Regular channel changelog
Subscribe to get automatic updates: Regular channel changelog RSS feed
Refer to the Changelog archive for release notes published before 16 Sep 2022.
03 Feb 2023
Key features
- Deprecate skip option for tenant administrator MFA
-
ForgeRock has deprecated the option to let Identity Cloud tenant administrators skip 2-step verification. Customers can continue to use the skip option in their tenants, but this functionality will be removed from Identity Cloud on February 3, 2024.
31 Jan 2023
Key features
- Service accounts
-
You can now use service accounts to request access tokens for most Identity Cloud REST API endpoints without relying on a particular identity in your system:
-
Call Identity Cloud APIs programmatically without needing a human identity.
-
Access AM or IDM APIs in the same way using a signed JWT.
-
Set scopes on each service account to assign only necessary permissions to access tokens.
-
Use for automation and CI/CD tooling.
For details, refer to Service accounts.
-
Resolved issues
Issues marked with an asterisk (*) were inadvertently excluded from the rapid channel changelog. |
Issue ID | Summary |
---|---|
FRAAS-13478 |
Remove unrelated AM root realm changes from promotion reports |
FRAAS-13519 |
Remove unexpected file changes from self-service promotion reports |
FRAAS-13620 |
Improve performance of promotion report generation by removing unrelated data |
FRAAS-8477 |
Service accounts |
IAM-1939 |
Fix hCaptcha support in Platform UI |
IAM-2025* |
Add Uncategorized to the journey category filter |
IAM-2224 |
Replace bullets with checkmarks when validating password policy |
IAM-2305* |
Add support for localized logos in end-user UI |
IAM-2847 |
Increase the size of the terms and conditions modal window |
IAM-2912 |
Enable promotions UI to ignore encrypted secrets |
IAM-3011 |
Update risk configuration UI to show only user-modifiable configuration |
IAM-3012 |
Add new |
IAM-3015 |
Update risk configuration evaluation UI so that updates use the new APIs |
IAM-3016 |
Fix the |
IAM-3041 |
Prevent proceeding from the Active Directory modal window without entering base DNs |
IAM-3076 |
Fix Salesforce provisioning connection |
IAM-3079 |
Fix single sign-on (SSO) setup when app name has a space |
IAM-3088 |
Enable suppression of the login failure message from the failure node |
IAM-3091* |
Fix localized headers rendering as [object Object] |
IAM-3107* |
Remove bitwise filter on Active Directory page |
IAM-3108* |
Update Maintain LDAP Group Membership option to not be selected by default |
IAM-3109* |
Update cn property to be optional in Active Directory target mode |
IAM-3110* |
Update ldapGroups property to be available by default in Active Directory target mode |
IAM-3111* |
Fix password hash algorithm |
IAM-3122 |
Fix font weight of the title text on provisioning tab |
IAM-3139* |
Fix Revoke button in Users & Roles to revoke users, and not be clickable when there are no users to revoke |
IAM-3142* |
Fix Active Directory user filter anomaly when deleting a row |
IAM-3145 |
Fix Active Directory assignment on array attributes to be a merge and not replace |
IAM-3146* |
Update user-specific attributes to be editable by administrators |
IAM-3177 |
Add paging back to application list view if workforce feature is not enabled |
IAM-3257* |
Fix escaping of ESV placeholders in the advanced email editor |
IAM-3335 |
Fixed display of localized favicon |
19 Jan 2023
Key features
- BioCatch authentication nodes
-
The new BioCatch authentication nodes integrate BioCatch scoring for identity proofing, continuous authentication, and fraud protection.
For details, refer to Marketplace.
