The 24.4 (v4.4) version of OpenText Identity Governance and Administration solution includes new features, improves usability, and resolves several previous issues.
Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the OpenText Identity Governance and Administration forum on the communities website, our online community that also includes product information, blogs, and links to helpful resources.
For more information about this release, see the OpenText Identity Governance Documentation website.
This release provides functional, infrastructure, and performance-related fixes and enhancements. It includes:
In addition to previous capabilities, authorized administrators can now export and import the following data as SQLite files:
Attributes
Archive destinations
Bulk update definitions
Insight queries
SoD violation options
SoD approval policies
Review settings
Metric data stores configurations
Business Role auto requests and inconsistency settings
Fulfillment targets and configurations
For more information, see Exporting and Importing
in the OpenText Identity Governance User and Administration Guide
OpenText Identity Governance enables use of Permission: Members of Group Owners relationship to create more targeted review and request coverage maps.
For more information about coverage maps, see Using Coverage Maps
in the OpenText Identity Governance User and Administration Guide.
OpenText Identity Governance enables you to:
Reset curated values of user, account, and permission attributes in the catalog
Schedule insight query collections runs, download results, and receive automatically emailed results
For more information, see Resetting Curated Attribute Values to Collected Values
and Creating Collection Schedule for Insight Queries
in the OpenText Identity Governance User and Administration Guide.
This release includes the ability to manually resolve open publication-data-policy detections for changes to permission attributes.
For more information, see Manually Resolving Detections
in the Identity Governance User and Administration Guide.
OpenText Identity Governance provides the following enhanced review and certification capabilities:
Optimized review routing in multistage reviews
Enhanced ability to download a reviewers' review items details
Enhanced account reviews that enable reviewers to review authorizations for not only accounts but also permissions that were authorized by business roles.
Support for micro certification of Global Authorization Review
For more information about review process flow and micro certifications, see Understanding the Review Process
in the OpenText Identity Governance User and Administration Guide.
OpenText Identity Governance provides the following new and enhanced capabilities:
New ILM collectors and fulfillment target templates that enable collection from OpenText™ Core Identity Lifecycle Manager and fulfillment using SCIM endpoints
New REST OTDS collector and fulfillment target template that enable collection from OpenText™ Directory Service and fulfillment using REST endpoints
Support for SCIM streaming service (push) that enables OpenText Identity Governance to receive identities from SCIM repos
Ability to use Generative AI (Artificial Intelligence) to create transformation scripts
For more information about the new templates, see ILM Collectors and Fulfillers
, REST OTDS Collectors and Fulfiller
, and SCIM Streaming Collector
in the OpenText Collectors and Fulfillers Configuration Guide.
For information about the enhanced ability to create transformation scripts see Creating Transformation Scripts Using Generative AI
in the OpenText Identity Governance User and Administration Guide.
This release includes:
Ability to regenerate technical role suggestions based on current data
Ability to create a technical role using role mining with only common permissions of specified users
For more information, see Understanding Automatic Suggestions Mining Approach
in the OpenText Identity Governance User and Administration Guide.
We have discontinued use of monotype fonts and all defaults reports have been converted to OT-Report-Font-Set.
Starting with Reporting 7.4, the Arial font is no longer included. For first time users, no additional steps are required as there will not be any report definition on the Repository page.
For those who are upgrading:
If the report definition was originally installed using the Download feature in Reporting, reinstall the latest version of the report from the Download page
If the custom report definition was provided by Professional Services, please contact them for a new version
If the custom report definition was provided by a Partner, please contact them for a new version
If you created the custom report, replace Arial with OT-Report-Font-Set throughout the report definition, repackage, and then import the report definition
If the report definition is not updated, it will fail at runtime with the following error: An error was detected while running report '%name%': Font "Arial" is not available to the JVM. See the Javadoc for more details.
We moved and updated all advanced configuration information related to specific collectors and fulfillers from the user guide to a separate configuration guide. This change makes it easier to find relevant content when configuring the respective templates. This guide will continue to be refined based on product updates and user inputs.
Information about basic collector and fulfiller template layout and procedures, collection, publication, and fulfillment will continue to be included in the user guide. You can access both guides on our documentation site.
This release includes miscellaneous security, compliance, performance, and monitoring-related updates to provide additional governance capabilities. It includes:
Access Request performance and usability improvements
Additional columns for Created, Deleted, and Updated by Unique User ID in Workflow Service
Ability to view risk score while making decisions regarding SoD and Potential SoD violations
Improved load balancing in cluster environments
The following features have either been removed or have been deprecated and will be removed in a future release:
Starting with OpenText Identity Governance 24.2 (v4.3), the ability to import Coverage Map CSV file is deprecated. The Coverage Map user interface is a more robust and easier method to create coverage maps.
Starting with Identity Governance 4.2, fulfillment to BMC Remedy was deprecated. It will be removed in a future release.
For more information about browser requirements and supported components for this release of OpenText Identity Governance, and additional supported drivers and packages for accounts and permissions collection from the OpenText Identity Manager environment, see the OpenText Identity Governance and Administration Quick Start Guide.
