Release 5.15
New SAML Integrations
New SAML application templates have been added for AppDynamics, Atlassian Access, BambooHR, Envoy, Jamf Pro, MuleSoft, PagerDuty, Snowflake, Splunk.
Generic LDAP Sync
In addition to the existing Active Directory (AD) and Azure AD sync and password authentication functionality, Identity as a Service now supports user and group synchronization, password authentication, and password management (change, unlock, and reset) from non-AD LDAP directories.
In some LDAP directories, if an account becomes locked due to too many incorrect password attempts, the account unlock feature may return an error preventing the user from unlocking their account. If this occurs, use one of the following workarounds:
- Disable the User Unlock Account setting and enable the "Enable Forgot Password" setting in the Identity as a Service Password Authenticator Settings (Settings > Authenticators > Password). Doing this allows users to complete the reset password flow and clears the account lock after the password has been successfully reset. See Modify password authenticator settings.
- Modify your LDAP schema to update the
pwdAccountLockedTime
attribute to remove theNO-USER-MODIFICATION
flag to allow thepwdAccountLockedTime
attribute to be removed without requiring a user's password to be changed or reset.
AD Connector enhancements
- AD Connector can now be used for password authentication, password change and password reset scenarios for the users imported by the AD Connector.
- Redundant instances of AD Connector can now be created to support high availability setups.
- AD Connector can now be used in Cloud App federation integrations (SAML, OIDC) for the users imported by the AD connector by supporting custom AD attributes.
- AD Connector can now optionally import short user aliases together with the other login formats.
Browser Deprecations
In August 2021 Microsoft will no longer support Internet Explorer 11 for Office 365 (Microsoft's statement). At that time, Identity as a Service will also cease support for Internet Explorer 11.
Changes to Identity as a Service APIs
The following changes have been made to the Administration APIs:
- A new attribute
groupObjectClass
has been added to theDirectorySync
. This value specifies the directory object class that contains a user's group membership. - A new attribute
type
has been added to theDirectory
with values AD and LDAP. This value specifies the type of directory from which users can be synchronized.