date format, which uses the number of milliseconds that have elapsed since midnight, January 1, 1970.

  • Collect the value in string format so that you will be able to see the native value. This method also guarantees that the data does not have to be clean to be collected. For more information, contact NetIQ Technical Support.

4.13 Restart Identity Governance after Restarting the Database Server

After you restart the server for the Identity Governance database, you must restart Identity Governance. Otherwise, Identity Governance might fail to complete processes such as data source publication. For more information, see Starting and Stopping Apache Tomcat in the Identity Governance 3.6 Installation and Configuration Guide.

4.14 Oracle Error Unable to Extend Table

Issue: You are using Identity Governance with an Oracle database and you see the following error in the administrative console or in the catalina.out file:

ORA-01653: unable to extend table ARDCS.BASIC_COLLECTED_ENTITY by 1024 in tablespace USERS

The problem is the tablespace that Identity Governance uses for schemas has run out of space. (Bug 989425)

Workaround: Ensure that you connect to the correct instance if you are using the User tablespace. For example:

SQL> connect sys/oracle as SYSDBA
Connected.

SQL> alter session set container=pdborcl;

After issuing the commands, then you can alter the tablespace by adding data files.

4.15 Inconsistent Behavior When Using Wildcards

Issue: When using wildcards as literal characters, you must precede the special character with an escape (\) character. This behavior might not be consistent when using wildcards like * in search strings. Additionally, wildcard behavior will differ based on the type of database and the location of the search field or advanced filter.

This issue will be fixed in a future release of the product. For more information, see Supported Wildcards and Handling Wildcards as Literal Characters in Identity Governance User and Administration Guide.

4.16 NullPointerException (NPE) Can Occur When Starting and Canceling a Review

In some cases, if you start a review and then cancel the review as it starts, a stack trace containing a NullPointerException could be output to the server console or logs by the Quartz third-party library.

4.17 Unresponsive Script Error in Firefox Can Occur When Clicking a User in the Certification Policy Violation Popup Window

Issue: In some cases, when you click a User in the Certification Policy Violation window when using Identity Governance with Mozilla Firefox, an unresponsive script error can occur.

Workaround: The issue lies with Firefox. For information about correcting the issue, see this Mozilla knowledge base article.

4.18 Identity Manager Permissions that Have Dynamic Bound Entitlement Values are Not Available for Selection in SoDs, Technical Roles, and Business Roles

Issue: Helpdesk System Resources such as Group Access, History Access, Organization Chart Access, Reassign Access, Teams Access, and User Catalog Access are not available for selection in SoDs, Technical Roles, and Business Roles when an Identity Manager application is collected in Identity Governance. (Bug 1156894)

Identity Governance does not currently support selection of Resources/dynamic bound entitlements in SoDs, Technical Roles, and Business Roles within Identity Governance. This issue will be fixed in a future release of the product.

4.19 Incorrect Change Request Types Appear When Configuring Application Setup for Fulfillment

If you configure Application Setup for Fulfillment, and select Supported Change Request Types, the following two request types appear:

  • Remove User from business role

  • Modify Technical Role Permissions

These change request types are not application specific and should not appear.

4.20 The Shortcut Drop-Down List of a Select Box Component Does Not Render Correctly

Issue: In the Form Builder, when adding a Select Box component to a form, the Shortcut drop-down list box on the Data tab is too narrow to view the options.

Workaround: Add the following code to the custom.css file, then restart Form Builder.

.form-group.formio-component-select.formio-component-shortcut {
 margin-right: 0;
}

.form-group.formio-component-select.formio-component-shortcut .choices.form-group[data-type*='select-one'] {
  margin-right: 0;
}

.form-group.formio-component-select.formio-component-shortcut .choices.form-group[data-type*='select-one'] .choices__button {
  margin-right: 18px;
}

For more information about custom.css file see, Customizing the Identity Governance Style Sheet in the Identity Governance 3.6 Installation and Configuration Guide

4.21 Forms Comparison Displays Incorrectly When Using Inline Scripts

In the Form Builder, one can create inline scripts that can be used as helper functions. Be aware, however, that since these inline scripts are published to the global javascript context, unexpected results may occur. One example of this is in the compare to draft to published area, where one has two forms up at the same time. In this case, both forms will end up sharing the same inline function, even if the definition of the function was different between the draft and published form.

