What’s New in 2021.11.0

Application Onboarding UI Wizard. Identity Governance 2021.11.0 lets administrators onboard and manage new applications using a UI wizard.

Entitlement Discovery. Identity Governance 2021.11.0 lets application administrators discovers entitlements in an application through automated discovery. This feature improves processing efficiency by automatically approving high-confidence application entitlements during access.

Entitlement Certification. Identity Governance 2021.11.0 lets entitlement owners certify users who have been assigned entitlements that they own. This feature improves processing efficiency with automated high-confidence entitlement approvals.

Kubernetes-based Deployment. Identity Governance 2021.11.0 now supports Kubernetes for automating deployment and management of its applications. This lets enterprises support and operate cloud-native modular applications with a highly-available and scalable architecture.

Unified user interface. Both Identity Governance and Access Request components now exist within the same UI context.

Custom request form fields. Administrators can define custom request fields using multiple input types and assign them to requestable objects to dynamically create custom request forms.

Custom request workflow support. In addition to the standard request process, administrators can assign custom BPMN workflows or Javascript scripts to requestable objects to control the request process for individual items.

Requests for removal of access. End users can now create requests for the removal of a given requestable item.

Expanded requestable item options.In addition to IDM managed objects, administrators can now set generic IDM attributes as well as disconnected system entitlements to be requestable by users.

Add consults to tasks. Approvers can reach out to another user or group to ask them for additional insight or information in order to help make their approval decision.

Manual provisioning tasks. For any requestable item that requires manual provisioning steps, such as disconnected system entitlements, a manual provisioner can be assigned as a final step of the process to complete provisioning of any item.

File attachments. End users have the ability to attach file uploads to an in-flight request either as a requirement to create the request or as supplemental information from the requester, requestee, approver, or consult.

End user task reassignment. When enabled, approvers will be able to reassign a given approval task to another end user or group of their choosing. In addition, approval tasks will now follow the same delegation pattern introduced in Identity Governance 3.0 when configured by administrators.

Pre-request and provisioning script hooks. Administrators can define automated scripts to run any pre-processing logic on a request for access, as well as to automate any additional logic or steps to the provisioning process.

Policy validations against requests. When enabled, any request that would violate an existing policy as defined in Identity Governance if approved, will be not allowed to be submitted. End users will be informed of what potential policy violation would occur and a description of the policy, so that their request can be adjusted if need be.

Autonomous Identity integration. Administrators can configure system settings to allow Identity Governance to work in conjunction with ForgeRock Autonomous Identity to provide additional insights to certifiers and approvers within certifications and requests. Items that have recommendations available from AutoID will be marked with a recommendation to approve/certify or reject/revoke, as well as a confidence score for that suggestion.

Scripted certification and policy remediation. In addition to being able to use the IDM BPMN workflow functionality to remediate revoked access or policy violations, administrators now also have the option to use a scripted remediation process.