RSA Identity Governance and Lifecycle 7.1.0.x Release Notes

Document created by RSA Information Design and Development Employee on Aug 14, 2019Last modified by Gillian Candiloro on Nov 21, 2019
Version 6Show Document
  • View in full screen mode

These release notes describe improvements and functional changes to RSA Identity Governance and Lifecycle 7.1.0 and all released patches, as well as links to fixed issues for each patch. This page is updated with each patch.

 

To receive notifications about changes to this page, sign in to RSA Link, click Actions, and select Follow.

 

To view this page as a PDF, click Actions and select View as PDF.

 

 

7.1.0 Patch 9

 

Functional Changes

 

The following table describes changes that affect the user interface or behavior of RSA Identity Governance and Lifecycle 7.1 Patch 9 as the result of fixed issues.

 

Issue

Description

Change Requests and Workflow

ACM-100295

Password resets now group correctly when By Business Source is selected in the workflow.

Change Requests and Workflow

ACM-95340

The Attachment section for change requests is now controlled by the Request Settings options in the workflow editor.

Security

ACM-90370

Authorization validation added for file coverage uploads and to collector activate/deactivate buttons. A pop-up is presented if user does not have the proper privilege.

Security

ACM-99089

Error message was made more user-friendly.

User Interface

ACM-99458

The user interface now wraps the drop-down text to the next line if it is longer than the drop-down width and added a separation line. The minimum width is now 150 pixels for both the select button and drop-down section. Both sections widths increase based on the text length entered by the user. The maximum height of the drop-down section is now 60% of screen size. A scroll bar is shown if the height exceeds the maximum height limit.

 

Fixed Issues

 

Fixed Issues in 7.1 Patch 9

 

 

 

7.1.0 Patch 8

 

What's New

 

Feature

What’s New

Email

The text in Approval and Rejection email replies have been updated to clearly indicate where the user may add additional comments.

Email

The default value for the maximum number of recipients for an email provider has been changed to 100.

Server Core

Added the ability to create an authentication source from any host in a clustered environment.

 

Functional Changes

 

The following table describes changes that affect the user interface or behavior of RSA Identity Governance and Lifecycle 7.1 Patch 8 as the result of fixed issues.

 

Issue

Description

Access Requests

ACM-87884

Request buttons for Add/Remove Using Request Source now includes an option to include terminated users.

AFX Server

ACM-96646

The ISIM 6.0 connector template has been updated to include new dependency files (itim_ws_client.jar, itim_ws_model.itim_common.jar, jlog.jar) and a properties file (tmsProperties.properties) that must be uploaded when configuring the connector. In the Commands section, the new Justification parameter has been added to some commands.

Request Forms

ACM-96978

Error strings are no longer displayed as drop down values.

Role Management

ACM-96925

Applications and Directories had incorrectly displayed the Raw Name instead of Display Name on the Access tab for users. The Access tab now correctly displays the Display Name of the Application or Directory.

User Interface

ACM-96671

The "one of" operator now takes the Ignore Case option into account when filtering tables.

 

Fixed Issues

 

Fixed Issues in 7.1 Patch 8

 

 

 

7.1.0 Patch 7

 

What's New

 

Feature

What’s New

Database Management

Data pruning has been enhanced to remove unneeded workflow data from the system.

Email

The text in Approval and Rejection email replies have been updated to clearly indicate where the user may add additional comments.

 

Functional Changes

 

The following table describes changes that affect the user interface or behavior of RSA Identity Governance and Lifecycle 7.1 Patch 7 as the result of fixed issues.

 

Issue

Description

Access Certification

ACM-61543

In the review definition, the "include sub-groups" label has been changed to "include sub-groups from selected groups".

Access Requests

ACM-89679

A new tab has been added under Requests > Pending Submission, which displays a table of change requests that were not submitted successfully. When a change request has dependent items in a different change request, the dependent change request's detail displays a message about the dependency.

The dependency message information is displayed in the request form wizard, in case the request being created has account items that are dependent on an older request.

For a single user, if the parent's create account request item’s request is not successfully submitted, then further request creation for the user is prevented until the Pending Submission request is cleaned.

If the request has multiple users and one of the users has a pending submission request, a new request for all users can be created. The new request will display the dependency information for the user with a pending submission request.

