What's new

Ceridian Dayforce (agtdayforce.con) - adds support for Python  

Generic Solaris Server (SSH) (agtsolaris_ng) - adds support for Python  

Telnet (agttelnet-openssl.exe) - alternate Telnet connector that supports OpenSSL 3.0

Generic Linux Server (SSH) (Legacy) (agtlinux)  

SSHD Host target system (Script) (agtssh)  

The SAP Server Customer-Verified connector (agtsap.exe) is deprecated starting with Connector Pack 4.7.0 and will be fully removed for Connector Pack 4.9.0.  

The SAP Server (Netweaver 7.5+) 64-bit connector (agtsapnw.exe) should be used in place of the older agtsap (32bit) connector.  Removed connectors  Bravura Security Fabric (agtidm)

Support added for OpenSSL 3.0 for psunix (Connector Pack) and idmunix (Bravura Security Fabric)  

RedHat Enterprise 9 also makes use of OpenSSL 3.x, so this in turn adds support for the purposes of OpenSSL on RHEL9 as well.

RedHat Enterprise 9 support

Added support for Red Hat Enterprise Linux 9 for the idmunix-rhel-el9.x64.tar.gz package.   

Note: This support also available for the latest Bravura Security Fabric 12.7.x.  

Windows Server 2025 support 

.NET 8.0 Support 

Updated minimum supported Microsoft SQL Server version to 2016. Replaced SQL Server audit trigger CONTEXT_INFO with SESSION_CONTEXT, which can store more audit data.

Added a health check for user class cache validity that allows product administrators to see if user class caches are valid and resolve if required, improving the performance of end-user filters.  

Optimized userclass/userclasspoint cache update triggered by a single user. 

Added the loadcvagents utility to install the Customer-Verified connectors. When loading connectors, the post-installation or post-upgrade tasks are also modified to install the Customer-Verified connectors for the configured target systems on the Bravura Security Fabric instance server. Removed the Customer-Verified pre-installation check to no longer run for proxy server upgrades. 

Exposed failed host in IDPM_REQUEUE exit trap for listing successful and failed targets. 

Added components for interfacing with Bravura Cloud as part of Pass Plus’s Password Change/Resecure feature. 

Improved catch-all authorization functionality for when not enough authorizers are configured.   

Improved request kvg in workflow plug-in’s input, in the case of a request containing duplicate resources, it always includes the copy from the enacted resource if applicable. This can avoid issues with authmod, implementer, etc. plug-ins due to the duplicate resources. 

Added configuration options in config.js to control the Chosen jQuery plugin's activation thresholds for single-select and multi-select elements, improving accessibility for dropdown menus with fewer options. 

Improved the styling and structure of radio selection lists in authentication chains.

Optimized views and queries to calculate nested group memberships which can improve performance of stored procedure UserclassUserList called by loaduccache utility. 

Added a discovery flag to reduce disk space usage for discoveries that are likely to be small (such as pull-mode ones). By default, pull-mode systems will use this flag. The LWS SAVE QUEUE SPACE system variable can return pull-mode systems to their old behavior. 

Optimized auto discovery.

Modified Guacamole in-browser RDP token redemption request to use POST instead of GET to prevent the token from appearing in IIS logs.  

Added a new password generation plugin, advrandpasswd, to be able to generate stronger passwords . 

Set Referrer-Policy to no-referrer in HTTP Response Headers.

Disabled the HTTP OPTIONS method.

Fixed an issue when using an absolute path for custom connectors that was previously showing an error for "The connector for [] is not installed" on the target configuration pages.

Added the ability to use relative paths for the directories that loadplatform uses for the connectors rather than absolute paths so that the connector files such as attribute definition files can be located correctly.

Fixed an issue for the trace functionality in order to log the thread id correctly for agent operations in the trace file that is used by the “Trace Logging“ target system address configuration option. 

Added support for OpenSSL 3.0 for the psunix package for Connector Pack and for the idmunix package for Bravura Security Fabric. Added the agttelnet-openssl.exe Telnet connector that adds support for OpenSSL 3.0.

Cleaned up branding changes 

Disallow options Changes made will invalidate authorizations and Encrypt this attribute in the database to be checked at the same time when adding/updating an attribute via the UI or idmconfig.  

Updated the Orgchart graph page to load the current user’s manager, even if the manager is in an orphaned Orgchart tree (calculated level is -1).  

im_corp_hr_orgchart_manager: adjust the early termination condition to check the orgchart data in addition to attribute values 

Updated error message regarding Guacamole container connection issues.  

Clarified password conflicts pages.

Removed REST policy (OPA) dependency on SQL Service Broker.

Fixed REST API endpoint PATCH /targetSystems({key)} to properly save target system option "automaticallyDiscoverResourcesToLoad".

Added OPA policy identity_connect_token to IdentityServer login endpoint to authorize login attempts.

Default policy identity_connect_token set to check for userclass membership to _EXPLICIT_REST_API_USERS_.

Added new Rego custom function GetProfileAttributeValues.