4.5.3

Updated the Google Apps connector (agtgapps) to add support for clearing app-specific passwords, backup verification codes, third-party tokens, and to disable two-step verification as part of the reset, disable, delete and update operations.

Added the LOCACTIVITYGROUPS and LOCPROFILES table lookups and their account attributes for the SAP Server (Netweaver 7.5+) (agtsapnw) connector to provide support for SAP / CUA systems for local ACTIVITYGROUPS and PROFILES.

Updated the Okta connector (agtokta) to improve the error handling when listing users and other objects to prevent a partial listing returning success. This was previously causing only a partial listing of Okta users to be loaded for the instance when running auto-discovery.

Updated the Okta connector (agtokta) to improve error handling for the enable and serverinfo operations. This was previously causing an issue when enabling an account that is already enabled and is not suspended.

Updated Active Directory (agtaddn) computer attribute listing to exclude msDS-RevealedUsers and msDS-AuthenticatedToAccountList, as these lengthy multi-valued attributes exceed the discovery queue size limit.

Updated unixssh.py to fix issues with the reset operation when the date last changed and account expiry date attributes are empty.

Updated the unixssh.py script for the Python connectors to allow for a dot/period as an allowed character for user/account IDs.

Updated the SAP Server (Netweaver 7.5+) (agtsapnw) connector to comment out reading the ZMT_USER_SYSTEMS_READ function for CUA systems.

Fixed an issue with the SAP Hana Database connector (agthana) when encryption is used for the target address configuration.

Updated connectors that make use of winhttp calls to ensure that logging is added to state both the method and the URL and to say which calls are being made.

Resolved an issue with the SAP Server (Netweaver 7.5+) connector (agtsapnw) when listing users filtered with a selection range to add more than one selection criterion.  This was previously causing an issue where only one selection range could be listed.

Modified the Okta connector (agtokta) to only show one challenge response option for the Okta Verify method for the OTP codes. This also allows the OTP code from other registered Okta Verify challenge response factors to work with the single challenge response option. For example, it enables the interchangeability of OTP codes between Okta Verify and Google Authentication Okta authentication methods.

This resolves an issue where, previously, when multiple Okta authentication methods are presented for the same option, it was not possible to distinguish which mobile device the OTP code was expected to be from.

Fixed an issue with the Okta connector (agtokta) to ensure that when methods from the "Authentication methods order" target address configuration are not configured that the matching Okta methods are not shown for the user on authentication for Okta challenge response.

Review any existing Google apps targets to determine if app-specific passwords, backup verification codes, third-party tokens should be deleted and if two-step verification should be disabled during disable and delete operations.  The agent will now default to "yes". If this behavior is unwanted, uncheck the boxes for the following address line attributes on agtgapps targets: