Added 3 new properties into Alias Management Configuration.
1. Visible to End User - This is to control whether to list the configuration to an end user, so that some configurations (may be the manual type) can be made available to Help Desk Users only.
2. Increment Separator - This allows you to provide a text to separate the generated alias and the increment number added in case the generated one is already taken by another user. For example, if you provide "_" as the separator, and the generated one per rule is john.smith then the final alias listed for will be john.smith_1
3. Zero Padding to Increment Number - This allows you to provide zero padding to the increment number added in case the generated one is already taken by another user. For example, if you provide 1 as the required zero padding, and the generated one per rule is john.smith then the final alias listed for will be john.smith01
Duo Universal Prompt
As per Duo's recent update, the traditional Duo prompt will no longer be available for two-factor authentication by March 30, 2024. Consequently, the current method of displaying the Duo prompt inside 'iFrames' has been removed. Instead, the page will be directed to an authentication page hosted by Duo, and upon successful authentication, it will redirect back to the original Fischer pages. This change is implemented across the Administration, Self Service, Kiosk, Identity Claim, and Studio login pages.
The Duo page will continue to render the same traditional prompt unless upgraded to display the Universal Prompt from the Duo Admin Portal.
Note: The IdP page login that is utilizing Duo, will be updated in a future release.
Connected Systems - Connectivity Monitoring
Introduced the capability to monitor the connectivity of connected systems, which can now be activated at the individual system level. A background process will automatically verify the connectivity status of systems with monitoring enabled and promptly alert the organization's global administrators if any connectivity issues arise.
The default frequency of the connectivity monitoring process is set to 4 hours, with the option to adjust this interval by modifying the 'Connected Systems - Connectivity Monitor Process Interval' property below. Similarly, the notification sent to each organization's global administrators in the event of connectivity failures can be specified using the 'Connected Systems - Connectivity Failure Notification' property below.
Connectivity is verified from both the Identity and Provisioning servers. In the event of connectivity issues, notifications will be dispatched from each server, and these notifications will include information about which server encountered the connectivity problem.
Scheduled Workflow Monitoring Process
Introduced a feature that allows for the monitoring of scheduled workflow executions. Administrators will receive timely notifications if any scheduled workflow instances do not commence as expected, exceeding the defined threshold time.
The default frequency of the scheduled workflow monitoring process is set to 10 minutes, with the option to adjust the interval by modifying the 'Scheduled Workflow Monitor Process Interval' property below. Similarly, the default threshold time to consider a schedule as overdue and notify the administrators is 15 minutes. This can be adjusted for each organization by updating the 'Scheduled Workflow Overdue Time' property below.
The notification sent to administrators can be customized for each organization by updating the 'Scheduled Workflows - Notification when not kicked off' property below. Similarly, recipients of the notification can be updated for each organization through the 'Scheduled Workflow - Notification Recipients' property below. If this property is not specified, the notification will be sent to the organization's global administrators.
GIG Connection Failure Notification
GIG status check has been enhanced to support GIG connection failure notification. GIG connection failure notification is off by default. The configuration parameter should be adjusted to turn on the notification.
GIG status check was using the dashboard based calls before this enhancement. The dashboard GIG status check calls are removed and a lightweight call to check GIG status has been introduced. Status checker will call the dashboard-based service for GIGs which are not upgraded to 7.7.20 to support GIG backward compatibility.
Introduced a new configuration section GIG Management to put the new configurations outlined above. Following are the new configuration parameters added for GIG management. The configurations GIG Status Check Interval and GIG Status Check Entry Retention Period are global configurations. All other parameters can be configured at org level.
|Name||Default Value||Possible Values||Description|
|Enable GIG Failure Notification For||None||
Identity and Provisioning Servers
|Server components for which the GIG connection failure notification is to be send.|
|GIG Connection Failure Notification||GIG Connection Failure Notification||Notification of type GIG||The notification to be send for GIG connection failures.|
|Number of Consecutive Failures for Notification||5||2 to 60||Number of consecutive status check failures required to send GIG connection failure notification. Value range: 2 to 60 (default: 5).|
|Number of Failures to Repeat Notification||10||2 to 60||Number of consecutive status check failures required after a notification to repeat GIG connection failure notification. Value range: 2 to 60 (default: 10).|
|GIG Status Check Interval||2||1 to 1440 minutes||Interval in minutes between two consecutive GIG status checks. Value range: 1 to 1440 (default: 2).|
|GIG Status Check Entry Retention Period||120||1 to 10000 hours.||Amount of time in hours to retain gig status check entries. Value range: 1 to 10000 (default: 120).|
A new notification type named GIG has been introduced. The following variables are supported for GIG failure notification.
|Server type in which the notification is generated.|
|%SERVER_INSTANCE_NAME%||Identity/Provisioning instance name||Name of Identity/Provisioning instance where the notification is generated.|
|%GIG_NAME%||Name of the GIG||Name of the GIG for which the notification is generated.|
|%GIG_CLUSTER_NAME%||Name of the GIG cluster.||Name of the GIG cluster under which this GIG is a member of.|
|%GIG_HOST%||Host of the GIG|
|%GIG_PORT%||Port of the GIG|
|%GIG_VERSION%||Version of the GIG|
|%LAST_SUCCESSFUL_CONNECTION %||Time of the last successful connection.|
|%DOWN_SINCE%||Time from which the GIG is not reachable.|
|%DOWN_PERIOD%||Time elapsed since GIG is found to be down.|
The following GIG is found to be unreachable. Please check the status and make required corrective actions.
