RITM release notes
Version 2024.13
Updated Dec 18, 2024
What's fixed
Create a user with contextual role assignment fails
- For customers that have been migrated to the new structure/group functionality (see release notes for version 2024.8) it is not possible to create users when also trying to assign a role with context at the same time. The issue has been fixed to allow the creation of users with or without context when assigning roles.
Version 2024.12
Updated Dec 11, 2024
What's fixed
Pagination issues when managing access requests
- When there were access requests that would still refer to removed users, we would not show these in the RITM UI. This would potentially lead to pagination issues. We now show all requests and clearly indicate that the user has been removed. The administrator can now potentially remove that request from the list.
Version 2024.11
Updated Nov 21, 2024
What's fixed
Business users cannot update their profile
- Users who manage their own profile were unable to save any changes. We fixed the issue that was introduced with the 2024.10 release, and user management for all use cases works as intended again.
Users can't be updated in some rare cases
- Some customers marked vital attributes as unalterable, which leads to issues when trying to update users. We now treat these vital attributes differently, which fixes the issue so that users can be updated successfully as before.
Version 2024.10
Updated Nov 20, 2024
What's changed
Correct users that have incorrect group memberships
-
When a user is managed in the RITM UI, either via Edit user or Access profile, and the user has some incorrect group memberships due to removed structures or groups, we show a new dialog. The dialog mentions the incorrect group memberships and allows the administrator to leave the user as is, or to save the user with the incorrect group memberships removed. Note that this typically should not happen, because RITM tries to maintain the necessary referential integrity when removing structures or groups.
-
If a user is managed via the RITM API, we automatically remove any incorrect group memberships due to removed structures or groups.
What's improved
Performance and stability improvements
- We improved the performance when managing roles for users in the RITM UI when there are many structures and groups present for the organization.
What's fixed
Unalterable attributes are potentially updated
- Even if attributes are configured as being unalterable they were still potentially updated when users were managed via the RITM UI. This could lead to re-hashing or re-encryption of the attribute values on the side of the IdP (CIAM). The issue related to this use case has now been fixed and we ignore any updates to these attributes when managing users.
Importing users would store attributes configured as "Number" as strings
- Attributes that were configured to use the number/integer format were always treated as strings when using the Import identities functionality in the RITM UI. We now properly make sure that attributes configured as numbers/integers are stored as such on the side of the IdP (CIAM). Note that editing users in the RITM UI with respect to these attributes was already treated correctly.
Version 2024.9
Updated Nov 13, 2024
What's changed
Block deletion of structures and/or groups with members
- In order to prevent referential integrity issues, we no longer let customers delete structures and/or groups if there are still members assigned to them. RITM potentially already catered for this, but was relying on a job that might not be configured by customers and only runs at regular intervals. The user of the RITM UI or API will now get an appropriate message if there are still members to the structure or group that is asked to be removed.
What's improved
Performance and stability improvements
- We greatly improved the performance when managing users in the RITM UI when there are many structures and groups present for the organization.
- Managing a nested structure, with many groups, in the RITM UI is now much faster than before.
- Unnecessary requests from the RITM UI to the RITM backend have been removed to improve the performance and usability of the RITM UI.
- We are no longer retrying requests to the IdP (CIAM) unnecessarily in case of issues reported by the IdP.
- Caching (and invalidation) has been introduced for some functionality related to requests towards the IdP.
What's fixed
Structure configuration changes are not enforced
- For customers that are using the new functionality to manage groups (see release notes for version 2024.8), we did not store and enforce some changes made to the structure configuration from the RITM UI. All configuration changes to structures are now working again as intended.
Unalterable attributes are still updated
- Even if attributes are configured as being "unalterable" they were still potentially updated, and this could lead to re-hashing or re-encryption of the attribute values on the side of the IdP (CIAM). This issue has now been fixed and we ignore any updates to these attributes when managing users.
Version 2024.8
Updated Oct 30, 2024
What's new
Support of more groups per structure
- We have redesigned the way that structures and groups are handled which allows customers to have more groups per structure without reaching a limit. This limit was depending on the configuration of structures and groups with respect to attributes and roles, but could lead to no longer being able to add groups. This new design is not enabled by default and customers would have to be migrated per RITM organization, in a controlled way. Customers that have the need to be migrated can reach out to Thales Support. In the future Thales would reach out to customers for this migration. Note that RITM is still backwards compatible when it comes to API requests and responses.
