What’s new

Reassign tasks in access review: In previous versions of IGA, only administrator users were able to reassign campaign events from one certifier to another. In patch release 7.1.1, end users can run reassignments on their own if the system settings are configured to allow them.

Enhanced certification filtering: Users can now filter on multiple columns at once in their access review line-items.

Unified user interface: Both Identity Governance and Access Request components now exist within the same UI context at /governance.

Custom request form fields: Administrators can define custom request fields using multiple input types and assign them to requestable objects to dynamically create custom request forms.

Custom request workflow support: In addition to the standard request process, administrators can assign custom BPMN workflows or Javascript scripts to requestable objects to control the request process for individual items.

Requests for removal of access: End users can now create requests for the removal of a given requestable item.

Expanded requestable item options: In addition to IDM managed objects, administrators can now set generic IDM attributes as well as disconnected system entitlements to be requestable by users.

Add consults to tasks: Approvers can reach out to another user or group to ask them for additional insight or information to help make their approval decision.

Manual provisioning tasks: For any requestable item that requires manual provisioning steps, such as disconnected system entitlements, a manual provisioner can be assigned as a final step of the process to complete provisioning of any item.

File attachments: End users have the ability to attach file uploads to an existing request, either as a requirement to create the request or as supplemental information from the requester, requestee, approver, or consult.

End user task reassignment: When enabled, approvers can reassign a given approval task to another end user or group of their choosing. Additionally, approval tasks now follow the same delegation pattern introduced in Identity Governance 3.0 when configured by administrators.

Pre-request and provisioning script hooks: Administrators can define automated scripts to run any pre-processing logic on a request for access, as well as to automate any additional logic or steps to the provisioning process.

Policy validations against requests: When enabled, an access request that violates an existing policy cannot be submitted even if approved. End users are informed of the policy violation that would occur if given access, as well as a description of the policy. This allows the end user to adjust their request.

Autonomous Identity integration: Administrators can configure system settings to allow Identity Governance to work in conjunction with ForgeRock Autonomous Identity to provide additional insights to certifiers and approvers within certifications and requests. Items that have recommendations available from AutoID will be marked with a recommendation to approve/certify or reject/revoke, as well as a confidence score for that suggestion.

Scripted certification and policy remediation: Administrators now have the option to use a scripted remediation process, in addition to using the IDM BPMN workflow functionality, to remediate revoked access or policy violations.