Release notes
Progressive Password Policy Validation
Password policy validation is enhanced to do the evaluation as the user types in the password. The UI will show the passed and failed password rules and the reset button won't be enabled without passing all the password policy rules.
The following features/UIs are updated to show the progressive password policy validation.
- Self-service page-> My Accounts->Reset Passwords.
- Self-service page-> Users-> Profiles
- Kiosk page
- Forgot Password
- Self Registration
- Standalone password reset
- IdentityClaim
- SMSReset
- Password Expiry
- Admin UI
Sample UI - Self-service page-> My Accounts->Reset Passwords
In the below UI, with the accounts selected, you can see that accounts belong to different PEC's and the rules violated with respect to PEC's are listed. Once the user starts to key in the password characters, the password policies are evaluated on the fly and are reflected in the rules list. Once all the rules are met across both policies, the Reset Password button will be enabled and all rules will be in green. The option to view the password policy rules will be shown as another radio button, provided the view password policy property is enabled, which on selection will show the rules with out any violation information.
In admin page after selecting the account or PEC, once admin starts entering the password, the password policy violation rules will be displayed.
Kiosk Authentication Enhancement
Kiosk authentication is enhanced to support TOTP and PIN authentication as primary authentication options. PIN authentication option supports SMS and Email based on the configuration setting Configuration --> Configuration --> PIN Authentication and Password Reset --> Notification Method within the Admin UI. The Mobile option, which was retained in the screen as deprecated, is now removed from kiosk primary authentication option. The admin UI kiosk primary authentication configuration page after the changes looks like:
When all options are enabled from the Admin UI, the Kiosk Identity verification panel looks like:
Identity Info Mapper Rule Performance Enhancement
Get Identity Info mapper rule is enhanced to support an option which allow the processing in multiple steps. When the info rule details are to be fetched executing query against complex views, the performance is much better when the condition is on primary key column. When this option is turned on, the mapper first fetches the primary key based on the conditions configured. Then the mapper uses the primary key when fetching the info rule details.
Oracle HCM Worker Name Attributes
Oracle HCM Worker data format is enhanced to support all name attributes. The newly added attributes are
name->LocalMilitaryRank, name->LocalPreviousLastName, name->LocalTitle,MilitaryRank, name->NameLanguage, name->PreviousLastName
name->NameInformation1 to name->NameInformation30,
name->LocalNameInformation1 to name->LocalNameInformation30
Fixed defects
List of defects reported by customers or implementation, does not contain defects raised internally.
- Fixed issue with Workflow Schedule Exclusion configurations. The Workflow Schedule Exclusion configuration was not being honored for schedule type Every X Past the Hour
- Fixed issue with Gallagher Security Connector PDF Filter processing. Made changes to show user friendly error message when PDF attribute name configured in filter is invalid.
- Fixed issue with the loading of API from Execute Stored Procedure mapper rule configuration to local Studio. This option is really helpful when the API is designed and used in one Studio and then the project using that API is shared to other Studio. The fix allows a local studio user to view the configuration of the Execute Stored Procedure rule and when they close out of the configuration, if they do not already have the stored procedure defined within the configuration in their local studio, it will add it automatically.
- Fixed issue with Oracle HCM Connector dynamic value support for AsOfEffectiveDate configuration when filter option is used for worker lookup.
- Fixed pre-process data not passed in on processing additional resources in the request when the resources are processed after the identity dependency. The fix includes passing in any Non-FUP mapped attributes from the pre-process. The FUP mapped attributes are already available in the source record since profile is created already.
- Fixed issue with SalesForce REST Connector authentication. The Authorization Server URL is exposed as a connected system parameter, since sandbox and production need a different URL.
Fixed the issue with users not able to reset their password after Fischer scrambled the password on expiry and then the AD password filter ran again.
- Fixed issue with Office 365 user modification when user has a disabled status.