We strive to ensure that our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
Issue: Insight Query Results are emailed correctly to the authorized policy owner. However, the greetings in the Insight Query Results email does not resolve correctly. Instead the name appears as $policyOwner$.
Workaround:
Modify the email template and delete $policyOwnwer$. For more information, see Customizing Email Notification Templates
in the OpenText Identity Governance User and Administration Guide.
Issue: When using Entity Change data policies that specify Add or Remove operations, you might encounter the following issues:
Curation as a trigger event might incorrectly appear as an option when defining an Entity Change data policy with Add or Remove operations.
If both Add and Remove events occur within the same collection and publication the related data policies’ results might reflect zero (0) changes.
Applying changes when publishing application sources might result in a data policy results reflecting changes when they should not.
Entity Change data policy results for collection and publication should be similar to comparison data that you can view when selecting Data Sources > Activity. Changes resulting from applying changes should not be reflected in the Entity Change data policy results.
Issue: Even if a change request, such as adding a user to a group in SAP application, is fulfilled successfully, OpenText Identity Governance displays the status as Pending Verification. This occurs because the SCIM Driver fails RFC 7644 pagination specifications and returns only limited entitlements to OpenText Identity Governance. This issue will be fixed in a future release.
Issue: If two business roles (BR1 and BR2) authorize the same permissions and specify auto-grant and auto-revoke on those permissions, and a manual or bulk data update (also known as curation) moves a user from BR1 to BR2, the user could lose the permission for a period of time between the fulfillment of the auto-revoke request and the fulfillment of the compensating auto-grant request.
This is possible because, after curation, separate detections are triggered for BR1 and BR2, instead of a single detection that does both together. If detection is first done on BR1 (the role the user lost membership in) followed by BR2 (the role the user gained membership in), OpenText Identity Governance would issue an auto-revoke, followed by a compensating auto-grant. If detection is first done on BR2 followed by BR1, auto-revoke or auto-grant request will not be issued. Based on your fulfillment approach (manual, workflow, automatic, custom), in the case where detection first occurs on BR1 and then BR2, causing an auto-revoke request and compensating auto-grant request to be issued, the user could lose the permission between the fulfillment of the auto-revoke request and the fulfillment of the compensating auto-grant request.
Workaround: It is recommended that you do not utilize curation if you have business roles with overlapping permissions that are enabled for auto grants and auto revocation. If data update occurs, check business role detections (Policy > Business Roles > Business Role Detections) to verify that a compensating grant request was issued, and if not, detect inconsistencies (Policy > Business Roles > Manage Auto Requests) and issue a grant request.
Issue: Notification template tokens that are created in the Workflow Administration Console cannot be inserted in the template’s message section.
Workaround: Copy the token with the dollar sign $, for example, $Test token$ and paste it in the message body and save the template.
Issue: When multiple values are mapped using flowdata.getObject(), all the values are populated in a single field. For example, in the Workflow Administration Console, create a form that requires multiple values, such as text field, email, and phone number. Create a workflow with two approval activities and attach the form with the activities. In the pre-activity data mapping of the second approval activity, map the fields with multiple values from the first approval activity’s form using the flowdata.getObject(). In OpenText Identity Governance, request that workflow. Navigate to > Approvals > Workflow Approvals and select Approve or Deny to launch the approval form of the workflow. Type the values for the requested fields and launch the next approval form. The data mapped from the previous form using flowdata.getObject() displays all data in a single field.
This issue will be fixed in a future release.
Issue: Inability to publish workflows when the Request Content field in the Rest Activity contains the slash slash (//) expression in a comment.
Workaround: To save and publish the workflow, use the slash-star (/*) star-slash (*/) while adding a comment.
Though OpenText Identity Governance supports markdown for permission and application descriptions, currently it does not have a markdown viewer for request forms. As a result, any markdown syntax in an application or permission form will display as it is instead of being rendered as expected.
Some known issues lie within third-party applications that are integrated with OpenText Identity Governance. The following known issues can be tracked with the third-party vendor. We provide links to those issues where available.
In the Form Builder, text that appears on some of the component tabs cannot be localized, because Form.io does not support localization for this texts. This will be fixed in a future release.
Issue: If Form Builder was used from the Workflow console to create an approval workflow that requires two approval activities, and you provided two or more phone numbers during the first approval activity, those phone numbers will not appear in the second approval activity. The issue lies with Form.io, who is aware of the issue and is working toward a solution.
Workaround: Click Add Another under the Phone Number field to make the provided phone numbers appear.
If Form Builder was used from the Workflow console to create an approval workflow that requires two approval activities, and multiple values were supplied during the first approval activity, those values will duplicate in the subsequent approval activity if you click the Add Another button. The issue lies with Form.io, who is aware of the issue and is working toward a solution.
When creating a custom form, the Approval Address field accepts values from the request address field only if using the Calculate Value. The Approval Address field does not receive information if using the Custom Default Value. The issue lies with Form.io, who is aware of the issue and is working toward a solution.
