Version 2021.09.0

What’s new

Additional Actions and Attribute entitlements in the Admin role

The Admin role now allows restrictions on managed identities' attributes, roles, groups, primary values and credential information via Edit, Show profile or Mass updates.

Profile access capability in the Personal role

Allows the restriction of users' access to selected menu items for their own profile page.
This capability was introduced for both consistency reasons with the Admin role, which did provide this capability, but also to be able to cater for some upcoming use-cases.

New OAuth authentication method

RITM now also supports an authentication method using OAuth Access Tokens to cater for future integrations for the backend to interact with IDP APIs both on behalf of the authenticated user but also for administrative and generic tasks.
Requires the use of OAuth Access Tokens and appropriate scopes.

IDP credential integration

The password policy of the IDP we integrate with is now retrieved, used for validating a user’s password and is also exposed in the UI.
Implemented password management capabilities for Service desk and Self-service scenarios.
Implemented primary phone number verification flows for Service desk and Self-service.
Implemented primary email verification flows for Service desk and Self-service.

The Profile page now supports a two-level menu layout using the accordion menu capability, allowing menus to have sub-items (children menus).

New Security menus on the Profile page

Introduced a new “Security” menu on the Profile page that allows users to manage security settings from a Self-service or a Service desk scenario.

In-profile external links

In-profile links were introduced for all menus within the profile page, allowing us to optimise the user experience for the various workflows provided by the IDP.

New "Password" tab on "Add user" wizard

The new “Password” tab allows admin users to see what the password policy is when adding a new active account and to make sure the filled in information is correct.

Platform and Profile access functionality per organisation

Allows platform admins to disable certain parts of the platform or the profile page for new organisations.

Title and X button on success/ error messages

In-profile links were introduced for all menus within the profile page, allowing us to optimise the user experience for the various workflows provided by the IDP.

Redirect the user back to his last active page on session expiration

If a user’s session expires, we are now redirecting him back to the last visited page in RITM, and not to his landing page. The landing page is enforced only when authenticating in a new session.

Updated default styling to OneWelcome

The default platform styling was updated to match the new branding.

Log events for all calls and call types

All endpoints have been checked to make sure that the audit stamp is present.
All events are part of the setup configuration.
All authentication methods create events (cookie/access token/API key)

Filter by Structure and Group

Introduced the ability to filter users by Structure and/ or Group on the Users → management and Reports pages.

What’s improved

The menu items displayed when accessing the Profile page in a self-service versus a service desk scenario are now independent from one another.

Updated management of back-end authentication methods for an organisation / segment

Updated backend and UI on the organisation configuration wizard to cater for the new OAuth back-end authorisation method.

Only display active Applications on the user’s own Profile

Inactive applications are no longer shown on the authenticated user’s own profile. However, an admin is able to see all the applications that a managed identity has access to on that identity’s profile page.

Hide "Immediately" and "Once" from recurring jobs

Recurring jobs no longer have the “Immediately” and “Once” available schedule options listed on the “Schedule” tab.

Access role wizard improvement

You can no longer add empty applications in Access roles.
The “+ Add application” button is no longer displayed when there are not available applications. In this case, the page will say: “There are no applications available.”

Admin role wizard improvements

Structures set to “<Ignore>” in entitlements are no longer displayed in the entitlements overview table.
Updated spacing between entitlements to make a clearer distinction between them.
Parent action toggles are disabled if none of the children are enabled.
If the admin user configuring the admin role is not allowed to cascade any role to his managed identities, or if all of the roles were already added, we now display a message to the user: “There are no other roles available”.
“Attribute entitlements” tab is not displayed if the “Edit attributes” action is not enabled.

Personal role wizard improvements

The “Attribute entitlements” tab is no longer displayed if access to the “Profile data” menu is not enabled in the “Profile access” tab.
“Request access” is no longer part of the “General” tab under “Role entitlements”, but is now part of “Profile access” tab. If the user is granted access to the “Profile access” tab, he will also be allowed to request roles.

