What's New

There are cases when multiple managers or coordinators need to be able to trigger various entitlements for the same employees. By introducing a new People attribute of type List (see here) , Identity Director can now leverage smart rules to allow multiple people to be served by multiple coordinators through the Delegated Administration panels.

Two new Smart Rules have been updated to support the new List attribute:

• Manager of Subscriber
• Subordinates of Subscriber

The addition of a People attribute of type List (see here) in Identity Director 2020.3 has also had impact on data connections. The People Table Attributes data connection has been renamed to “People Attributes”.
You can synchronize data into tables or lists via this single data connection type. The choice between table and list can be made using a simple drop-down in the configuration.

Using the List attribute does not contain the advanced data mapping and merging capabilities of the table attributes.

In large organizations, people may share the same name. When this happens, managers and coordinators often find it hard to identify the correct person.

For that reason, people identifiers are now visible in Delegated Administration.
In addition to that, when defining a people attribute in the Management Portal at Data Model, you can specify if the attribute should be visible in Delegated Administration.

This allows for a more thorough diagnostic when making decisions regarding entitlement allocation from the Web Portal.

Due to very limited use and demand, support for Oracle and IBM DB2 Datastores has been deprecated as of Identity Director 2020.1.

The Invoke Run Book action is used to invoke a Run Book in an Ivanti Automation environment.

If the specified Run Book contains Run Book Parameters where the Action is set to Get Final Value or Both, the Run Book Results tab of the Invoke Run Book action allows you to let the value of service attributes depend on Run Book Parameters. These values are set during execution of the Run Book. After execution of the Run Book has finished, the Run Book results need to be retrieved by the Transaction Engine.

In case the first retrieval isn’t successful, the new retry-mechanism will initiate up to four additional attempts. The first retry will start 30 seconds after the initial retrieval attempt. Each of the following retry wait intervals will be increased by an additional 30 seconds.

When a retry is successful, the service attributes values are updated based on the received Run Book Parameters results.

The retry-mechanism makes the Invoke Run Book action more robust in situations when external factors may interfere with the retrieval of Run Book results.

The Transaction Engine traces for the Invoke Run Book action have been enhanced, allowing for better debugging capabilities.

This new attribute type comes to complete the attribute landscape and to allow the expansion of smart rules. There are also many cases when working with a single column table could get more complicated than just having a list attribute. That is why, in this release, a new attribute of type List has been added to People.

The attribute works the same as any other attribute, it supports restricted values and can be used in the Set People Attributes and Identifiers workflow action, as a Placeholder, as a Delivery trigger.

The API for the Management Portal now supports passing data from third-party tools into the Provide Information workflow action. This makes integration with ITSM tools much easier, because it allows for passing multiple types of information into Identity Director workflows in the form of a text attribute.

In addition, the API now has an endpoint allowing the administrator to choose in which organization to place the user when doing an addition or modification operation.

Identity Director 2020.2 introduced the feature allowing the qualification of entitlements to be done using People attributes. Multiple instances could be added to assure for instance, that all roles inside an organization are covered.

In Identity Director 2020.3 an extra enhancement reduces the effort even more, by allowing the usage of wildcards. Following the given example, this allows the simple usage of “role name*”, which in turn covers a wide selection without the need for multiple specific additions.

Identity Director now also supports cross-domain groups when creating Administrative Roles. This allows for users in different domains to be added to the same group and then to leverage that whole group in the creation of Logins for Administrative Roles.

Administrative Roles can be configured in the Management Portal, at Setup > Administrative Roles.

The CAPTCHA implementation has been revised and strengthened. The new improved solution brings a more secure approach that:

• Does not allow reuse of the captcha
• Does not disclose account existence
• Does not disclose account lockout status

Identity Director 2020.2 greatly improved on password complexity, allowing for the creation of personalized and granular profiles. This made it possible to have many profiles inside Identity Director, fit even for the most demanding policies out there.

Identity Director 2020.3 now adds an advanced diagnostic feature, that verifies the rules that apply to any single user in the system. This way, the system administrator can check the policy implementation fast and without error.