Validations are not triggered if the ValidateOn property of a component is set to Validate on Blur, but will, instead, validate on change. The issue lies with Form.io, who is aware of the issue and is working toward a solution.
When adding a layout component to a form and configuring Action Types, Value appears as an option, but this option is not applicable for a layout component. The issue lies with Form.io, who is aware of the issue and is working toward a solution.
Online help does not exist for the tree component. The issue lies with Form.io, who is aware of the issue and is working toward a solution.
Some event trigger types with the “Hidden” property set do not hide the configured component. The issue lies with Form.io, who is aware of the issue and is working toward a solution.
Moving Selected Columns in Display Options Does Not Work with More Than One Row of Column Names
Changing of the Resource Request Parameter Key Causes Issues in OpenText Identity Governance
Converting Identity Collector to “With Changes” Collector Might Not Complete Successfully
Sorting on the Default Forms Tabs of Access Request Policies Page Does Not Work Correctly
Running a Saved Insight Query with a Cross Reference Might Return No Results
IDM Entitlement Fulfillment Requests Might Not Display Fulfillment Status Correctly
Navigating Away from Unchanged Page Might Result in Erroneous Prompt to Save Changes
When a few items in the changesets are verified as fulfilled and other items fail, and you try to resubmit the failed items, OpenText Identity Governance now resubmits only the failed items.
Typically, you can rearrange columns on any page that displays a list such as permissions or technical roles by clicking the gear icon on the top left of the list, then dragging and dropping the selected column names. Even when selected column names span to more than one row on the display options (settings) page, you can move column names from one row to another to rearrange the respective columns.
This issue has been resolved.
This is no longer an issue with updated versions of both OpenText Identity Governance and OpenText Identity Manager.
Access Request string customization works as expected.
In OpenText Identity Governance as a Service, when you convert an identity source collector to a collector with changes, the collector is converted successfully.
On the Application Default Forms and Permission Default Forms tabs of Access Request Policies page, clicking on column headings sorts the list correctly.
The results are returned as expected.
Previously, when a request was sent to the IDM entitlement fulfiller such as the assignable role for Workday, OpenText Identity Governance displayed the verification status as failed even when the request displayed the fulfillment status as successful. This issue has now been resolved.
This is no longer an issue with Google Chrome browser.
This is no longer an issue with Mozilla Firefox browser.
Workflow Administrators Must Be Set to Users and Not Groups. Setting a group as administrator provides members of the Group admin rights in Workflow Service.
Tasks Do Not Appear in the Approver's Queue Workflow Approval task correctly appears in the person's queue based on the specified expression.
Unable to Collect Activity Statistics and Entity Usage Statistics Metric Data in Systems That Use Workflows. When Workflow Service is integrated with OpenText Identity Governance systems, and a workflow is used for access request approvals, remediations, or fulfillment, Activity usage statistics and Entity usage statistics metrics collection does not result in error.
Exporting Workflow Throws 401 Error Due to Token Timeout. This issue is resolved. The 401 error is no longer triggered if you click Export Workflows after the token has timed out.
Workflow Expressions in the Workflow Administration Console Expression Builder are Appended with a 0. After upgrading PrimeNG this issue is resolved. Expressions in the Workflow Expression Builder are no longer appended with a 0.
Import File Names are Suffixed with Numbers in the Workflow Administration Console. After upgrading PrimeNG this issue is resolved. Numbers are no longer displayed with the filenames for imported files.
Name and Action Columns are not Working as Expected During Column Customization After upgrading PrimeNG this issue is resolved. The Name and Action columns are displayed by default and cannot be edited.
Workflow will Fail if Lookup Value for an Attribute Contains Spaces or Special Characters or Is More Than 32 Characters Attributes support values more than 32 characters including spaces, or contains spaces or special characters.
Unable to Export Forms or Workflows on Linux Systems Forms or workflows from the Catalog area of the Workflow Administration Console can be exported on Linux systems also.
Unable to Create, Update, or Delete Forms or Workflows If Display Name is More Than 32 Characters. The column size for the createdby, updatedby, and deletedby columns in the databases have been increased to 255 characters and the create, update, or delete form and workflow actions work as expected.
The text and tooltips for the following fields in these components are now displayed according to your locale settings in the Form Builder:
Label for Key column in Data > Data Map
Input Time in Advanced > Time
Hide Colon in Custom > Label
After upgrading PrimeNG this issue is resolved. The Name and Action columns in forms, workflows, and notification templates in the Workflow Administration Console are selected by default and the selection cannot be edited.
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@microfocus.com. We value your input and look forward to hearing from you.
For support, visit the CyberRes by OpenText Support Website or email cyberressupport@microfocus.com.
For interactive conversations with your peers and experts, become an active member of our community. The online community provides product information, useful links to helpful resources, blogs, and social media channels.
The only warranties for products and services of Open Text and its affiliates and licensors (“Open Text”) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Open Text shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.
Copyright 2024 Open Text.