Resolved issues
Issues marked with an asterisk were inadvertently excluded from the rapid channel changelog. |
Issue ID | Summary |
---|---|
AME-22948* |
Create endpoint to log out sessions based on user identifier |
FRAAS-11964 |
Avoid potential performance degradation when removing expired token state |
FRAAS-12140 |
Integrate BioCatch authentication journey nodes |
FRAAS-13242 |
Improve invalid page size error message |
OPENAM-13766* |
No configuration found for log in with session condition advice deny |
OPENIDM-17392 |
Prevent script typos that cause services to fail from being introduced into the system |
OPENIDM-17664 |
LDAP connector has invalid configuration when whitespace added to Base DN |
OPENIDM-17953 |
Support email addresses that contain non-ASCII UTF-8 characters |
12 Jan 2023
Key features
- Workforce application and connector management
-
In new tenants created on or after January 12, 2023, you can use the improved applications page to integrate Identity Cloud with external data stores or identity providers. The applications page acts as a one-stop location where you can:
-
Register and provision popular federation-capable applications quickly and easily by choosing from a library of templates, such as Salesforce and Workday.
-
Register and provision your organization’s custom applications.
-
Manage data, properties, rules, SSO, provisioning, users, and groups for an application.
-
View the connection status of each application.
-
Activate and deactivate an application.
For details, refer to Application management.
-
- Event hooks
-
Event hooks let you trigger scripts during various stages of the lifecycle of users, roles, assignments, and organizations.
You can trigger scripts when one of these identity objects is created, updated, retrieved, deleted, validated, or stored in the repository. You can also trigger a script when a change to an identity object triggers an implicit synchronization operation.
Post-action scripts let you manipulate identity objects after they are created, updated, or deleted.
For details, refer to Event hooks.
- Daon IdentityX authentication nodes
-
The new Daon authentication nodes let you integrate with the Daon IdentityX platform for MFA with mobile authentication or out-of-band authentication using a separate, secure channel.
For details, refer to Marketplace.
- Onfido authentication nodes
-
The new Onfido authentication nodes let you use Onfido’s solution for collecting and sending document identification and, optionally, biometrics to the Onfido backend for verification.
For details, refer to Marketplace.
Resolved issues
Issues marked with an asterisk were inadvertently excluded from the rapid channel changelog. |
Issue ID | Summary |
---|---|
DATASCI-1548 |
Update the filter text on the Autonomous Access dashboard from "All Risk Scores" to "Risk Score" |
DATASCI-1550 |
Update text on the Autonomous Access dashboard’s Copy on User Detail page |
FRAAS-11158* |
AM cache outdated during restart of Identity Cloud services |
FRAAS-11574 |
Integrate Daon authentication journey nodes |
FRAAS-11575 |
Integrate Onfido authentication journey nodes |
FRAAS-11964 |
Avoid potential performance degradation when removing expired token state |
FRAAS-12477 |
Add list of encrypted secrets to promotion reports |
FRAAS-12492* |
Add classes to the scripting allow list |
FRAAS-12494 |
Unlock the environment and stop checking progress after successfully promoting an environment |
FRAAS-12545 |
Remove the option to keep orphaned configuration nodes from the promotions API |
FRAAS-12552 |
Add redirect for custom domain login screen |
FRAAS-12713 |
Promotions API failed to generate a report |
FRAAS-12917* |
Email invites to sandbox tenant administrators sometimes do not work |
FRAAS-12939 |
Add proxy state to output of lock state endpoint for promotions API |
FRAAS-12988 |
Prevent placeholder support being enabled unless a specific migration flag value is set |
FRAAS-13057 |
Add only standard placeholders (not user-defined placeholders) prior to enabling placeholder management |
FRAAS-13082* |
Provisional report endpoint can return 500 if requested repeatedly before cache is built |
FRAAS-13121 |
Provisional reports can cause promotion service to run out of memory and restart |
FRAAS-13244 |
Unable to log into tenant to perform self-service promotion |
IAM-2658 |
Application management improvements |
OPENAM-19485 |
Access multi-tenant social providers without requiring multiple secondary configurations |
OPENIDM-17556 |
Ensure RDVPs are not erased for all types of managed objects for all types of PUT operations |
OPENIDM-17616* |
