IDM 7.2.0

New features

This release of ForgeRock Identity Management software includes the following new features:

Property-based secret stores

IDM now supports property-based secret stores and can read keys and trusted certificates from properties that contain keys in Privacy-Enhanced Mail (PEM) format.

For more information, see Property-based secret stores.

Scanning tasks to activate and deactivate accounts

The default IDM configuration now includes two scanning tasks that activate and deactivate a user’s accountStatus, based on their activeDate and inactiveDate. For more information, see Activate and deactivate accounts.

external/email endpoint improvements

You can now use cc and bcc parameters with the sendTemplate action. For more information, see:

Workflow improvements

The Flowable embedded workflow engine has been upgraded to version 6.6.0. This upgrade fixes the issue with native email tasks previously mentioned in the Workflow Guide.

Policy validation for field removal

You can now validate field removal using the policy action validateProperty.

Relationship-derived Virtual Properties (RDVP) improvements

Relationship-derived Virtual Properties now include reference fields with details of the referenced relationship.

AD Password Synchronization Plugin UTC timestamps

The latest version of the Active Directory password synchronization plugin (v1.7.0) uses UTC timestamps for logs.

Bootstrap IDM without stored configuration

Previously, the property openidm.fileinstall.enabled also controlled the configs being loaded on startup. Therefore, to disable file monitoring, you had to first start IDM with it enabled in order to load the configs into the repository, and then restart IDM with it disabled. The new setting openidm.config.bootstrap.enabled (which defaults to true), allows file monitoring to be disabled, and the bootstrap process will load the configuration into the repository.

For more information, see Disable automatic configuration updates.

API version header warnings

IDM can now log warnings when API version headers are not specified.

Reconciliation enhancements

Reconciliation has been enhanced in the following ways:

  • Previously, if one node in the cluster went down or offline during a clustered reconciliation run, the reconciliation was canceled. This limitation no longer exists. For more information, see Clustered reconciliation.

  • Addition of the properties:

    • reconTargetQueryPaging

    • reconTargetQueryPageSize

    For more information, see Synchronization reference.

Assignment synchronization optimization

A new property has been added to synchronization mappings, optimizeAssignmentSync, which determines whether modifications to an assignment’s attributes or relationships should be treated as a synchronization event for members of that assignment or role, or if it should only be treated as a synchronization event for members if the modified assignment is directly relevant to that mapping, or if effectiveAssignments is included in triggerSyncProperties.

For more information, see Synchronization reference.

Query filtering on arrays

For versions of IDM running DS or PostgreSQL as a repository, queryFilter now supports filtering on the contents of arrays. For more information, see Filter objects in arrays.

Additional metrics

New metrics are available for workflow and JVM.

Security advisories

ForgeRock issues security advisories in collaboration with our customers and the open source community to address any security vulnerabilities transparently and rapidly. ForgeRock’s security advisory policy governs the process on how security issues are submitted, received, and evaluated as well as the timeline for the issuance of security advisories and patches.

For details of all the security advisories across ForgeRock products, see Security Advisories in the Knowledge Base library.

Copyright © 2010-2022 ForgeRock, all rights reserved.