New Capability: Identity Management
This is available in all sandbox and production tenants. Identity > Access revocation controls had their production rollout deferred and will be handled as a separate announcement.
Try New Experience has been promoted to the experience. Visit Identity Management > Identities
in the system to try it yourself.
Thank you to the 100+ administrators who tested the concepts that led to this new identity management experience. It includes the following capabilities:
- Compact and configurable views of identity + account data.
- Comprehensive view of access with revocation controls.
- Auditor-Friendly event log with drill-down controls.
More About Identity Name Presentation (All UIs)
You’re able to configure how identity names are presented using a transform on the Display Name (displayName)
attribute. For example, we append (FTE)
or (Contractor)
in our demo tenant.
More About Navigation Bar Changes
We renamed the following navigation items:
Identities
top-level nav renamed toIdentity Management
Identity List
sub-nav renamed toIdentities
Access
top-level nav renamed toAccess Model
More About Revokes
Org Administrators can revoke access items when the option is available. Helpdesk users cannot revoke access items.
- Roles are revocable if provisioned via access request.
- Access Profiles that stand alone from roles or lifecycle states are revocable.
- Entitlements that stand alone from roles or access profiles are revocable.
- Applications are not revocable.
The system does not account for access that is indirectly chained. For example, a role could contain entitlements A and B. A separate access profile could contain entitlements A and B. If a user receives the role, the access profile will be detected and presented as revocable. The role will re-add the entitlements if the access profile is revoked. The access profile would then be re-detected. We recommend adjusting your access model if you encounter this scenario.
More About Account Manual Correlation Flag
There’s a new manuallyCorrelated
attribute on the account detail UI. manuallyCorrelated = true
means that an account was directly assigned to an identity by id
instead of using the account correlation configuration to match based on attribute values. When Identity Security Cloud provisions a new account via request, role, etc. it directly assigns the account to the identity by id
. Accounts that are assigned to an identity via /v3/accounts/:id
or the manual correlation UI are also considered to be manually correlated. We’ll be adding a new account attribute called origin
that will tell you if an account is Aggregated
or Provisioned
. This will help you discern how the account is manually correlated. We’re going to build a manual correlation UI feature up around this.
More About Applications (Access UI)
The Access UI will always show tabs for Roles, Access Profiles, and Entitlements. It will hide the Applications tab unless the identity has applications. This feature simplifies the experience for organizations that don’t use applications.
Spotlight on the Helpdesk
You might not use the Helpdesk user level often. Take a minute to use the new experience as a Helpdesk user to understand how its capabilities have improved.
Deprecation of Custom Branding in Administrative UIs
Customers could set a Product Name
in Global > System Settings > Product Branding
and expect to see it referenced throughout the administrative UIs.
New UIs will not reference Product Name
and will instead establish universal label presentations. This move simplifies the system and improves localization accuracy.
Did you notify us about this previously?
A Try New Experience button has been available to all administrators in all production tenants since August 2023. The button has been visible when viewing an identity’s details. Identity details is one of the most-visited pages in Identity Security Cloud. This button has enabled administrators to test the new UIs as we create them. We delivered 7 customer-facing announcements concerning our plans. Additionally, we delivered in-app notifications overlaid on the Try New Experience button for previous announcements #1 and #2.
- New Capability: Identity Access UI (published: 2/29/2024)
- New Identity Accounts UI (published: 12/7/2023)
- Updates to Events UI: View Event Details (published: 10/2/2023)
- New Identity Events UI (published: 9/18/2023)
- New Identity Details UI (published: 8/1/2023)
- New Identity List UI (published: 3/11/2023)
Are we able to switch back to the previous user interface?
Customers are not able to switch back to the previous user interface. The previous user interface is scheduled for retirement and the CC, v1, and v2 endpoints it uses are scheduled for deprecation.
See Deprecation: CC, V1, and V2 API Decommission Update for more details.
What’s next after I receive the Identity Management UIs in production?
You’ll be eligible to receive these forthcoming changes once you’ve received the identity management UIs in production.
These features are separate from the identity management experience and will roll out independently with their own announcements.
- Manage inactive identities: You’ll be able to mark lifecycle states as
Active
,Inactive (short-term)
, orInactive (long-term)
. Identities will be marked as inactive depending on their lifecycle state assignment. Inactive identities will be removed from the Request Center, manager views, and elsewhere. Here’s the relevant announcement: New Capability: Management of Inactive Identities - Manage accounts across all sources: A forthcoming Account Management UI will enable you to search for accounts, manage account correlation, and more.
Submit Questions or Feedback
The goal of this project is to deliver a substantial upgrade to the identity management experience. We are invested in addressing all concerns that are communicated to us.
Submit questions or feedback , and we’ll be in touch.
You could also schedule time to provide feedback over Teams!