3.1.15 - Product Release

New Features

1. User Management

  • User Threshold

    • General configuration for the threshold updated.

    • UI changes for:

      • Creation, updation, and deletion of users.

      • Retry staging users from the staging dashboard.

      • Archive for user threshold

      • Updated Email Title and Template.

    • Notifications for user threshold:

      • Notification field made mandatory.

      • Org Admin set as default notifier (not supported for old tenants).

      • Notification Field in User Threshold Config for delete users

    • Staging dashboard:

      • Updates to the staging dashboard view and error messages.

      • Display names shown during threshold delete operations.

    • Manual “Move to Archive” button added for staging users.

    • Failure handling for moving staging users to archive, including audit log display.

  • User Directory Search

    • Quick search updated to support:

      • Employee ID, email, mobile, first name, last name, middle name, display name, login.

    • Dropped support for: grade, userType, department, designation, custom attributes.

  • Email Validation

    • Removal of Email validation from backend

2. Workflow

  • Custom Attributes in Workflow Rule Events

    • Supported events:

      • User Creation

      • Application Provisioning, Deprovisioning, and Update

  • Pending Workflow Enhancements

    • Reassign user functionality added to the inner page.

    • Requester and requestedFor columns added.

  • UI/ UX Changes

    • The inbox title within the workflow setup event now displays the workflow name.

    • The Pending Workflow List now includes 'Requester' and 'Requested For' columns for display.

    • User details section in Inbox Requests will now include assigned application details

    • Workflow Inbox will now include start date and end date filters.

  • User Delete Workflow

    • Workflow and rule configuration support added.

  • Workflow assignee escalation:

    • If the workflow-task assignee is the same as target-user/requester then assign task to assignee's reporting-manager. Application level configuration support provided, default is disabled.

  • Default Workflow Rule

    • A workflow rule that is configured without any conditions, It triggers when no other rule matches. Supported events include:

      • User Creation, Application Provisioning, Application Deprovisioning, Workflow Setup, Application Role, Decommission Device, Application Update, Access Review Reject, User Delete, Form Logic Workflow, Exception Application, Movers

3. UI/UX Enhancements

  • Warning added || Application Config Import Modal || Auto 'Create Only' for User Principal policy mappings

  • Amaya || Add support for JSON body validation through validate button

  • Inconsistent button placement across certain modules has been rectified by aligning them to a standardized position below.

  • Onboarding Walkthrough for new users.

  • Audit log comparison for oldObject and newObject when they are in detailed format

  • QR code zoom feature added to FIDO, TOTP, and push authenticator scanners.

  • Improved runtime error handling with a sitewide error page.

  • Enhanced build performance by 46%.

4. Identity Governance

  • RecommendationEngine

    • Enables seamless integration and management of application and role recommendations.

    • Supports generation of personalized application and role suggestions.

    • Supports the automatic synchronisation of data from various sources, ensuring that recommendations are always based on the user behaviour.

    • All recommendation engine configurations, data synchronisation are stored and can be easily retrieved and updated as needed.

    • Campaign and workflow integration for approvals and recommendations.

    • Scheduler history provided with container status.

    • Campaign: Recommendation details shown on assignment approver action in campaign for campaign assign.

    • Inbox: Recommendation on application assignment workflow request in inbox for approver.

  • Role Based Forms

    • Per role form request was introduced which enabled to invoke a new form for every new role requested by the end user

  • Improved Campaign Visibility & Control

    • Includes notifications for Managers, internal users, and external emails, along with downloadable campaign reports.

  • The ability to extend running campaigns provided and Initial planned end dates visible in tooltip after the campaign gets extended

  • Save as Draft feature is provided in approvers view, where approver can select and approve multiple requests as draft and then save all of them as one.

  • Recommendation Scheduler History: Provides information on whether the recommendation engine is configured, along with the scheduler history, including its status (running or completed) and the number of records processed.

  • Recommendation Engine Scheduler: It tells you about the running container for the particular tenant on the version page

  • Highlighted the SOD Rule (name) being violated during the recommendation to the user

5. Mover Process

  • Gradual rollout across phases:

    • Phase 1: UI configuration without backend integration.

    • Phase 2:

      • UI performance optimisation, made new UI designs and implementation to boost the performance by reducing API call compare to earlier UI proposed

      • Default scheduler (No execution)

      • Added calculation for applicationToSkip, applicationToRemove and applicationToAdd (backend only).

      • Refactor existing Cymmetri user update API (backend) .

        • Manual Update

        • Reconciliation -Both exist update

        • Teams -User update

        • Delegation -> Teams -> User Update

        • Manager assign Import

        • Manager Link Import

        • Manager gets a link while the user imports using csv.

        • Also manager assignment from UI

      • Refactor existing deprovision and provision rule execution

      • If mover configuration is active then only calculations will perform for application to remove.

    • Phase 3: Dashboard for deprovisioned apps

    • Phase 4: Deprovision Scheduler, Workflow, Dashboard Enhancements, and Notifications.

6. Application Management

  • Reconciliation

    • 360 Degree Reconciliation:

      • Compare tab for comparing source and target applications.

      • Generate and download csv reports.

    • Reconciliation Dashboard Enhancements:

      • Reconciliation Filters,

      • Partial job failure handling, and

      • Reconciliation job notification configs.

      • Removed global-level and added application-level recon notification configuration.

      • Added a new recon failure notification template.

