Previous Versions of Identity Director 2022

Starting with this release, browser tabs will display the title of the opened section. This improvement aims to help users who prefer to open multiple Identity Director tabs at once, as it eases navigation between tabs containing various sections or subsections of the Management Portal.

When working on an active campaign in the My Access Reviews tab of the Web Portal, reviewers now have the option to decide for all the people on the list at the same time, using the newly added Approve All and Revoke All buttons. To access these buttons, click on the text area of the campaign. You can click Start to open a window containing the list of qualified people and, after reviewing the list, close the window and either approve or revoke access for everyone.

This improvement allows for a more time efficient review process, especially for campaigns with large numbers of qualified people.

Starting with this release, we have added the following options for campaign recurrence: Weekly, Monthly, Quarterly, Semi-annually, Annually. For each of these new options, you can set the campaign to recur until a specific end date, or until a specified number of occurrences has been reached. You can also opt to set no expiration limit and have the campaign recur indefinitely.

To diminish the need of recreating campaigns even further, you have the possibility to change reviewers while the campaign is active. To learn more about configuring recurring campaigns, visit the Access Certification page in the Identity Director Help.

Starting with Identity Director 2022.3, the CSV exported from the Reports tab of an existing Access Certification campaign includes all the primary identifiers defined in Identity Director for the listed people, each of them in a separate column.

In Identity Director 2022.2, we have added the Reconciliation feature for Access Certification. Starting with Identity Director 2022.3, all related functionality and information have been moved from the Properties tab to the Reconciliation tab.

You will find a new indicator for the status and duration of the reconciliation process in the Reconciliation section, and a new Qualified People section with information related to the people reconciled from MicrosoftActive Directory.

Starting with Identity Director 2022.3, you can opt to display list attributes in a Provide Information workflow action as searchable lists. This new option can be especially useful when your users must select from a large number of listed items.

In Identity Director 2022.3, we added two new service attributes: Person List and Person checklist. The new attributes rely on smart rules to obtain their values dynamically, which means you no longer have to manually provide the values.

The new service attributes will allow you to use people easier and more efficiently within your workflow.

Starting with this release, the scope MicrosoftActive Directory Group Membership data sources was extended to include one level of nested groups membership. This new option can be enabled individually for each Data Source in the Setup and Sync Tool, allowing for a larger number people to be imported into Identity Director.

In the Delegated Administration section of the Web Portal, the URL was updated to point to a service name and section, similarly to services displayed in the My Store section. This improvement aims to ease sharing and accessing services in your environment, as the URLs can be copied and shared independently.

Starting with Identity Director 2022.2, you can upload images for your access certification campaigns, in the Management Portal. This functionality aims to increase user experience and ease navigation in the Web Portal for users with a large number of active campaigns.

All the buttons used to modify the campaign status can now be found under a dynamic section called Campaigns. Select one or more campaigns from your list and you will be able to perform various actions, such as Launch, Delete, Resume, and more.

The email address of each campaign owner is displayed when reviewers click on the text area of the campaign in the Web Portal. This change aims to ease direct communication within the organization, should reviewers require additional information in order to complete the review process.

You can now select Groups and Smart rule from the Reviewer type drop-down list, in addition to the existing Individual Reviewers option. This expands the functionality of certification campaigns and opens a new door in the feature set. A campaign can now be assigned to multiple reviewers, with the results centralized in the Results tab of the campaign once the review process is complete. The results can also be exported into a CSV file from the Management Portal.

Access certification events such as adding or editing campaigns and deleting campaign instances or definitions are now logged in the Audit Trail. The additional information improves the reporting capability and provides a more in-depth look at the access certification campaigns from your environment.

Starting with Identity Director 2022.2, you can select a MicrosoftActive Directory connector to use information about people from Security Groups and Organizational Units into the Management Portal. This is used for entitlement reconciliation.