4.22 In Custom Forms, Text on Some Tabs Cannot be Localized

In the Form Builder, text that appears on the following component tabs cannot be localized, because Form.io does not currently support localization for this text:

  • The Templates tab of the Edit Grid Component window

  • The Data tab of the Text Field Component window

  • The Logic tab of the Text Field Component window

Click here for more information.

4.23 In Custom Forms, Text on the Data Tab of the Password Component is not Localized

In the Form Builder, text on the Data tab of the Password Component appears in English, regardless of the selected language. The issue lies with Form.io, who is aware of the issue. You can check the Form.io status of the issue here.

4.24 The Form Builder User Interface is not Fully Localized

The Form Builder user interface is not fully localized for languages, other than English, that Identity Governance and Identity Reporting support. Full localization support is planned for an upcoming Form Builder release. This issue affects the following Form Builder components that, unless otherwise indicated, are accessible by clicking the Form Builder icon on the Form Builder left navigation pane:

  • The Display tab of the Data Grid Component window

  • The Allow Spellcheck check box label that appears on the Display tab of the Text Field Component window

  • The Search field label accessible by clicking the JS Editor icon on the Form Builder left navigation pane

  • The Data tab of the Address Component window

  • The Storage Type drop-down list label that appears on the Data tab of the Select Component window

  • The Tree component button that appears under Form Builder > Data

  • The Display tab of the Edit Grid Component window

  • The Questions section label that appears on the Data tab of the Survey Component window

  • The Year tab on the Day Component window

  • The Unique Options check box label that appears on the Display tab of the Select Component window

  • The Auto Expand check box label that appears on the Display tab of the Text Area Component window

  • The Layout tab of the Text Field Component window

  • The tooltip text for the Form Builder Save icon

  • In Chinese locales, dragging and dropping any Form Builder component to the Editing pane does not produce the component dialog box.

  • If you click the Localization icon, the selection for “Polish” appears only as “pl,” and the selection for “Norwegian” is not localized.

  • The Month tab of the Day Component window

4.25 Items in the Form Builder Editing Pane are Partially Localized

When creating or editing a form in Form Builder, some field and button labels in the Editing pane appear in English, rather than language selected for localization. The completed form will be correctly localized, however. You can click the Preview icon on the left navigation to verify that the form is correctly localized.

4.26 The Form Builder Address Form Component Does Not Function in Identity Governance

The Address Form component in the Form Builder does not function, because it requires the Form.io Server, which Form Builder does not utilize within Identity Governance. The Address Form component is scheduled for removal in a future release.

4.27 Custom Forms Do Not Display Request Item Description in Bold Italics By Default

Though we support markdown for permission and application description, currently we do not have a markdown viewer for request forms. Because of this, any markdown syntax in an application or permission form will display as it is instead of being rendered as expected.

4.28 In Custom Forms, Approval Address Component Does Not Receive Information from Request When Using a Custom Default Value Field

When creating a custom form, the Approval Address field accepts values from the request address field only if using the Calculate Value. The Approval Address field does not receive information if using the Custom Default Value. The issue lies with Form.io, who is aware of the issue and is working toward a solution.

4.29 In Custom Forms, Validate On: Blur Does Not Function as Expected

Validations are not triggered if the ValidateOn property of a component is set to Validate on Blur, but will, instead, validate on change. The issue lies with Form.io, who is aware of the issue and is working toward a solution. You can check the Form.io status of the issues here and here.

4.30 In Custom Forms, Action Type Properties Can Appear When They Are Not Applicable

When adding a layout component to a form and configuring Action Types, Value appears as an option, but this option is not applicable for a layout component. The issue lies with Form.io, who is aware of the issue and is working toward a solution.

4.31 In Custom Forms, Online Help Does Not Exist for Tree Component

When you click Help while adding a tree component to the layout of a custom form, an error appears. The issue lies with Form.io, who is a aware of the issue and is working toward a solution.

