Release 5.15

February 2021

New SAML Integrations

New SAML application templates have been added for AppDynamics, Atlassian Access, BambooHR, Envoy, Jamf Pro, MuleSoft, PagerDuty, Snowflake, Splunk.

Generic LDAP Sync

In addition to the existing Active Directory (AD) and Azure AD sync and password authentication functionality, Identity as a Service now supports user and group synchronization, password authentication, and password management (change, unlock, and reset) from non-AD LDAP directories.

In some LDAP directories, if an account becomes locked due to too many incorrect password attempts, the account unlock feature may return an error preventing the user from unlocking their account. If this occurs, use one of the following workarounds:

1. Disable the User Unlock Account setting and enable the "Enable Forgot Password" setting in the Identity as a Service Password Authenticator Settings (Settings > Authenticators > Password). Doing this allows users to complete the reset password flow and clears the account lock after the password has been successfully reset. See Modify password authenticator settings.
2. Modify your LDAP schema to update the pwdAccountLockedTime attribute to remove the NO-USER-MODIFICATION flag to allow the pwdAccountLockedTime attribute to be removed without requiring a user's password to be changed or reset.

AD Connector enhancements

• AD Connector can now be used for password authentication, password change and password reset scenarios for the users imported by the AD Connector.
• Redundant instances of AD Connector can now be created to support high availability setups.
• AD Connector can now be used in Cloud App federation integrations (SAML, OIDC) for the users imported by the AD connector by supporting custom AD attributes.
• AD Connector can now optionally import short user aliases together with the other login formats.

Browser Deprecations

In August 2021 Microsoft will no longer support Internet Explorer 11 for Office 365 (Microsoft's statement). At that time, Identity as a Service will also cease support for Internet Explorer 11.

Changes to Identity as a Service APIs

The following changes have been made to the Administration APIs:

• A new attribute groupObjectClass has been added to the DirectorySync. This value specifies the directory object class that contains a user's group membership.
• A new attribute type has been added to the Directory with values AD and LDAP. This value specifies the type of directory from which users can be synchronized.