Change Requests and Workflow

ACM-95849

The "Show job level variables" checkboxes are now selected by default and job variables explicitly shown in approval and fulfillment workflows. If these variables need to be hidden, the checkbox must be deselected.

Change Requests and Workflow

ACM-94899

When a change request contains a change request item to remove an already-deleted role from a user, that change request item is rejected while the system proceeds with the other items in the change request.

Custom Attributes

ACM-88462

The accounts table now lists all custom user attributes.

Data Collection Processing and Management

ACM-94792

When an RDC’s HAS data is not configured or has an old value set to No, RSA Identity Governance and Lifecycle now ensures that, after collection, the User Access tab Direct view for a user correctly displays all collected roles of which the user is a direct member, and that the user has the correct nested sub-roles in the All view.

Database Management

ACM-74139

Data purging has been updated to ensure that workflow data with null change dates is purged.

Reports

ACM-90513

The new public view PV_REQUEST_ITEM_COMP_DTLS has been added to the product. For more information, see the RSA Identity Governance and Lifecycle Public Database Schema Reference.

User Interface

ACM-53828

The table options now lists custom attributes of the specific object type in the pop-up account details where the Entitlement table is displayed.

User Interface

ACM-81142

Under Reviews > Activities, the Actions menu automatically scrolls so that all options are visible.

User Interface

ACM-94283

Added the columns Business Use, Functional Ownership, Locality, and Sensitivity in the Application, Directory, Data Resource Sets, Rule Sets, and Role Sets summary tables. Grouping is disabled on these columns.

 

Fixed Issues

 

Fixed Issues in 7.1 Patch 7

 

 

 

7.1.0 Patch 6

 

Functional Changes

 

The following table describes changes that affect the user interface or behavior of RSA Identity Governance and Lifecycle 7.1 Patch 6 as the result of fixed issues.

 

Issue

Description

Access Certification

ACM-93895

If a reviewer attempts to save or sign off changes while their earlier changes are processing, the user interface now displays a warning message that indicates that the review has another save or sign off in progress, and that the user can submit the changes after the previous changes have completed.

Access Requests

ACM-92751
ACM-93823

The default out-of-office functionality will now process Global Common Submission Questions to complete a request submission.

Change Requests and Workflows

ACM-95063

A workflow form not successfully deleted will prompt an error in the user interface.

Change Requests and Workflows

ACM-95214

The conditional transition selection now saves properly through the drop-down selection button.

Metadata Import/Export

ACM-92269

The application metadata now exports information about mapped connectors. When the metadata is imported, if the specified connector is available, the application is mapped to the connector.

Security

ACM-94695

Only users with edit privileges can view the debug properties and configuration for REST and SOAP Web Service nodes.

User Interface

ACM-92551

To improve performance, a user interface table no longer calculates the number of items in a change request for each listed task.

 

Fixed Issues

 

Fixed Issues in 7.1 Patch 6

 

 

 

7.1.0 Patch 5

 

What's New

 

Feature

What’s New

Request Forms

The Entitlement Table, Entitlement Table with Action, and Entitlement Table (non-visual) request form controls can now filter entitlements by entitlement types: entitlements, groups, roles, and application roles. This allows a finer scope and improved performance for the request form controls when only specific entitlement types are needed.

 

Functional Changes

 

The following table describes changes that affect the user interface or behavior of RSA Identity Governance and Lifecycle 7.1 Patch 5 as the result of fixed issues.

 

Issue

Description

Admin Errors

ACM-92855

The Admin Error type "Account Load Data" can now contextually appear in the properties of a Create Admin Error workflow node.

Change Requests and Workflows

ACM-88351

The Show Job Level Variables setting in request workflows will not overwrite the same setting in approval and fulfillment workflows.

Change Requests and Workflows

ACM-88384

A workflow must be removed from configuration (phase nodes, subprocesses, and escalations) before it can be deleted.

Change Requests and Workflows

ACM-89649

The Business justification character limit has increased to 4000 while editing exceptional access.

Change Requests and Workflows

ACM-93462

The "Assign to" list no longer appears as available options for Resource Selection.

Data Collection Processing and Management

ACM-90663

The date range of historical configuration information has been reduced in areas such as collector changes.

Data Collection Processing and Management

ACM-91761

The Last Reviewed Date OOTB attribute has been removed from the collector wizards.

