IdentityIQ 8.4p2 is now available
This release includes security fixes, important server and connectivity enhancements, new connectors, changes in connectivity platform support, documentation updates, and general quality and performance improvements. Additional information can be found in the
identityiq-8.4p2-README.txt file accompanying the release.
Highlights
- In SailPoint’s ongoing commitment to security, this release contains a fix for a previously reported CVE (Common Vulnerabilities and Exposures): CVE-2024-10905. More information about the CVEs in IdentityIQ is located in SailPoint’s Security Advisories.
- The 3rd-party libraries in the IdentityIQ Server layer and a subset of connector bundles are updated to newer versions as part of an ongoing commitment to improve the quality and security of the product. The impact on custom connectors, rules, or other customizations which directly or indirectly use these libraries must be validated to ensure compatibility.
- Access History and Data Extract are no longer dependent on the ActiveMQ message broker. This applies to both embedded and external ActiveMQ configurations. Refer to this Compass article for further details: IdentityIQ 8.4p2: Removal of ActiveMQ for Access History and providing flexibility for Data Extract
- For installations which use a PostgreSQL database as the IdentityIQ repository, the dialect specified in iiq.properties must be updated to use the new SailPoint-specific PostgreSQL dialect to resolve a potential Character Large Object (CLOB) data corruption issue. For more information, refer to the Upgrade Considerations in the README before applying this patch.
- PostgreSQL is now supported as a hosted database for IdentityIQ on the following cloud platforms: AWS RDS, AWS Aurora, Microsoft Azure.
- A new “roleOwnerId” query parameter is now supported by the /ui/rest/requestAccess/accessItems REST endpoint to filter roles based on role owner id.
- AI Services has been rebranded to AI-Driven Identity Security in the IdentityIQ user interface.
- The TM (trademark) symbol is now included for Identity Cube™ in the IdentityIQ product user interface and reports. This minor update currently only applies to the English language.
- For Mainframe connectors, SailPoint no longer supports DES and 3DES encryption, so existing integrations using DES or 3DES will no longer function. Instead, SailPoint recommends using TLS encryption to secure communication between Mainframe integration components.
- The Oracle NetSuite connector will exclusively support WSDL v2023 with Token-Based Authentication (TBA) for any new sources configured. Support for basic authentication and pass-through authentication will no longer be available for any new sources configured after this release. For existing sources of the Oracle NetSuite connector configured using WSDL v2019, support will continue until the end of 2024. However, starting in 2025, only the latest version of WSDL (v2023) and TBA authentication will be supported.
New Connectivity
- A new Atlassian Data Center connector is now available which securely connects to the Atlassian Data Center and provides governance capabilities for users and groups.
- A new integration with Atlassian Data Center Jira Service Management Service Desk provides IT service management and automates common business processes for requesting and fulfilling service requests across a business enterprise.
- A new integration with AWS IAM Identity Center enables centralized user access management for multiple AWS accounts and streamlined provisioning.
- New connectors for the following Guidewire systems are now available, supporting aggregation, provisioning users, and adding or removing entitlements at the account level:
- Guidewire BillingCenter
- Guidewire ClaimCenter
- Guidewire ContactManager
- Guidewire PolicyCenter
- A new integration with SAP Ariba provides a comprehensive SAP Cloud integration that enables businesses to significantly improve security and compliance within SAP Ariba procurement and sourcing processes. This integration facilitates streamlined governance of user identities, entitlements such as roles and groups, and the automation of JML workflows for security and compliance requirements across Ariba parent and child realms.
- A new integration with SAP Analytics Cloud provides a comprehensive SAP Cloud integration that enables businesses to significantly improve security and compliance within SAP Analytics Cloud. This integration facilitates streamlined governance of user identities, entitlements such as roles and groups, and the automation of JML workflows and compliance requirements.
- A new SAP BTP Cockpit Cloud Foundry connector enhances security and compliance for SAP BTP applications and services by effectively managing user access and entitlements (role collections) across BTP Global Accounts, Directories, and Sub Accounts.
- A new SAP Identity Directory connector aligns with SAP’s reference architecture and empowers businesses to elevate security and compliance measures for applications integrated with SAP Cloud Identity Services (CIS). By leveraging centralized governance capabilities, this integration streamlines the management of user identities and entitlements (groups), ensuring that stringent security and compliance requirements are met across all SAP Cloud applications linked to SAP CIS.