GIG Name: %GIG_NAME%
GIG Cluster: % GIG_CLUSTER_NAME%
GIG Host: %GIG_HOST%
Time of Last Successful Connection: %LAST_SUCCESSFUL_CONNECTION%
Two new tables have been introduced to track GIG status check and notification. The second table is used to store information such as the last successful connection and last notification. The details in the second table are used to identify it is a new failure notification or repeat notification to be processed. Also, the last successful connection and down time and down period are calculated using the entries in that table. No FK relation has been given for the second table so that first table entries can be cleaned up when retention period is over.
GIG server id.
FK: product_server (server_id)
|status_id||Numeric||FK: product_status (status_id)|
|status_information||String||Information about status check|
|create_date||Date||Date time on which gig status is checked|
GIG server id.
FK: product_server (server_id)
Source server instance
FK: product_server (server_id)
GIG status event type.
1: Successful connection
2: Process notification
|create_date||Date||Date time on which event entry is created.|
|last_update_date||Date||Date time on which event entry is updated. This will be used as the time for event time.|
User Match User Details UI
User match user details page is adjusted to show the user fields in the ascending order of the display name.
Prime 8.1 Notifications To 7.x Stack
The following seven (7) notifications are newly primed in the patch.
- Identity Claim Verification Message: This is the default verification notification to the user to continue the claim process.
- Forgot User ID E-Mail Message - Portal: This is the default email notification to users when their User ID is requested.
- Identity Claim Beneficiary Message - Portal: This is the default notification to the Identity Claim Beneficiary when the request is completed.
- Forgot Password Verification Message: This is the default Email notification to the user to continue the forgot password process.
- Forgot Username Verification Message: This is the default Email notification to the user to continue the forgot username process.
- Identity Already Claimed Message: This is the default Notification to the Identity Claim Beneficiary when the identity is already claimed.
- Client-Side UI Modification Detected Message: This is the default Notification to the Security Administrator when a client-side UI modification is attempted.
Google Apps Multi Domain Connector Enhancements
Google Apps Multi Domain connector has been enhanced to support two new data formats (DeletedUser and Application) and un-delete operation for user.
DeletedUser Data Format
This is an export and lookup data format to fetch deleted users. The API used for fetching deleted user doesn't support filtering. so filtering is added at the connector level for id and name attributes. The following are the attributes supported for this data format.
Application Data Format
This is an export and lookup data format to fetch data transfer applications. The API used for fetching applications doesn't support filtering, so filtering is added at the connector level for name attribute. The following are the attributes supported for this data format.
The user data format has been enhanced to support un-delete user. If id is provided for change type add, connector will process an un-delete. If additional attributes are provided, a user modify is processed to set those attribute. Google process certain calls asynchronously. If the un-delete calls processed asynchronously, the suceeding modify call can be failed. This can be avoided by configuring WaitPeriodToAddContact parameter.
Recovery Phone Attribute
The user data format has been enhanced to support recoveryPhone attribute in export, lookup and import.
Microsoft Office 365 Connector License Management
Microsoft Office 365 connector has been enhanced to support multi-level attributes for license management. Before this enhancement, license details had to be given in a delimited format for import. It was difficult to configure the mapping as well as verify the data. Also, export and lookup needed to always pull and include the service plans since everything is exported as a single attribute. Now the connector support the below multi-level attributes for license management. The connector support old attribute too to avoid issues with existing workflows.
|LicensesAndServices->AccountSkuId||String||Account SKU id.|
|LicensesAndServices->ServicePlan||String||Service plans assigned. This is a multi-valued attribute.|
|LicensesAndServices->SkuPartNumber||String||SKU part number.|
List of defects reported by customers or implementation, does not contain defects raised internally.
Fixed issue with substitution of sponsor variables in access expiry notifications. The issue was when there are multiple accounts for substitution in a repeat section. Made changes to assign the variables properly so that it is substituted properly.
Feature Affected: Access Expiry Notification
Fixed issue of populating duplicate options for Compromised Password Check configuration. Corrected the DB priming to fix the issue.
Feature Affected: Compromised Password Check
Fixed issue with password re-use check in password reset REST API. The password re-use check was not using the correct value for account id. Fixed that to process the re-use check correctly.
Feature Affected: Password Reset REST API
Fixed isue of mapper rule validation failing without showing the reason when the rule is not properly configured. Corrected the validation to return proper message.
Feature Affected: Replace Value Mapper Rule
Fixed issue with Office 365 license management when Microsoft.Graph.Application is upgraded to 2.x.x. From Microsoft.Graph.Application 2.0.0 onwards, access token should be provided as a secure string. Made changes in connector to provide access token as a secure string.
Feature Affected: Microsoft Office 365 Connector
The download links below are applicable to Fischer on-premise customers that host the Fischer IdM software in their environment. If you are a Fischer IaaS (Cloud) customer, all delivery of updates are performed by Fischer on a scheduled basis.
To download the latest update, you will need a login to the Fischer Release portal. If you are a Fischer on-premise customer and would like to request an account to the Fischer Release portal, please submit a request through the Fischer ticketing system.