Information received from MicrosoftActive Directory is synchronized with Identity Director via data sources and handled using the mappings defined in data connections. People and Classifications data connections are used together with People and Group membership data sources to ensure the People related information is imported properly. When setting up a certification campaign, multiple data connections can be selected to match complex business scenarios. The result is then reconciled and compared so that reviewers can see an user's resulting qualifications in both Identity Director and Active Directory and decide according to them.

Data connections are only needed to determine the connectivity and mapping information for the external system, they are by no means synchronized. No entities from Identity Director (people or organizations) will be modified in any way following a reconciliation.

The Identity Director component responsible for the actual connection to the external system is Transaction Engine, therefore this component must be able to access the Active Directory.

On the Pages tab of a Provide Information workflow action, you can now enable dynamic attributes for List and Checklist service attributes. This comes as an addition to the dynamic attributes introduced in Identity Director 2021.2. The dynamic features allowing extra attributes to be displayed in a Provide Information workflow action according to various conditions are now available for 6 attributes: Date, DateTime, Text, Organization, List, and Checklist.

In Identity Director 2020.3.1, we have introduced a retry mechanism that would initiate if the Transaction Engine was unable to retrieve Run Book results during its first attempt. This mechanism is no longer necessary and was removed from the product starting with Identity Director 2022.2.

Previously, services marked as favorite disappeared from the Web Portal when the Show in My Store option was disabled in the Management Portal.

Starting with Identity Director 2022.2, the service is displayed in the Web Portal, even with the Show in My Store option disabled. However, users are no longer able to request it.

In the Web Portal, under Account, users can manage the applications used for sign in, password reset, or unlock account from the newly added Security tab.

With the introduction of Multifactor Authentication, we have allowed users to enroll their own devices and authentication applications. However, the devices could only be used in Password Reset scenarios if Multifactor Authentication was enabled in the environment. With this update, the device management functionality has been decoupled from Multifactor Authentication so users can freely manage their devices without requiring additional assistance from the IT department.

The Access Certification feature is only available with the Access and Enterprise licenses, starting with Identity Director 2022.2.

Starting with Identity Director 2022.1, you can use Access Certification to improve the management of users and entitlements in your environment.

This feature allows administrators to create and manage certification campaigns from the Management Portal. The newly added section contains a series of tabs which display campaigns according to their status. New campaigns can be created by clicking on the Add button at the bottom of the page.

Once a certification campaign starts, the selected reviewers are able to see it in the My Access Reviews tab of the Web Portal. After starting the review process, reviewers see a list of users that qualify for an entitlement and the options to either authorize or revoke access for each user. At this point, the reviewer can either complete the process in one go or save it and continue at a later date. Once completed, the campaign moves to the Completed tab under My Access Reviews and becomes read-only.

Please note that, at the moment, campaigns can only be created for entitlements. Additional options will be added in the future.

For a complete overview of the Access Certification feature, check out the Access Certification page in the Identity Director Help.

You can now set hourly intervals for email reminders for your workflow actions.

Previously, users remained enrolled when marked for deletion using an import file from which they had been removed. This behavior was changed in this version and users are unenrolled when marked for deletion.

All Multifactor Authentication add or removal operations are now logged in the Audit Trail.

At Setup > Multifactor Authentication, you can now decide whether or not you want to enforce multifactor authentication for the users in your environment.

While multifactor authentication is enabled in your environment, you can opt between making enrollment mandatory for everyone, or allowing your users to decide independently if they want to use an authenticator application or not.

This version of Identity Director includes the following performance-related improvements:

• The overall qualification processing has been improved through code and cache loading optimization.

• Qualification based on people attributes has been improved and changing a regular people attribute that is not used in qualifications does not trigger any qualification processing.

• The responsiveness and time interval before triggering services when people attributes change have been improved.

A new section called Authenticator Apps was added for both the Password Reset and the Unlock Account login page services. Enabling this option allows your users to choose enrolled authenticator applications as their preferred verification method in the Web Portal.