Add support for direct assignments |
OPENIDM-18024* |
Implement weighted assignments |
OPENIDM-18037* |
Create endpoint for aggregating effective assignments and user identity object type outbound mapping values |
OPENIDM-18063* |
Include Google Apps connector in bundled connectors |
OPENIDM-18388* |
Do not schedule clustered-recon-resilience jobs for reconById invocations |
14 Dec 2022
The following issues were released on November 29th, but inadvertently excluded from the changelog. |
Resolved issues
Issue ID | Summary |
---|---|
FRAAS-8589 |
Promotion hangs when waiting for Identity Cloud services |
FRAAS-9155 |
Promotion reports not showing changes for all connectors |
FRAAS-11830 |
Promotion reports rendering new line characters inside JSON strings |
FRAAS-11158 |
Restart of AM can lead to outdated cache |
FRAAS-12049 |
Promotion reports not showing changes to custom endpoint scripts |
IAM-2465 |
Password policy to force password expiry not working |
IAM-2706 |
Embedding images in the theme editor only displays alternative text |
IAM-2739 |
Email suspend message displayed without line breaks |
IAM-2939 |
Add translation configuration key for "Passwords do not match" message |
IAM-2973 |
Self-service promotions migration UI flow should enable promotions UI features |
OPENIDM-16830 |
Speed up search for organizations |
OPENIDM-18388 |
Do not flag reconById invocations as clustered |
OPENIDM-18483 |
Add name field to resourceCollection query fields for group identity objects |
29 Nov 2022
Key features
- Group management
-
You can now create and manage groups that are shared across AM and IDM within your Identity Cloud instance. New tenants have group management enabled by default, and existing tenants can follow an upgrade path to enable it.
For more information, refer to Group management.
- ID Cloud Analytics Dashboard enhancements
-
You can now take advantage of the following enhancements to the analytics dashboard:
-
The journey chart now lets users drill down at specific points on a trend line to view individual journey outcomes for that date/hour. Journeys are sorted by a ranking of percentage failures, but can also be sorted based on number ranking.
-
Two new widgets — Top Five Journeys by Outcome and Top Five Journeys by Usage — that rank trending journeys based on outcomes and usages are now available.
For more information, refer to Identity Cloud analytics dashboard.
-
09 Nov 2022
Key features
- Self-service promotions
-
Self-service promotions let you promote configuration between environments without raising a support ticket. You can perform self-service promotions from development to staging tenant environments, and from staging to production tenant environments. You cannot promote sandbox environments.
For more information, refer to Introduction to self-service promotions.
- Configuration placeholders visible in all APIs
-
Configuration placeholders let you set ESVs in your configuration.
For more information, refer to Introduction to configuration placeholders.
- Duo authentication node
-
The new Duo authentication node lets you use Duo’s solution for adaptive authentication, bring your own device security, cloud security, endpoint security, mobile security, and two-factor authentication.
- Twilio authentication node
-
The new Twilio authentication node allows you to use Twilio for two-factor authentication during account setup, sign-on, and other scenarios. The node lets you integrate Twilio’s APIs to build solutions for SMS and WhatsApp messaging, voice, video, and email. The node uses Twilio’s latest Lookup API, which uses real-time risk signals to detect fraud and trigger step-up authentication when needed.
For details, refer to Marketplace.
Resolved issues
Issue ID | Summary |
---|---|
ANALYTICS-52 |
Correct the value in the All Journeys field |
DATASCI-1437 |
Correct prefilled username fields in Filters window |
DATASCI-1474 |
Don’t show explainability if not specified in response after applying Unusual Day of Week filter |
DATASCI-1497 |
Let users see previously selected risk reasons after closing the Filter window |
DATASCI-1504 |
Prevent the truncation of text on the right side of pages |
FRAAS-10979 |
Configuration placeholders visible in all APIs in new customer environments |
FRAAS-11570 |
Add Duo authentication node |
FRAAS-11571 |
Add Twilio authentication node |
FRAAS-11825 |
Add translation configuration key for no search results message |
FRAAS-12219 |
Self-service promotions available in new customer environments |
FRAAS-12301 |
Add Marketplace nodes to journey editor menu |
FRAAS-12413 |
