4.8.1

Introduced the initial version of the Oracle NetSuite connector (agtnetsuite), provided as part of the standard Connector Pack.

Group membership add/remove operations

Implemented group membership management in the NetSuite Python connector so GRUA scenarios no longer failed with an "objreladd not implemented" error, by adding the groupuseradd and groupuserdelete operations to add and remove users from roles.

Connector verification classification updated

The Oracle NetSuite custom connector was reclassified from Bravura Security‑Verified to Customer‑Verified because Bravura did not maintain a NetSuite environment and did not run regression tests for this connector.

Updated the Bravura Safe (2025+) and Bravura Safe User Management (2025+) connectors to use the Bravura Safe CLI (bsafe.exe) instead of the legacy Bitwarden CLI (bw.exe). The CLI is available via the Bravura Safe GitHub repository: https://github.com/Bravura-Security/bravura-safe_clients/releases.

Listing behaviour

Improved error handling when listing users and other objects so that partial listings are no longer treated as successful. This prevents only a subset of Okta users being loaded during auto‑discovery.

Timestamp logging

Updated the Okta time conversion helper to return an empty string when the Okta time value is empty, eliminating “not a valid format []” notice messages when Okta timestamp fields (such as last login) are missing.

Salesforce SOAP API version 65.0 support

Support has been added for version 65.0 of the Salesforce SOAP API.

Expired password/account handling

Reintroduced support for the AD_VERIFY_EXPIRED_PW and AD_VERIFY_EXPIRED_ACCT registry options so you can control whether expired passwords and expired accounts are treated as login failures.

Better handling of new users

Updated the Azure AD connector to tolerate Microsoft Graph's eventual consistency when creating users. After a successful user create, the connector now uses the object ID for follow‑up checks and applies targeted retry logic to PATCH operations, so attribute updates that happen immediately after creation no longer fail due to transient "resource does not exist" responses.

Azure AD onPremisesSyncEnabled account attribute added

Added the onPremisesSyncEnabled account attribute for the Azure Active Directory (agtazure) connector.

HTTPS support for on-premises connections

The Exchange connector previously hardcoded http:// in the New-PSSession -ConnectionUri for on-premises Exchange PowerShell connections, meaning port 80 was required. A new useSSL boolean parameter was added to the target address configuration that toggles the connection URI between http:// and https://. The default remains http:// for backward compatibility. The Exchange Online (ConnectCloud) code path is unaffected. Upgrade note: when enabling useSSL, the Exchange server must have a valid SSL certificate bound to the PowerShell virtual directory.

Exchange connector longid output for create operations

Updated the Exchange 2007+ Server connector (agtexg2k7) to add the longid for the agent output for the create operation and for when users already exist.

Exchange connector OAuth 2.0 authentication support

Exchange connector now supports OAuth 2.0 authentication for Exchange Online (list operations only; on-premises Exchange continues to use Basic Authentication).

Logging level

Updated the PowerShell connector so that variable conversion messages are logged at Debug level instead of Info, reducing noise in normal logs.

Salesforce: New troubleshooting subsection for no accounts returned from discovery

Added a new troubleshooting subsection titled “No accounts returned from discovery” that provides initial troubleshooting steps and error message details for situations where discovery processes return no accounts, helping administrators diagnose configuration or query issues more quickly.

Windows Server connector default global attributes with overrides

Fixed an issue to include default global attributes when an attribute override is used.

Siteminder connector list override setting

Fixed an issue in the Siteminder connector (agtsm) so that it now correctly saves the list override setting.

PeopleSoft 8.49 session handling crash during list groups

Fixed session handling in PeopleSoft 8.49 agent to prevent a crash during list groups operation.

Notice log spam from empty timestamps

Eliminated repeated "not a valid format []" notices when Okta timestamp fields are missing.

Active Directory connector – expired password/account handling

Restored the documented behaviour for how expired passwords and accounts affect login checks via registry options.

New user creation falsely reported as failed

Fixed a bug where Azure user creation succeeded but was reported as failed because subsequent attribute updates immediately after creation returned HTTP 404 "resource does not exist". The connector now recognises this as a temporary propagation delay, retries PATCH operations for newly created users, and uses the user's object ID when checking for resource existence, so template attributes and post‑creation changes are applied reliably without manual intervention.

User filter URL construction

Fixed formation of URLs for filtered user listings, preventing Azure "Invalid filter clause" errors.

Azure AD query URL construction with empty attributes

Updated the Azure Active Directory connector (agtazure) to correctly construct the query URL when attributes are empty and a filter is used, which was previously causing listing to fail.

NetSuite entityId not set on create account

Fixed an issue where the NetSuite connector was not correctly setting the entityId field when creating new user accounts, resulting in an auto-generated identifier instead of the specified value. Create account operations no longer failed to set entityId as configured (previously requiring manual correction in the NetSuite UI); this was noted as applicable for environments running Pass/Identity 12.6.3 with Connector Pack 4.8.x.

entityId set during create account

Create account operations no longer failed to set entityId as configured (previously requiring manual correction in the NetSuite UI); this was noted as applicable for environments running Pass/Identity 12.6.3 with Connector Pack 4.8.x. (BSCS-11636, BSCS-11609, fixVersion: 4.8.1, 4.9.0)

Correct handling of includeInGlobalAddressList

Fixed an issue where create operations could default includeInGlobalAddressList to true (and log "Warning: Error occurred when setting attributes: [Resource Not Found: userKey]"); the connector now treated the attribute as a boolean (not a string) and corrected the read/write paths, including a copy-paste error where the read path returned a different attribute's value.

Python dependency version mismatchPython dependency version mismatch

The dayforce-py connector's pip requirements file specified jsonpath_ng==1.6.0, but the connector code required jsonpath_ng==1.8.0 (specifically the ExtendedJsonPathParser import). Running the connector with the pinned 1.6.0 version resulted in an ImportError. The dependency was bumped to 1.8.0.