4.32 In Custom Forms, Date/Time Values Appear as Invalid in Firefox

If you use Mozilla Firefox as your browser, and you create a custom form in which you incorporate a Date/Time component and then use the Modal Edit options, the date is shown to be invalid. The issue lies with Form.io, who is aware of the issue and is working toward a solution.

4.33 In Custom Forms, Applied Tag Attributes Are Not Set

Tag attributes configured for a custom form are applied, but not set. The issue lies with Form.io, who is a aware of the issue and is working toward a solution.

4.34 A Custom Form Configured for Multiple Phone Numbers Displays A Single Phone Number Field

If you create a form with a phone number component, and select Multiple Values, the Form Renderer displays only a single phone number entry field. The issue lies with Form.io, who is aware of the issue and is working toward a solution.

4.35 In Custom Forms, Shortcuts Do Not Function as Expected

If you create a form and add a component that allows you to configure a keyboard shortcut, the shortcut does not function unless you first manually interact with the component. The issue lies with Form.io, who is aware of the issue and is working toward a solution.

4.36 In Custom Forms, the Default Value is not Retained When “Multiple Values” and “Clear Value on Refresh” Options Are Selected

If you add a field to a form and configure Multiple Values and Clear Value on Refresh for the field component, the field is not set back to the default value when you refresh the component. The issue lies with Form.io, who is aware of the issue and is working toward a solution.

4.37 In Custom Forms, Setting a Check Box to be Selected as a Default does not Function as Expected

If you use the JS editor to set the custom default value for a check box component to be selected, the check box does not appear selected. The issue lies with Form.io, who is aware of the issue and is working toward a solution.

4.38 On the Custom Forms Logic Tab, Event Trigger Types with the “Hidden” Property Set, Do Not Hide the Configured Component

If you configure a component to be hidden by setting the following properties:

  • Trigger Type: Event

  • Event Name: <Event Name>

  • Action Type: Property

  • Hidden Property Type: True

  • Add a Text Field

  • Add a button that executes the <Event Name> event

Clicking the button does not hide the component as configured. This behavior is observed for the following components:

  • Data Grid

  • Tabs

  • Edit Grid

  • Tree

  • Data Map

The issue lies with Form.io, who is aware of the issue and is working toward a solution.

Workaround: It is recommended that you do not utilize curation if you have business roles with overlapping permissions which are enabled for auto grants and auto revocation. If data update occurs, check business role detections (Policy > Business Roles > Business Role Detections) to verify that a compensating grant request was issued and if not, detect inconsistencies (Policy > Business Roles > Manage Auto Requests) and issue a grant request.

4.39 Navigating Away from Unchanged Page Might Result in Erroneous Prompt to Save Changes

Issue: When using Chrome with autofill enabled, some product pages could prompt you to save changes when you navigate to another page, even if you have not made changes. This happens when Chrome automatically populates configuration fields as soon as the page loads. (Bug 1106253)

Workaround: Temporarily turn off autofill when accessing the product using Chrome browser, or ignore erroneous save prompts when you know you have not changed anything on the page.

5.0 Resolved Issues

The following issues were resolved in the current release:

5.1 Fact Publication to Vertica Configuration Does Not Have a Schema Name Field

Issue: The configuration settings for fact publication to Vertica do not include a schema name field.

This release resolves the issue by allowing you to explicitly specify the schema name when you create or edit an Archive Destination.

5.2 Comparing Two Application Data Sources Collection Activities Can Erroneously Report Differences

Issue: If you compare two collections on applications with child applications, the comparison could erroneously report differences if one of the collections was published but the other collection has not yet been published. This issue occurs, because permissions and accounts that belong to child applications are associated with their child application when the collection is published. Until publication, the permission and account records remain associated with the parent application.

5.3 My Approval Page Does Not Render Fully

Issue: The My Approval page displays a spinner instead of displaying the approval tasks.

6.0 Contact Information

Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.

For general corporate and product information, see the Micro Focus Website.

For interactive conversations with your peers and Micro Focus experts, become an active member of our community. The Micro Focus online community provides product information, useful links to helpful resources, blogs, and social media channels.

7.0 Legal Notices

The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro Focus”) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.

For additional information, such as certification-related notices and trademarks, see https://www.microfocus.com/about/legal/.

© Copyright 2021 Micro Focus or one of its affiliates.