4.9

SQL Server 2025 target support

Added support for Microsoft SQL Server 2025 as a target/server for the agtsql and agtsqlscript connectors, with associated updates to test automation environments and connector documentation to cover SQL Server 2025 usage.

Introduced the initial version of the Oracle NetSuite connector (agtnetsuite), provided as part of the standard Connector Pack.

Group membership add/remove operations

Implemented group membership management in the NetSuite Python connector so GRUA scenarios no longer failed with an "objreladd not implemented" error, by adding the groupuseradd and groupuserdelete operations to add and remove users from roles.

Connector verification classification updated

The Oracle NetSuite custom connector was reclassified from Bravura Security‑Verified to Customer‑Verified because Bravura did not maintain a NetSuite environment and did not run regression tests for this connector.

Updated the Bravura Safe (2025+) and Bravura Safe User Management (2025+) connectors to use the Bravura Safe CLI (bsafe.exe) instead of the legacy Bitwarden CLI (bw.exe). The CLI is available via the Bravura Safe GitHub repository: https://github.com/Bravura-Security/bravura-safe_clients/releases.

HTTPS support for on-premises connections

The Exchange connector previously hardcoded http:// in the New-PSSession -ConnectionUri for on-premises Exchange PowerShell connections, meaning port 80 was required. A new useSSL boolean parameter was added to the target address configuration that toggles the connection URI between http:// and https://. The default remains http:// for backward compatibility. The Exchange Online (ConnectCloud) code path is unaffected. Upgrade note: when enabling useSSL, the Exchange server must have a valid SSL certificate bound to the PowerShell virtual directory.

Exchange connector longid output for create operations

Updated the Exchange 2007+ Server connector (agtexg2k7) to add the longid for the agent output for the create operation and for when users already exist.

Exchange connector OAuth 2.0 authentication support

Exchange connector now supports OAuth 2.0 authentication for Exchange Online (list operations only; on-premises Exchange continues to use Basic Authentication).

Expired password/account handling

Reintroduced support for the AD_VERIFY_EXPIRED_PW and AD_VERIFY_EXPIRED_ACCT registry options so you can control whether expired passwords and expired accounts are treated as login failures.

Better handling of new users

Updated the Azure AD connector to tolerate Microsoft Graph's eventual consistency when creating users. After a successful user create, the connector now uses the object ID for follow‑up checks and applies targeted retry logic to PATCH operations, so attribute updates that happen immediately after creation no longer fail due to transient "resource does not exist" responses.

Azure AD onPremisesSyncEnabled account attribute added

Added the onPremisesSyncEnabled account attribute for the Azure Active Directory (agtazure) connector.

Salesforce SOAP API version 65.0 support

Support has been added for version 65.0 of the Salesforce SOAP API.

Logging level

Updated the PowerShell connector so that variable conversion messages are logged at Debug level instead of Info, reducing noise in normal logs.

Salesforce: New troubleshooting subsection for no accounts returned from discovery

Added a new troubleshooting subsection titled “No accounts returned from discovery” that provides initial troubleshooting steps and error message details for situations where discovery processes return no accounts, helping administrators diagnose configuration or query issues more quickly.

Removed deprecated legacy SAP connectors

Removed the legacy SAP Server (agtsap) and SAP HCM (agtsaphr) connectors after the defined deprecation period (deprecated 2025-03-19; deprecated in Connector Pack 4.7.0; removed in 4.9.0), including removal from the Customer-Verified Connectors list; use the NetWeaver 7.5+ connectors (agtsapnw and agtsaphrnw) for SAP connectivity going forward.

SAP Netweaver / agtsapnw reclassified from Bravura Security-Verified to Customer-Verified

The agtsapnw (SAP Server (Netweaver 7.5+)) connector was reclassified as a Customer-Verified connector. It is no longer installed by setup or connector-pack-x64.msi (including command-line installation). The connector and its attribute definition files are now distributed inside connector-pack-customer-verified.zip under a SAPNW directory and can be installed using loadcvagents and loadplatform. All other SAP connectors remain Bravura Security-Verified.