Role Management

ACM-87106

The Out of Constraint Users list in the Analytics tab has changed to use the same format as the Users list in the Users tab.

Web Services

ACM-92041

Validation for webservice calls to add or remove accounts from a group can be requested using the collector or the business source, but not both.

 

Fixed Issues

 

Fixed Issues in 7.1 Patch 5

 

 

 

7.1.0 Patch 4

 

What's New

 

Feature

What’s New

Change Requests and Workflow

Upgrade of Workflow Engine to 4.40.16.

 

Functional Changes

 

The following table describes changes that affect the user interface or behavior of RSA Identity Governance and Lifecycle 7.1 Patch 4 as the result of fixed issues.

 

Issue

Description

Access Certification

ACM-88680

The "Save Tab in Table" option has been removed from table pop-ups.

Change Requests and Workflows

ACM-88211

Workflows cannot be selected across different types of modules and are only selectable for the appropriate module type.

Change Requests and Workflows

ACM-89833

The fulfillment workflow now uses the correct query to group fulfillments by business source.

Change Requests and Workflows

ACM-89860

WorkItemURL selection is now available for manual nodes.

Change Requests and Workflows

ACM-90476

A custom task must be removed from the schedule before it can be deleted.

Data Collection Processing and Management

ACM-81403

If an agent cannot resolve the Member Type from the Account Data Collector’s source system for a group’s member, it assigns "unknown" to the Member Type column in the raw data instead of guessing the correct member type.
When Member Type is “unknown", the collector’s database processing still attempts to resolve the member type. If successful, it assigns a member type in the new "Resolved Member Type" column in the raw data.
If Member Type is "unknown" and the member type cannot be resolved by the account collector, then Resolved Member Type is left blank and the collected membership is rejected.

Installer

ACM-87123

Applying a patch overwrites the configuration files for plugins except for the ITIM2FulfillmentHandler, NovellIMListener, and SunFulfillmentHandler plugins, which are copied from the customer's system instead. The patch application process backs up the original plug-in configuration files in the folder <location of the patch>/backup/<timestamp>/plug-ins/ so that you can restore them if needed.

Role Management

ACM-74637

The "Role Missing Entitlement Rule" email notification now adds group entitlements collected from the ADC.

Rules

ACM-90043

An "Associate Remediation Job" button has been added to the Rule Details page for remediation actions. When clicked, remediation workflow jobs are created for identified and unassociated violations. This button is not enabled by default, but can be enabled by the "ViolationRemediationReProcess" feature flag.

 

Fixed Issues

 

Fixed Issues in 7.1 Patch 4

 

 

 

7.1.0 Patch 3

 

What's New

 

Note:  Custom Workflow Tasks are a reserved capability that should only be enabled for production operations if approved by RSA product support and engineering teams. A warning message will be displayed when enabled.

 

Functional Changes

 

The following table describes changes that affect the user interface or behavior of RSA Identity Governance and Lifecycle 7.1 Patch 3 as the result of fixed issues.

 

Issue

Description

Access Certification

ACM-88680

The "Save Tab in Table" option has been removed from table pop-ups.

Access Certification

ACM-88254

The user interface displays an “in-progress” indicator when general category bulk maintain actions are in progress.

Access Certification

ACM-88929

Export operations are now limited to 5,000 records at a time.

Access Requests

ACM-79721

Revocation change requests generated by account change requests will maintain the account property type.

Change Requests and Workflows

ACM-71049

The default AFX Manual Fulfillment subprocess workflow now includes a job state node to cancel change items when cancelling fulfillment.

Provisioning

ACM-88777

The Workflow ValidReplyAnswers macro now populates and lists URLs in a consistent order.

Request Forms

ACM-70736

User filters containing avform.user variables are not replaced with substitute values in the Compare Users field of the Provisioning form.

Security

ACM-73739

Enhanced security for page access in RSA Identity Governance and Lifecycle.

User Interface

ACM-81449

The Other type for owners is now usable in simple and advanced views.

 

Fixed Issues

 

Fixed Issues in 7.1 Patch 3

 

 

 

7.1.0 Patch 2

 

What's New

 

The following section describes improvements in version 7.1 Patch 2.

 

Feature

What’s New

Request Forms

The way in which request forms for applications prompt for account information from end users has been improved. Users with only one account are not prompted to select an account. Users with multiple accounts are prompted to select an account as the first step, before the rest of the form is displayed. All aspects of the displayed application request form take the selected account into consideration, eliminating the need to select an account after selecting entitlements.

