Compliance & Certification - Implemented Reassign from Job Instance Listing Page
Implemented reassign from Compliance Job Instance listing page, which enables an admin to reassign from one certifier to any user of choice, other than the currently assigned user. This is different from the user reassignment facilities in the product right now in the following ways.
In the old reassign implementation,
- In the nodes listing page (tree/tabular view), only nodes with status node assigned (i.e., sublevel certification) can be reassigned to another single user.
- In the resource listing page, all certification assignments (of all certifiers) for a selected resource can be reassigned to another single user.
In both cases above, only the escalate option is available where certifications can be assigned to multiple users, if higher level certifier list has multiple certifiers.
In new reassign implementation,
- All the certifications of a selected certifier (both sub-level, as well as resource level) will be reassigned to the newly selected user.
- The profile selected to assign new certifications does not need to be a certifier at all, it will be automatically added to certifier list for current run (i.e., for current job instance).
- A message will be displayed indicating the number of certifications (individual counts for resource/sub level) reassigned.
- A message will be shown if no certifications were reassigned.
The UI change in the job instance page is the introduction of a button to reassign as shown below
Clicking on reassign button will take you to a new reassign page. Initially a section, which will list all the certifiers of current job instance, will be displayed, from where you can select the certifier for the certification events that needs to be reassigned. Upon selecting the existing/from certifier, a section will list all the users, other than the selected certifier, which you can use to select the new certifier.
On selecting both certifiers (current and new), the reassign button will be enabled and on clicking the button, all the certifications (sublevel, as well as resource/policy/system) are reassigned to the new certifier. On successful reassignment, a message will be displayed, which will indicate the number of sublevel and/or resource/policy/system certifications reassigned.
Common listing UI operations like sorting, searching and paging are supported in both listing sections.
SaaS Workflow Administrators
The new SaaS Workflow Administrators PSA policy serves the purpose of granting authorization exclusively for Studio access. Individuals who meet the criteria for the SaaS Workflow Administrators PSA policy will not have access to the administrative user interface, but they will have the capability to log in to Studio. However, these users will be unable to make any modifications to shared connected systems or deploy workflows using shared connected systems. While deployed workflows utilizing shared connected systems can generally be altered, there are some exceptions on changing configuration of certain mapper rules like Read Entry, Look Up Data, Write Data, and Execute Stored Procedures.
Kiosk (Forgot Password) - Display Masked Phone Number and/or Email Address
The Kiosk (Forgot Password) has been enhanced to display the masked phone number and email address when the Identity verification options are listed. Previously, it was a completely masked label and difficult to identify the phone number and email address it was going to use upon selecting the option.
Google Connector Rename
Google Connector has been renamed from Google Apps Multi Domain to Google Workspace. This is to match with the naming Google has begun using. All areas displaying the connected system type will show the new name. Only the display name is modified. The type name and definition name are retained so that the rename won't affect the existing workflows and solutions.
Google Workspace Connector Course Data Format
Google Workspace Connector has been enhanced to support new data format named Course. This is an export, lookup and import data format to fetch and manage Courses and its Aliases, Teachers and Students. The API used for fetching courses does not support filtering. The filtering is added at the connector level for id, name, owner id and room attributes. The configuration properties GetCourseByTeacherId and GetCourseByStudentId are used only for paged export.
The following scopes should be added in Google Admin console->Security->API Controls->Domain-wide Delegation for respective client-id to get permission for operations.
|1||Export||Course and Alias||https://www.googleapis.com/auth/classroom.courses.readonly|
|2||Import||Course and Alias||https://www.googleapis.com/auth/classroom.courses|
|5||Export/ Import||Teacher/Student Profile Emails||https://www.googleapis.com/auth/classroom.profile.emails|
|6||Export/ Import||Teacher/Student Profile Photo||https://www.googleapis.com/auth/classroom.profile.photos|
|GetCourseById||Course Id||Fetch Course with id|
|GetCourseByTeacherId||Teacher User Id||Fetch Course with teacher user id
(Used only during export with paging)
|GetCourseByStudentId||Student User Id||Fetch Course with student user id
(Used only during export with paging)
The following are the attributes supported for this data format.
* Value starts with d: for domain alias. Example d:alias1
Google Workspace Group Data Format New Attributes
Google Workspace Group data format has been enhanced to support the below attributes in export, lookup and import.
List of defects reported by customers or implementation, does not contain defects raised internally.
Fixed issue with Workflow Studio Installation on Linux. The issue was due to some missing third-party jars in the installer.
Feature Affected: Workflow Studio Installation on Linux
Fixed Change Access error when change access configuration is set for all owned resource and the user owns more than 1000 resources
Feature Affected: Change Access
Fixed re-hire/rename scenario failing to update the FUA when both old and new account ids exist in the FUA as end dated.
Feature Affected: Provisioning
Fixed MD5/SHA hashing mapper rule to return hexadecimal value of the hash instead of base64 encoded value of the byte array.
Feature Affected: Mapper Rule
Fixed Approval Router not honoring Transaction-SponsorId. The fix will enable the use of sponsor approvals through approval router and to set resource sponsorship when the resource is provisioned.
Feature Affected: Approval Router
Fixed the Technical Reviewer not getting assigned if technical reviewer is subset of certifier list
Feature Affected: Compliance
Fixed issue with DUO authentication when Identity load balancer uses non SSL communication. Issue was because request details were used to build callback URL. Made changes to use load balancer configuration to build the callback URL.
Feature Affected: DUO Authentication
Fixed issue in adding aliases for user during user creation. The issue was due to the asynchronous nature of Google user creation API. Introduced a configurable wait period to add alias after user creation is completed in Google. WaitPeriodAfterUserAddToManageUser is property to be configured an it has a default value of 15 seconds.
Feature Affected: Google Connector
The download links below are applicable to Fischer on-premise customers that host the Fischer IdM software in their environment. If you are a Fischer IaaS (Cloud) customer, all delivery of updates are performed by Fischer on a scheduled basis.
To download the latest update, you will need a login to the Fischer Release portal. If you are a Fischer on-premise customer and would like to request an account to the Fischer Release portal, please submit a request through the Fischer ticketing system.