Removed agtbsafe and agtbsafe-user connectors for Bravura Safe. The new agtbsafe25 and agtbsafe25-user should be used instead.

Updated the end-user license agreement to remove the Training section.

Siteminder connector list override setting

Fixed an issue in the Siteminder connector (agtsm) so that it now correctly saves the list override setting.

Windows Server connector default global attributes with overrides

Fixed an issue to include default global attributes when an attribute override is used.

PeopleSoft 8.49 session handling crash during list groups

Fixed session handling in PeopleSoft 8.49 agent to prevent a crash during list groups operation.

Notice log spam from empty timestamps

Eliminated repeated "not a valid format []" notices when Okta timestamp fields are missing.

Active Directory connector – expired password/account handling

Restored the documented behaviour for how expired passwords and accounts affect login checks via registry options.

New user creation falsely reported as failed

Fixed a bug where Azure user creation succeeded but was reported as failed because subsequent attribute updates immediately after creation returned HTTP 404 "resource does not exist". The connector now recognises this as a temporary propagation delay, retries PATCH operations for newly created users, and uses the user's object ID when checking for resource existence, so template attributes and post‑creation changes are applied reliably without manual intervention.

User filter URL construction

Fixed formation of URLs for filtered user listings, preventing Azure "Invalid filter clause" errors.

Azure AD query URL construction with empty attributes

Updated the Azure Active Directory connector (agtazure) to correctly construct the query URL when attributes are empty and a filter is used, which was previously causing listing to fail.

NetSuite entityId not set on create account

Fixed an issue where the NetSuite connector was not correctly setting the entityId field when creating new user accounts, resulting in an auto-generated identifier instead of the specified value. Create account operations no longer failed to set entityId as configured (previously requiring manual correction in the NetSuite UI); this was noted as applicable for environments running Pass/Identity 12.6.3 with Connector Pack 4.8.x.

Correct handling of includeInGlobalAddressList

Fixed an issue where create operations could default includeInGlobalAddressList to true (and log "Warning: Error occurred when setting attributes: [Resource Not Found: userKey]"); the connector now treated the attribute as a boolean (not a string) and corrected the read/write paths, including a copy-paste error where the read path returned a different attribute's value.

Python dependency version mismatchPython dependency version mismatch

The dayforce-py connector's pip requirements file specified jsonpath_ng==1.6.0, but the connector code required jsonpath_ng==1.8.0 (specifically the ExtendedJsonPathParser import). Running the connector with the pinned 1.6.0 version resulted in an ImportError. The dependency was bumped to 1.8.0.

For environments using the Bravura Safe (2025+) connectors, replace bw.exe with bsafe.exe on the Bravura Safe connector host. Download bsafe.exe from: https://github.com/Bravura-Security/bravura-safe_clients/releases .

Salesforce OAuth token

An OAuth token must be configured on the Salesforce side and set on the Bravura Security Fabric side.

The system ID corresponds to the client_id and the system password corresponds to the client_secret.

Removal of deprecated SAP/ agtsap.exe connector

The agtsap.exe connector has been removed from Connector Pack 4.9.0, completing its deprecation period (deprecated in Connector Pack 4.7.0 on 2025-03-19). Environments that still rely on this connector must migrate to an alternative before upgrading to Connector Pack 4.9.0.

SAP Netweaver connector relocation

Environments using agtsapnw that upgrade to Connector Pack 4.9.0 will find the connector is no longer installed by the standard installer. Extract agtsapnw and its attribute definition files from connector-pack-customer-verified.zip (under the SAPNW directory) and install them manually using loadcvagents and loadplatform.

Oracle NetSuite / agtnetsuite-py – Connector moved to Customer-Verified distribution

Transitioned the Oracle NetSuite (Python) connector from Bravura Security-Verified to Customer-Verified, removing it from the Connector Pack installer and bundling it in the customer-verified connector pack zip; deployments that use this connector should install it as a Customer-Verified connector.

Dayforce Python dependencies (4.8.1 / 4.9.0)

The dayforce-py connector now requires jsonpath_ng>=1.8.0. If you manage Python dependencies outside the standard installer (e.g., air-gapped environments), update jsonpath_ng before deploying the new connector version.