Connectors

Introduced IBM Security Identity Manager 6.0 connector template for provisioning requests on ISIM.

 

Functional Changes

 

The following table describes changes that affect the user interface or behavior of RSA Identity Governance and Lifecycle 7.1 Patch 2 as the result of fixed issues.

 

Issue

Description

Access Certification

ACM-87169

The new reviewer interface no longer includes access for terminated users as a low-risk category.

Account Management

ACM-83939

When a pending account cannot be renamed due to conflicts, the error is logged in the aveksaServer.log file and the Approval screen does not proceed. The Reject option on the Approval screen shows the tip "Parameter changes other than comments are ignored."

Data Collection Processing and Management

ACM-74626

The Application Metadata Collector will only update application business source objects.

Request Forms

ACM-64863

The Request Forms wizard disables the Next button until all form elements on a page are loaded.

Request Forms

ACM-77882

Drop-down, Multi-select, and Number fields can be populated by avform attribute selectors used as the default value.

Request Forms

ACM-83637

The JavaScript block form control no longer allows Display conditions. The Display tab for this form control displays a message for the restriction.

When Enable conditions are set, the JavaScript block entered is executed only when the conditions are satisfied.

If there are no conditions set, then the JavaScript block is executed whenever the form runs.

Request Forms

ACM-88604

Multiple account resolution can be configured on a request form to prompt for every change or per business source.

 

Fixed Issues

 

Fixed Issues in 7.1 Patch 2

 

 

 

7.1.0 Patch 1

 

What's New

 

Feature

What’s New

AFX

The AFX connector has improved performance when mapping unused variables in large environments.

Change Requests and Workflow

Fulfillment workflows now include a technical approval node. The technical approval node prompts the technical owner to approve a change request before fulfillment.

 

Functional Changes

 

The following table describes changes that affect the user interface or behavior of RSA Identity Governance and Lifecycle 7.1 Patch 1 as the result of fixed issues.

 

Issue

Description

Access Certification

ACM-68187

The Bulk Actions dialog box displays all supported actions as a drop down field and includes Add Comment as a separate bulk action. Maintain with Expiration is also listed as a separate bulk action when a selected expiration date field is displayed and mandatory.

Account Management

ACM-78326

Additional account parameters from an account template will now display in the Account info pop-up.

Change Requests and Workflow

ACM-84016

The provisioning command node properties do not display job variables tied to data that it cannot directly access.

Change Requests and Workflow

ACM-84218
ACM-84554

User access requests for entitlement changes apply the following rules:

  • User entitlement changes that require accounts are always account changes.
  • User entitlement changes with no assigned accounts remain user changes.
  • User entitlement changes with one assigned account are created as account changes.
  • User entitlement changes with multiple assigned accounts prompt for account selection and are created as account changes.

Change Requests and Workflow

ACM-80901

The number of work items retained in the workflow history is now limited to reduce the amount of data loaded.

Collector

ACM-75432

The attribute "lastlogontimestamp", always collected as a date-type value, can be stored in a custom attribute of either string-type integer value or a date-type value. A string-type integer value is automatically converted to the date-type value formatted as “yyyy-MM-dd HH:mm:ss”.

Data Collection Processing and Management

ACM-82998

The IDC User Interface now shows the "Requires Full Refresh" status like the other collectors.

Email

ACM-79253

Generated emails of exported reports attach the report file with a lowercase extension.

Email

ACM-83216

Email reply processing looks for the dynamically assigned individual in roles defined as a dynamic resource or group.

Password Management

ACM-81479

The Default External Reset Password Form is available. It can be customized to have external validation URI to apply consistent validation. External reset password pages display as a full page. Users cannot continue to the next page unless the external reset password page meets the conditions for validation.

Reports

ACM-67195

Reports exported to an Excel spreadsheet now use the .xlsx extension.

Reports

ACM-81849

If invalid characters are detected the report file name, the detected characters are replaced with an underscore. Strings of invalid characters are replaced with a single underscore. The user interface allows characters not valid for the file name.

Request Forms

ACM-65018

Non-visual tables for accounts and entitlements will not display on a submitted request form.

Role Management

ACM-65297

The entitlement type now displays in brackets next to the entitlement display name when setting an entitlement rule in a role set.