- A new integration with SAP Commerce Cloud offers access management of SAP Commerce “Employees” type users, group entitlements, and rich attribute collection as supported by SAP.
- A new integration with SAP Integrated Business Planning (IBP) enhances security and compliance for businesses using IBP by simplifying the management of user identities and entitlements, including roles, catalog ids associated with roles, and groups.
- It also automates user onboarding, movement, and off-boarding processes to ensure compliance with security requirements.
- A new HealthStream CredentialStream connector extends management to provider data along with facilities, specialties, and credential/license information.
- A new Workiva connector securely connects with the Workiva system and provides governance capabilities for the Workiva users.
Enhanced Connectivity
- The Microsoft Active Directory connector now supports gMSA as a Service Account using Simple Authentication and Security Layer (SASL) protocol.
- The Epic SER connector now aggregates multi-valued attributes.
- The Mainframe IBM RACF, Mainframe ACF2, and Mainframe Top Secret connectors are enhanced to read the ‘prependBeforeVal’ or ‘appendAfterVal’ attribute from the attributes map of AttributeRequest in the provisioning plan. It will then prefix/append it to the value of the attribute before passing, it to the SailPoint connectors for Mainframe ACF2, RACF, and Top Secret. This allows the pre/post scripts to access meta data of the provisioning request for each attribute.
- The Microsoft Entra ID (formerly, Azure Active Directory) now supports the following:
- Managing custom security attributes for Microsoft Entra ID users
- Extension attributes and Directory (Entra ID) extension attributes, which store the custom attribute information coming through Active Directory (such as onPremisesExtensionAttribute)
- Update operation for multivalued extension attribute
- Aggregating risk related information for Service Principals accounts
- The SAP Concur connector now supports the “Test Employees” and “BI Managers” attributes.
- The SAP Direct connector now has the ability to differentiate between TCodes added through the menu, TCodes added directly, and other menu items. This enhancement is made possible by the introduction of three new attributes in the role schema and provides users with greater flexibility and control.
- SAP GRC connector/integration:
- Now features integration with SAP IAG, using the SAP GRC system as a bridge. This configuration helps you request user and entitlement provisioning, remove user access, and perform risk analysis of user requests in IAG for connected SAP Cloud systems.
- Now features a streamlined connection with the SAP ARA Service, facilitating comprehensive Segregation of Duties (SoD) checks and risk analysis through the GRC platform. This improvement enables IdentityIQ managers to identify and correct potential risks proactively before submitting provisioning requests directly via GRC integration. Risks that are identified are marked as Policy Violations, equipping managers with the insights needed to take proactive action or collaborate with key stakeholders, including Requesters, Role Owners, and Risk Owners.
- The Salesforce connector now supports “DelegateGroup” as a group object, and role hierarchy representation (parent and child) for the role entitlement object.
- The SailPoint Identity Governance connector now supports the Client Credentials grant type for Inbound OAuth by ServiceNow.
- The Oracle ERP Siebel connector now supports aggregation of responsibilities, and assigns the Dummy Primary Position ID to the user (Leaver use case).
- The Workday Accounts connector now supports implementer accounts and enhanced to aggregate integration user accounts.
New Platform Support
- The ACF2 connector now supports z/OS 3.1.
- The connectors for the following Guidewire systems now support the Guidewire Kufri release:
- Guidewire BillingCenter
- Guidewire ClaimCenter
- Guidewire ContactManager
- Guidewire PolicyCenter
- The HCL Domino connector now supports HCL Domino version 14.0.
- The RACF LDAP connector now supports z/OS 3.1.
- The Salesforce connector now supports Salesforce Managed System API version 60.
- The SAP Direct connector is now certified with the SAP ERP Enhancement Package 8 (EHP) for continuous support and seamless integration.
- The SAP HR/HCM connector now supports SAP Enterprise Central Component (ECC) 6.0 with Enhancement Package 8 (EHP8) and the SAP S/4 HANA 2023 on-premise version.
- The SailPoint Identity Governance connector now supports the ServiceNow Xanadu release.
- The ServiceNow Service Catalog now supports the ServiceNow Xanadu release.
- The SailPoint IdentityIQ for Service Catalog now supports the ServiceNow Xanadu release.
- The SailPoint for Service Desk now supports the ServiceNow Xanadu release
- The Top Secret connector now supports z/OS 3.1.
- The Oracle Database connector now supports version 23ai.
- The Oracle NetSuite connector now supports WSDL v2023.