Identity Cloud

New Identity Governance features

ForgeRock Identity Governance (IGA) introduces new features and upgrades for an enhanced user experience. The following features and enhancements have been introduced in this release:

New IGA features

IGA-2357: Event-based certification

Identity Governance now allows administrators to configure certifications triggerable by specific governance events, a process referred to as event-based certification. This method offers faster certification resolution compared to scheduled—and often lengthy—campaigns spanning weeks or months and involving numerous applications, intricate rules, and hundreds of reviewers.

The event-based certifications feature kicks off an identity certification for the following events:

  • User create. Identity Cloud detects when a user has been created.

  • User modify. Identity Cloud detects when an existing user has been modified or updated.

  • Attribute change. Identity Cloud detects changes in an existing user’s account attributes.

  • User delete/deactivate. Identity Cloud detects if a user’s account has been deleted or deactivated.

For more information, refer to Certify access by event

IAM-5146: Entitlement grant to users and roles

Identity Governance now allows administrators to carry out more fine-grained entitlement grants for their users. Administrators can now:

  • Create a role and grant entitlements to the role.

  • Revoke entitlements in a role.

  • Grant entitlements to a user.

  • Revoke entitlements from a user.

For more information, refer to Manage identities new sections.

IAM-4918 When delegating access to another end user, the end-user can only request access for users they have permission to see

When an end user wants to grant access to others using the end-user UI, the end-user can only delegate access to end-users they are granted to see; otherwise, they will see a drop-down list on the access request page displayig List is empty. You can fix this case by granting a type of scoped access request to the end user.

For information on setting up delegated administrators, refer to Configure access requests for other users.

API Updates

Identity Governance API has been updated. For more information, refer to the following:

UI improvements

IAM-5645: Governance menu reorganization

The Identity Cloud admin UI now displays an organized Identity Governance menu. Also, the Orchestrations menu label has been changed to Workflows.

governance menu
IAM-4940 Provide an administrator-centric request tracking UI

Identity Governance provides a new administrator-centric request UI page to track all access requests, workflows, and approval tasks. This page mirrors the same functionality as the end-user UI page, except with an additional Tasks tab.

governance request admin console

For more information, refer to Access request admin console.

IAM-5180 Access Review - Role Modal applications tab

The end-user access review page for role membership and the identity access review with role membership items now displays a Role column. Clicking a role in the column opens a Role Details modal, which displays the applications associated with it.

access review row
IAM-3699 For completed access reviews, View Activity displays reviewer’s actions

Identity Governance provides a View Activity link to display reviewer’s actions for completed access reviews.

governance view activity
Copyright © 2010-2024 ForgeRock, all rights reserved.