Role Management

ACM-75430

The Role Import process warns that collected roles, if imported, will be converted into local roles.

Role Management

ACM-81602

Coarse-grained role reviews no longer include a Remove button or allow edits for entitlements and members.

Rules

ACM-84810

The form for the Violation Remediation workflow node does not show out-of-the-box form controls that will not work for the node.

Security

ACM-84155

Users now require at least view permissions to see the properties of a workflow. Edit permissions are required for users to edit a workflow. These permissions also apply to parent or child jobs of a workflow.

The Workflow tab for an approval or fulfillment request will only display the workflow image.

User Interface

ACM-77791

The Max Users Per Change Request setting in Access Configuration displays as "--" on the Settings tab if not assigned a value.

Web Services

ACM-81967

Web service requests to add an account to a group now associate users that are mapped to the account. A web service change request involving access for multiple users for a shared account now displays "Multiple Users" instead of a single user in the AccountChanges table. A user's shared account displays changes raised by other mapped users in their Requests tab.

 

Fixed Issues

 

Fixed Issues in 7.1 Patch 1

 

 

 

7.1.0

 

What's New

 

The following sections describe the new features and improvements in version 7.1.

 

 

Feature Highlights

 

Feature

What’s New

User Access Reviews

User Access Reviews have a new reviewer experience. The new reviewer experience provides a streamlined look that includes the Review Analysis and Guidance panel and advanced filtering.

The Review Analysis and Guidance panel organizes review items into two sets of categories: Critical and General. Critical Categories identify review items that may pose a greater risk and that may require more attention during your review. General Categories group review items that may require less attention during a review.

When creating a review definition, you can select either the new reviewer experience or the legacy reviewer interface.

Rule Mitigating Controls

If your organization has processes in place to reduce the risk of providing exceptional access to users, you can enable mitigating controls for separation of duties (SoD) and user access rules. When enabled, when maintaining exceptional access during rule violation remediation, remediators are required to provide details about the mitigating control used.

Workflow Dashboard

The page at Admin > Workflow > Monitoring displays information about workflows, and helps to detect problems by displaying warning icons if the workflow engine is unable to communicate with the database, if there are a large number of changes pending verification, or if changes have been pending verification for an excessive amount of time, if a workflow queue is potentially backed up, and if a workflow appears to be stalled.

Data Archiving

You can now create data archives to remove older data from active use within the RSA Identity Governance and Lifecycle system, while retaining a backup of the data to adhere to internal data retention policies or for auditing purposes. Archiving data reduces the size of the database and the resources needed by the database. Data archives can be used only for auditing purposes. Data archives cannot be restored to the RSA Identity Governance and Lifecycle system for troubleshooting purposes.

Password Vault

Support for using a third-party password vault to manage credentials for collectors, in addition to connectors, has been added. Support for several additional collectors and connectors has been added. To determine which collectors and connectors are supported by the password vault management, see the application guide or datasheet for the specific collector or connector.

Virtual Application

RSA Identity Governance and Lifecycle can now be deployed as a virtual application. The virtual application installation includes the application server and RSA Identity Governance and Lifecycle. Virtual application installations require a remote database.

Platform

The following platform updates have been made:

  • Support for SUSE Linux Enterprise Server (SLES) 12 SP2 has been added. New hardware appliances are built with SLES 12 SP2. Existing appliances running SLES 11 SP3 can upgrade to SLES 12 SP2 after upgrading to RSA Identity Governance and Lifecycle version 7.1.

  • Upgraded to Java 8.

  • WildFly has been updated to version 10.

  • Support has been added for WebLogic 12.2.

  • Support has been added for WebSphere 9.

 

Additional Features and Improvements

 

Feature

What’s New

AveksaAdmin Password Security

After you upgrade or install RSA Identity Governance and Lifecycle, the AveksaAdmin password is hashed and encrypted in a new, more secure format upon the AveksaAdmin user's first login.

After a new installation or upgrade, you can migrate data containing the older password format only once. Attempting subsequent migrations may lock out the AveksaAdmin, and require assistance from Customer Support to recover access.

AFX-Install

File name validation has been added for connectors and connector templates. The following characters are not allowed in file names: \ / : * ? " < > |

Change Requests and Workflows

The following changes have been made to change requests and workflows:

  • The workflow editor has been updated to Workpoint 4.4.0 Patch 10.

