4.6.3

Updated the Google Apps connector (agtgapps) to add support for clearing app-specific passwords, backup verification codes, third-party tokens, and to disable two-step verification as part of the reset, disable, delete and update operations.

Updated the Exchange 2007+ Server connector (agtexg2k7) to add the longid for the agent output for the create operation and for when users already exist.

Added the onPremisesSyncEnabled account attribute for the Azure Active Directory (agtazure) connector.

Updated the unixssh.py script for the Python connectors to allow for a dot/period as an allowed character for user/account IDs.

Support has been added for version 65.0 of the Salesforce SOAP API.

Updated the Powershell connector (agtps) to change the logging level from Info to Debug when converting variable values.

Updated Active Directory (agtaddn) computer attribute listing to exclude msDS-RevealedUsers and msDS-AuthenticatedToAccountList, as these lengthy multi-valued attributes exceed the discovery queue size limit.

Updated the Azure Active Directory connector (agtazure) to correctly construct the query URL when attributes are empty and a filter is used, which was previously causing listing to fail.

Updated connectors that make use of winhttp calls to ensure that logging is added to state both the method and the URL and to say which calls are being made.

Resolved an issue with the SAP Server (Netweaver 7.5+) connector (agtsapnw) when listing users filtered with a selection range to add more than one selection criterion.  This was previously causing an issue where only one selection range could be listed.

Fixed an issue with the Google Applications connector (agtgapps) for better error handling for the list groups operation when it is listing roles.  This prevents a crash when listing roles that are missing their description.

Updated the unixssh.py script for the Python connectors to allow for a dot/period as an allowed character for user/account IDs.

Fixed an issue with the DUO Authentication (agtduo) connector for challenge response authentication when a user does not have any DUO authentication methods configured.

Modified the Okta connector (agtokta) to only show one challenge response option for the Okta Verify method for the OTP codes. This also allows the OTP code from other registered Okta Verify challenge response factors to work with the single challenge response option. For example, it enables the interchangeability of OTP codes between Okta Verify and Google Authentication Okta authentication methods.

This resolves an issue where, previously, when multiple Okta authentication methods are presented for the same option, it was not possible to distinguish which mobile device the OTP code was expected to be from.

Fixed an issue with the Okta connector (agtokta) to ensure that when methods from the "Authentication methods order" target address configuration are not configured that the matching Okta methods are not shown for the user on authentication for Okta challenge response.

Sanitized log messages from Oracle platforms when failing to reset a password due to it containing a comment.

Fixed an issue with the SAP Hana Database connector (agthana) when encryption is used for the target address configuration.

Resolved an issue with the SAP Server (Netweaver 7.5+) connector (agtsapnw) when listing users filtered with a selection range to add more than one selection criteria.  This was previously causing an issue to only list from one selection range.

Fixed an issue with SAP Server (Netweaver 7.5+) (agtsapnw) connector to always call the RfcDestroyFunction.

Fixed an issue in the Siteminder connector (agtsm) so that it now correctly saves the list override setting.

Fixed session handling in PeopleSoft 8.49 agent to prevent a crash during list groups operation.

Review any existing Google apps targets to determine if app-specific passwords, backup verification codes, third-party tokens should be deleted and if two-step verification should be disabled during disable and delete operations.  The agent will now default to "yes". If this behavior is unwanted, uncheck the boxes for the following address line attributes on agtgapps targets:

An OAuth token must be configured on the Salesforce side and set on the Bravura Security Fabric side.

The system ID corresponds to the client_id and the system password corresponds to the client_secret.