    • Reconciliation Activity Log - Show previous and next 10 minutes activity log for each reconciled entity (user/group)

    • 360 degree recon support for Simple LDAP Application

  • Exceptional Applications

    • Configuration Side

      • Schema, Masters, and Template with application mapping

      • Quick Setup

    • Self-service Side

      • List Exception Applications

      • Request Exception Application functionality

    • Workflow integration and dashboard for exception requests.

    • Exception workflow configuration and invocation of the workflow for exception application access requests.

  • Bulk Application Un-assignment

    • Bulk Application Un-assignment allows administrators to remove access to applications and roles from multiple users simultaneously using a CSV file.

  • On Demand Access

    • On Demand Access Request offers the capability to define on-demand roles, allowing administrators to enable access dynamically.

  • Global Apps

    • Global Apps allows the user to configure applications that are applicable to all the users which are not available via On Demand or Exceptional Applications Configuration

  • Role description is provided under the role name whenever an application is requested.

  • Role Management

    • Parent and child role support added in CSV imports and manual role creation.

  • Application ➝ Assignments ➝ User assign ➝ Failure/Pending assignment user list Integration

7. Data Logger

  • Data logger service version information added.

  • Optimized the data-logging framework for better performance.

  • Full sync support added(this step is an optional step and required only if any of the below conditions match),

    • Tenant audit database is not present, or

    • Tenant audit database is corrupt so fresh setup is required.

8. Tenant Registration

  • Optimized the tenant registration database creation process.

  • Tenant Registration Process Resumption: If the tenant registration process is interrupted, it can be seamlessly resumed and completed using the existing account configuration. The registration process can be resumed from the following stages:

    • Pending OTP Verification

    • Incomplete Credential Setup

9. SSO (Single Sign-On) and TOTP Config

  • External IDP SSO: Added support to log in to Cymmetri as an external identity provider for IDP-initiated SSO.

  • SAML IDP SSO: Added support to send IDP-initiated (Cymmetri) SSO response to Cymmetri as a service provider.

10. MFA (Multi-Factor Authentication)

  • TOTP Config:

    • Look-ahead window: Added support for 0 as an option inside the dropdown.

  • SDK Integration:

    • Implementing SDK integration for mobile push notifications to resolve issues with the existing legacy API of:

      • Fido Based Notifications and

      • Normal Push Based Notifications

11. Form Logic

  • The Form Logic functionality enables you to store custom data using flexible, administrator-defined forms.

  • It empowers you to create forms tailored to your specific data collection requirements, providing a versatile solution for various data management needs.

  • Form Logic webhook sample request schema and sample script updated for user details.

12. SkipPasswordExpiry

  • Skip Password Expiry has been added to the PasswordChangeRule.

  • This option allows administrators to exempt specific users or groups from the regular password expiration process.

  • When enabled for a user, they will not receive any warnings or notifications regarding password expiry, and they will not be required to change their passwords due to expiration.

13. Connector

Active Directory and SimpleAD Connector

  • Active Directory || SimpleAD Connector upgrade

    • UserAccountControl attribute support added

    • memberOf attribute support in manage system viewer

    • ProxyAttribute attribute support added

  • Amaya

    • Added the following templates for quick setup:

      • Atlassian

      • Zoho CRM

      • Zoho Desk

      • Zoho Books

      • Zoho Expenses

    • General Config based role data type

    • Provided support for integer values for ROLE assignment through Amaya.

  • LDAP Connector

    • A new connector named 'SimpleLDAP' has been added for connecting to LDAP Applications.

    • The LDAP adapter has been updated with a new feature that eliminates the need to enter a username and password for each execution.

  • ScriptOn(Database) Connector

    • Manual Link operation support added

14. Configuration

  • Email Configuration Update

    • Mail Username and Password fields no longer require validation, allowing them to be empty. This is because some email servers do not require authentication.

    • Other fields, such as Mail Port, Mail Host, and Mail Sender, still require validation to ensure proper email functionality

15. Insights

Identity Analytics

  • Reports Email Scheduling

    • Configuration support added for fetching a report of current business day.

Advanced Analytics

  • Authentication Data model created

  • Support for downloading reports in CSV or PDF.

  • Generate Report

    • New Generate Report button when viewing reports in Insights > Reports > View icon

16. Logs

  • External Logs

    • This feature provides a centralised way to capture and view logs from external applications interacting with Cymmetri via webhooks or batch tasks.

    • This enables administrators to debug external interactions directly within Cymmetri, simplifying the monitoring and troubleshooting process

17. Backend Enhancements

  • End-to-End Encryption

    • End-to-end encryption has been added for all authservice APIs (/authsrvc/*). This includes encryption of request and response payloads.

    • End-to-end encryption (E2EE) support added in provisionengine

  • Redis Cache support provided for the My Workspace section to improve performance.

  • APIEXT:

    • Exposed a new API for implementation team to get user details based on email, login and/or displayName

Known Bugs

  1. manager notification: receiving user name required manager name

  2. In application setting if show to user flag off then also application show in recent application

  3. Amaya || Unable to identify application properties data type where value is empty

  4. Amaya || Create user operation falls due to invalid password

  5. Reports-Records are getting displayed after 11min approximately

  6. recommendation run for tenant 2711 taken 2 days, 3 hours, 8 minutes, and 12 seconds for 345,000 users

  7. During reconciliation, when the user login ID is left blank and the loginGenerator is activated, the process fails due to the empty login

Last updated

Was this helpful?