Remove blank page shown when user returns to login page following successful login to custom domain |
FRAAS-12625 |
Handle ESVs as string type if no type is set |
IAM-1935 |
Expose ESV variable type in the UI |
IAM-2038 |
Prevent theme styles rendering in the hosted pages editor |
IAM-2066 |
Show the entire answer to a long security question after clicking the visibility icon |
IAM-2259 |
Do not let users save email templates that contain JavaScript |
IAM-2312 |
Render SVG images correctly |
IAM-2411 |
ForgeRock favicon displays briefly before the customer’s favicon |
IAM-2502 |
Remove flashing red text from security questions window |
IAM-2633 |
Support localization for radio display fields in Choice Collector node |
IAM-2696 |
Remove legend from Risk Score window |
IAM-2869 |
Update UI regex validation for ESV list type |
05 Oct 2022
Resolved issues
Issue ID | Summary |
---|---|
AME-22684 |
Include grace period configuration in the OAuth2 provider settings |
DATASCI-1165 |
Remove Automated User Agent from the list of risk reasons filters |
DATASCI-1358 |
Let users filter dashboards by date, risk scores and features |
DATASCI-1365 |
Update the Risk Activity page when applying a filter without requiring users to refresh the page |
DATASCI-1394 |
Show the times that events occurred correctly without requiring users to refresh the display |
DATASCI-1395 |
Let users see their last five risky authentication attempts |
DATASCI-1397 |
Remove risk administration options from end users' navigation menus |
DATASCI-1406 |
When filtering activities using a date range, include the activities that occur on the end date |
IAM-1678 |
Allow login journey attributes that are not required to have empty values |
IAM-1682 |
When editing email templates, cut text correctly |
IAM-1932 |
When placeholders are used, display read-only strings in the Platform UI |
IAM-1933 |
Alter AM XUI to display readonly strings wherever placeholders are in use |
IAM-2028 |
Remove excess space from journey editor fields that do not require floating labels |
IAM-2064 |
Replace fields for specifying numeric thresholds with a risk score definition slider in Autonomous Access Decision nodes |
IAM-2080 |
Let users create customized footers on Page nodes |
IAM-2141 |
Add option to customize Page node background color |
IAM-2142 |
Add option to customize Page node button width |
IAM-2143 |
Add option to customize label text for Page node fields |
IAM-2227 |
Remove spurious "No configuration exists for id external.email" pop-up warning |
IAM-2249 |
Add option to display Message node as a link |
IAM-2250 |
After importing journeys, let user delete all imported journeys with a single delete action |
IAM-2251 |
Provide a value when the object.password variable is specified in an email template |
IAM-2258 |
Remove tenant information from the Realm menu |
IAM-2285 |
Make H2, H3, and H4 HTML headings bigger when there’s no higher-level predecessor heading |
IAM-2290 |
Show the correct number of events per country on the Activity Risk dashboard |
IAM-2294 |
Show previous authentication attempts when doing anomaly lookups |
IAM-2320 |
Change the default navigation background color of Account pages without changing the dashboard color |
IAM-2329 |
Change the color of the Autonomous Access event log indicator to red |
IAM-2351 |
Correct pagination on the Autonomous Access Risk page |
IAM-2373 |
Make dashboard analytics pipeline logs in Autonomous Access work as expected |
IAM-2468 |
Wrap long security questions |
IAM-2521 |
Don’t reuse authId during password validation |
OPENAM-18112 |
Provide better error message when an LDAP authentication node encounters a TLS connection issue |
OPENAM-18933 |
Do not override the Success URL node’s value |
OPENAM-19196 |
Do not wait for cache timeout before OAuth2 clients reflect changes to Javascript origins |
OPENAM-19868 |
Correctly handle multi-line text in Email Suspend nodes |
OPENIDM-16420 |
Update the default email validation policy to conform with RFC 5322 |
OPENIDM-17533 |
Allow configuration changes to the repo.ds.json file to take effect without restarting IDM |
OPENIDM-17720 |
Fix null pointer exception when the repo.ds.json file is misconfigured |
OPENIDM-17836 |
Fix for startup error message caused by ObjectMapping constructor exception |
OPENIDM-17911 |
Fix email validation errors in the IDM admin UI (native console) |
OPENIDM-18272 |
Save managed object properties correctly in Identity Management native console |
SDKS-1720 |
Point developers to the ForgeRock SDKs when they create an OAuth2.0 client in the Platform UI |
SDKS-1721 |
Point developers to the ForgeRock SDKs when they configure CORS in the Platform UI |