We now present a 4xx error instead of a 5xx one when doing any API call using a valid access token if the passed access token is not authorised to do these calls.

Less verbose invalid payload error

Error code/ns is now less specific when passing, for example, an incorrect JSON to an API.

Display organisation code instead of ID in error response

Organisation ID is no longer shown in error response when trying to Edit via API a user not in the scope of the administrator, but instead, organisation code is.

Make UID optional for retrieving access roles

UID is no longer a mandatory parameter for a call to retrieve the access roles of a user, but instead we use the "uid" of the user that authenticates to the API as the default, if no "uid" is passed. If "uid" is passed, we always use that.

Enhanced validation when passing incorrect attributesOf on retrieving profile information of the authenticated user via API

Passing an invalid attributesOf option on retrieving profile information of the authenticated user now returns an error message that the parameter is incorrect.

Enhanced validation for missing groupMemberships object on creating a user when using the API

The payload is checked and we now return a 422 error response in case the group code was not passed.

Canonical values in Reports and Management Filter

We now display configured canonical values as list items in a dropdown instead of an input field in the filter on Reports and Management, enhancing the usability of the filter.

Improvements to the managed-identities API

Incorrect attributesOf parameter is no longer allowed, and we now check if the passed attributesOf is one of the possible ones.
In addition to responding with the codes and names of roles assigned to an identity, we now also return the start and end date for those roles.
Introduced the ability to "filter" on structure and group code. StructureCode and groupCode are thus become extra optional parameters in the call to the API.

Platform reorganisation

The platform sections and naming conventions were updated to the current default platform structure and no longer reflects the old one.

Font-family and font-size consistency on the platform

The different elements on the platform such as input fields, multi-line input fields and menus now use the same font-family.
There are no more font size differences between input fields and multi-line input fields.
Only the first word within on a button is capitalised anymore, not all.

Fields and dropdowns enhancements

A search field is now shown on flat dropdowns with more than 10 items.
The number of list items we display in dropdowns is now limited to 10.
The search field is no longer displayed in the dropdown for nested structures.
Implemented the Show/Hide functionality on input fields.
The * indicator of a mandatory field is now displayed on the Settings → Organisation details page.
The default selector state for the Profile landing page on My profile is now the same as the Platform landing page one.

Use fullCode as identifier for attributes

As two attributes could potentially have the same code (for example “value” or “type”, we are now storing their fullCode as a more reliable identifier.
Attributes' full code is now stored in the database.
Attribute entitlements use the fullCode as an identifier.
The attribute fullCode is now retrieved by the UI on Edit / My profile / Access profile.

What’s fixed

Admin role with only “View profile” rights could still manage groups

Users without “Edit” entitlements can no longer manage the groups of users on their Profile page.

Search & Filter issues

The “Filter” button no longer resets the filter.
Filter results always start on page 1, so filtering on a page other than the one the user is listed on shows the searched user.
Deleting all items on a table page greater than 1 now takes you to the previous page.
Search is no longer case sensitive on the “Attributes list” and “Attribute categories” pages.

Selector width issue on Mass updates

The width of dropdowns is no longer changed based on the name of the selected item, but is fixed to a default width.

Translation label fix on the "Applications" page of the profile

The “There are no applications to display” message we are displaying when a user doesn’t have access to any applications is no longer hardcoded, but included in translation.

Rules wizard improvements

The search field displayed on dropdowns within the Rule configuration wizard now works correctly.
The phone number is now correctly displayed in the “Affected identities” tab, instead of [object][object].
The count for the affected identities parameter on performing Mass updates/ Rules is shown correctly.

Application wizard validation issues

The application protocol field would display a warning even after selecting a protocol. Now the selected protocol is correctly taken into account.

Job tiles information improvements

"Immediately" is now included in the schedule overview on the "Schedule" tab for jobs.

Last updated on Sep 28, 2021

Was this page helpful?