What's New

Maintenance Releases

ForgeRock maintenance releases contain a collection of fixes and minor RFEs that have been grouped together and released as part of our commitment to support our customers. For general information about ForgeRock's maintenance and patch releases, see Maintenance and Patch Availability Policy.

IDM 7.1.6 is the latest release targeted for IDM 7.1 deployments and can be downloaded from the ForgeRock Download Center.
The release can be deployed as an initial deployment or updated from an existing 7.1 deployment. For information on updating from 7.1, see Update to a Maintenance Release.

New Features

IDM 7.1.6

This release of ForgeRock Identity Management software includes updates to ICF connectors, bug fixes, and the following new feature:

The Salesforce connector template supports client_credentials grant type. Refer to Salesforce connector.

IDM 7.1.4

This release of ForgeRock Identity Management software includes updates to ICF connectors, bug fixes, and the following new feature:

Upgrading to DS 7.3 is now supported. Refer to Supported Repositories.

IDM 7.1.2

This release of ForgeRock Identity Management software includes updates to ICF connectors, updates to dependency libraries, and multiple bug fixes, including:

The Flowable embedded workflow engine has been upgraded to version 6.6.0. This upgrade fixes the issue with native email tasks previously mentioned in the Workflow Guide.

IDM 7.1.0

This release of ForgeRock Identity Management software includes the following new features:

Sample Showing Connection to Azure AD with the MS Graph API Connector

The sync-with-azuread sample uses the MS Graph API connector to synchronize users between IDM and Azure AD.

Password Sync Plugins

Active Directory Password Synchronization Plugin UTC Timestamps

The latest version of the Active Directory password synchronization plugin uses UTC timestamps for logs.

Active Directory Password Synchronization Plugin Infinite Loop Prevention

The latest version of the Active Directory Password Synchronization Plugin supports a new registry key that helps prevent infinite password update loops. For more information, see the registry key, pwdChangeInterval.

Active Directory Password Synchronization Plugin Configurable Max Retries

The latest version of the Active Directory Password Synchronization Plugin supports a new registry key to configure the maximum retry attempts for password changes. For more information, see the registry key, maxFileRetry.

Active Directory Password Synchronization Plugin Search Filter

The latest version of the Active Directory Password Synchronization Plugin supports a new registry key to configure a search filter to omit users/groups from password syncing. For more information, see the registry key, userSearchFilterStrict.

Support for AM Bearer Tokens in the DS and Active Directory Password Synchronization Plugins

The latest versions of the DS and Active Directory password synchronization plugins now support the use of AM bearer tokens as an authentication method. For more information, see:

Support for Alternative KBA Answer Hashing

Previously, KBA answers were always hashed as SHA-256 upon save, which is still the default setting; however, you can now specify an alternative hashing algorithm.

Managed Object Default Values

You can now specify default values for properties in the managed object configuration. For example, the default managed object configuration includes a default value that makes accountStatus:active, which effectively replaces the onCreate script that was previously used to achieve the same result.

Note

IDM assumes all default values are valid for the schema. Although IDM skips policy validation for objects with default values, you can force validation on property values.

Support for REST Queries on Array Properties (JDBC)

You can now perform REST queries on properly configured array fields.

For more information, see:

'waitForCompletion' Property Added to the 'config' Endpoint

The optional waitForCompletion parameter is now available to the config endpoint for create, update, and patch requests.

For more information, see:

API Endpoint Requires Admin Authentication

To protect production servers from unauthorized API descriptor requests, IDM now requires admin authentication for the API endpoint. For more information, see "Securing the API Explorer".

Additional Query Types in JDBC Explicit Tables

Queries on explicit tables in JDBC now support bool:, num:, and long: in addition the previously supported query parameters (strings, list:, and int:).

Security Advisories

ForgeRock issues security advisories in collaboration with our customers and the open source community to address any security vulnerabilities transparently and rapidly. ForgeRock's security advisory policy governs the process on how security issues are submitted, received, and evaluated as well as the timeline for the issuance of security advisories and patches.

For details of all the security advisories across ForgeRock products, see Security Advisories in the Knowledge Base library.