  • A category attribute has been added for workflow definitions and jobs that support grouping. The category value can be set in the workflow editor.

  • RSA Identity Governance and Lifecycle now manages workflows within several queues, which are automatically assigned based on the type of workflow. Workflows within a queue are processed in order.

  • The workflow editor now indicates the number of times a loop has been traversed.

  • The workflow editor by default displays only the active path of a workflow job. To view the entire workflow, deselect the Show Active Path Only option from the workflow editor menu.

  • SQL and Java node details are now only visible to users who can edit the workflow.

  • Rule escalation workflows now include the following nodes: Update work item, Activity, and Complete Assigned Work.

Collectors

The following changes have been made to collectors:

  • The Google Apps collector now supports the nickname attribute. If multiple values exist for nickname, the first value is used.

  • Users can now customize the Workday collector to configure attributes required for collection and map them to user attributes in RSA Identity Governance and Lifecycle.

Connectors

The following improvements have been made for connectors:

  • The audit log now includes events for creating, modifying, and deleting a connector.

  • Enhancements were made to improve how the REST connector handles headers and logins.

Custom Attributes

The maximum number of custom string attributes for group objects and business source objects have increased from 10 to 35.

Dashboard

After upgrading to RSA Identity Governance and Lifecycle v7.1, the new dashboard is displayed to users by default. If the previous deployment used the old dashboard, the old dashboard is disabled, but not deleted.

Database Management

The following changes have been made to database management:

  • Database statistics now exclude externally defined tables.

  • The public view PV_ACCOUNT now includes the collector name.

Data Collection Processing and Management

The following improvements have been made in data collection processing and management:

  • The way in which the identity collection and unification processes handle deleted users has been updated. Some relationships for deleted users remain mapped in the system for governance and auditing purposes.

    RSA Identity Governance and Lifecycle handles deleted users as follows:

    • When deleted users are detected, the following relationships remain mapped in the system:

      • Account mappings that have been collected

      • Entitlements that have been collected

      • Local entitlements that are mapped to the user

      • Global role memberships that have been collected

      • Existing change requests that are in progress

    • Any new relationship that is subsequently collected and mapped to the deleted user in the source system is accepted and mapped to the deleted user in RSA Identity Governance and Lifecycle.

    • Deleted users are removed from all local role memberships.

    • Imports of local entitlements that are mapped to a deleted user are rejected.

    • Deleted users are not displayed in user selection dialogs.

  • When a data archiving job is suspended, an Admin Task alerts administrators that the data archive needs to be resumed.

  • The public view PV_ACCOUNT now includes the collector name.

Platform

Changes have been made to the aveksa_cluster script to improve the troubleshooting of clustering communication issues.

Reports

The Additional System Information section of the Aveksa Statistics Report (ASR) now includes a list of any custom files that have been uploaded.

Role Management

RSA Identity Governance and Lifecycle has made improvements to the export and import of roles.

  • Role imports and exports are now executed in the background, allowing the import and export of large numbers of roles without preventing users from performing other tasks while the import or export runs.

  • When you export roles, you download a .zip file that contains one or more XML files containing role definitions. When you import roles, you can import either an XML file or a .zip file that contains one or more XML files containing role definitions.

User Interface

The following changes have been made to the user interface style:

  • You can display a header that contains a customizable logo, details of the logged in user and last login, and the Options, Notifications, Help, and Logout links by enabling the Classic Style user interface setting.

  • You can customize the look and feel of the user interface by uploading a custom CSS file.

  • You can add a custom background image to the login page by uploading a custom login-background.jpg file.

  • Custom files that are renamed are deleted are recorded under Audit Events.

Web Services

Web Service commands now support the JSON output format.

 

 

Functional Changes

 

The following table describes changes that affect the user interface or behavior of RSA Identity Governance and Lifecycle 7.1 as the result of fixed issues.

 

Issue

Description

Access Certification

The Grouped by Application tab for a user review is now labeled "Grouped By Business Source." It now includes groups and roles organized by their directory or role set in addition to entitlements and application roles.

Access Certification

ACM-78225

Bulk Actions now apply to accounts with unreviewed entitlements whether or not they are signed off.

AFX

The SOAPAction header can be added through the UI or derived from the WSDL for each capability.

Authentication

Required challenge responses are validated and cannot be submitted if left empty.

Authentication

The external password reset tool will be case-insensitive when searching the following authentication sources:

  • RemoteADLogin

  • ActiveDirectoryAccountCollector

  • ActiveDirectoryIdentityCollector

If more than one account name possibly matches the given identification for the sources above, the external password reset tool will then check for an exact match with case-sensitivity. If there is no exact match, an error message asks the user to type in the account name with the correct case.

The password reset tool will be case-sensitive when searching other authentication sources.

Access Requests

The request cancellation date displays the Job start date.

Change Requests and Workflow

The Milestone Component now displays a change request approval step for canceled jobs.

Change Requests and Workflow

The workflow editor components change size when resizing the window.

Change Requests and Workflow

Group and role owner attributes can be added to subprocess node filtering.

Change Requests and Workflow

You cannot change or reset read-only jobs.

Change Requests and Workflow

Approvals and Activities, grouped by Business Source, and assigned to an application for "Directory for Account" use the application instead of the directory.

Change Requests and Workflow

The event type "Reject Changes handled by this workflow" is now available for Cancel Change Request nodes.

Change Requests and Workflow

An Edit button was added to the email body section of the email fulfillment handler configuration.

Collector

The Attribute category appears in the collector mapping page as intended.

Connector

AFX no longer enables a disabled user account after a successful password reset for LDAP connectors. However, AFX unlocks locked user accounts after a successful password reset.

Custom Attributes

The format of the metadata export file has changed to include additional custom attribute properties.

Data Collection Processing and Management

The Last Collected On field for individual accounts listed under an account collector now displays the last successful collection date, even if the data has not been updated since a prior collection. If an account has been deleted, the Last Collected On field displays the deletion date.

Data Collection Processing and Management

The HasData option is no longer supported for new role data collectors. Existing collectors that currently use this option are not affected.

Descriptions

RSA Identity Governance and Lifecycle now requires that business descriptions for groups contain an application scope. 

When you create a new business description for a group that does not apply to a set, you must select an application with which to associate the business description before you can select the group.

When you import business descriptions from an XML file, you must ensure that an application is specified for each business description that applies to a group.

When updating or migrating RSA Identity Governance and Lifecycle from a previous version, RSA Identity Governance and Lifecycle deletes group business descriptions that are not actively in use. Before you migrate, run the provided pre-migration queries to identify any group business descriptions that will be deleted by the migration process. If you still need these group business descriptions, you can re-import them with an application reference in the import file, or you can manually recreate them after migration. 

For more information, see the "Migration Queries for Group Business Descriptions" section in Install a Patch.

Metadata Import and Export

The User Attributes check box has been removed from the Import/Export dialog. All attributes, including user attributes, can be imported or exported by selecting the Attributes check box.

Reports

Report headers wrap column text to avoid hiding important information.

Request Forms

Support has been added for connecting to a web service using authentication when adding a field to an access request form.

When you add a field to an access request form and select the control type "Drop Down select with Web Service", under Options, you can now configure the Authentication Type, Authentication User, and Authentication Password for the connection to the web service.

Request Forms

The Password Reset form can now process all field components that would create a change item.

Role Management

Users editing a role without access to the assigned roleset will see the assigned roleset but will not be able to change it.

Rules

  • When remediating an SoD rule violation, you should not be able to alter your original action while the confirmation dialog is open.

  • Common entitlements are no longer detected in the entitlement coverage of a separation of duties (SoD) rule. As a result, SoD rules are not saved as an invalid rule. The rule detail page no longer displays a message containing the common entitlements between the two entitlement sets.

    SoD rules that are saved with the Invalid status are migrated to the Inactive status. When you import a rule that has an Invalid status, it is saved with an Inactive status.

    On the rule configuration page, the following setting has been removed: “Allow execution of segregation of duties rules with common entitlements.”

 

Deprecated

 

Feature

Description

Password Management

32-bit installation of the AD Password Capture tool has been deprecated.

Platform

  • Support for Red Hat Enterprise Linux version 5.x has been deprecated. Customers who have existing deployments on Red Hat Enterprise Linux 5.x must upgrade to a supported operating system.

  • Java 7 has been deprecated and will not be supported in future releases. RSA recommends that you upgrade to Java 8.

 

Fixed Issues

 

Fixed Issues in 7.1

 

Attachments

    Outcomes