Version 2024.7
Updated Oct 16, 2024
What's new
Roles that still have user assignments can't be removed via API
- It was possible to remove a role via the functional API that still had this role assigned to users. We introduced a new v2 version of the "Delete access role" and "Delete admin role" APIs where this is no longer allowed, to preserve referential integrity, and we will respond with a 409 response code if the role is still assigned to 1 or more users.
What's improved
More width in the RITM UI for long names of groups in a nested structure
- We improved the RITM UI, for several use-cases, to show more characters for groups from a nested structure. This should allow for easier finding the correct group if the first starting characters of the name are similar.
Version 2024.6
Updated Sep 6, 2024
What's improved
Better cleanup of sessions
- New sessions will no longer be re-using potentially existing session cookies and will create a new session cookie each time. This will prevent session fixation.
Version 2024.5
Updated Aug 2, 2024
What's new
End users can see their own groups and roles in the RITM UI
- The personal roles can now be configured to have users see their own group memberships and roles assignments. You will find two new options, "Groups" and "Roles", on the tab where the profile access is configured. Note that end users can't change their group memberships and role assignments with this new functionality, it's view only.
Version 2024.4
Updated Jul 8, 2024
What's new
A new POST version of "Search for existing groups"
- A new POST version of the "Search for existing groups" endpoint is introduced to allow for more flexibility when searching on custom attributes and configured roles on groups. The current GET endpoint doesn't allow for this flexibility as it would require a request body which is not supported by many tools and libraries.
The RITM UI now allows to delete access requests
- A new menu item has been introduced for administrators on the "Users > Requests" page to allow deleting single requests.
What's improved
Performance improvements
- We improved the performance of the "Search for existing groups" functional API when searching for custom attributes. We do however suggest to start using the new POST version of this endpoint that offers greater flexibility when searching with the same performance improvements.
Delete access requests when the associated role is removed
- We have introduced a configuration option (to be set by Thales) to allow requests to be removed whenever the role that is set for that request is removed. Customers where this configuration option is not yet set could potentially see access requests on the requests pages where the name and type are shown as "DELETED".
What's fixed
RITM UI doesn't allow to clear a filter
- The filter on the "Users > Requests" page can be set but not cleared unless the screen is refreshed. We fixed the RITM UI to allow for clearing the filter like all other pages that allow for a filter.
Version 2024.3
Updated Jun 21, 2024
What's changed
The RITM UI shows the first name and last name in the configured order
- The RITM UI profile page previously showed the name in a fixed order; first the last name and then the first name. The order is now following the configurable order of all attributes.
What's improved
Performance improvements
- We improved the performance of the "Edit user" functional API. While using this functional API, and where many structures and groups are involved, we sometimes used too many resources.
Translation flexibility
- We now allow you to specify an & in the translations and have it shown as such in the RITM UI. Previously these would show up as the html encoded version of the ampersand.
What's fixed
RITM UI doesn't show all role requests
- Depending on the number of distinct users that performed a role request, we would sometimes not show all requests in the RITM UI. We've fixed several use-cases to make sure that all requests are shown again in the RITM UI.
Version 2024.2
Updated Feb 26, 2024
What's new
New search options in RITM UI for customers with many users
- The previous search on "Users > Management" or "Reports > Users" had some short-comings for customers with large number of users. Only customers that have this new functionality enabled will notice these changes. We have split the search into several options and introduced some other changes:
- Search is no longer automatically triggered after typing 3 or more characters. You will need to press <Enter> or click on the magnifying glass to trigger a search.
- The search no longer searches on first name, last name, user name or email-address, but rather on:
- First name, last name and user name only when "Search names" is selected in the dropdown on the search bar.
- The first 10 characters (we will convert to lower-case) of the email-address when "Search emails" is selected in that dropdown.
New functional API to create role requests
- A new functional API has been introduced with the ability to create one or more role requests. These requests are either for the authenticated user or as an admin on behalf of an user.
New functionality when managing dates in the RITM UI
- When choosing the "Date" option for attributes, it's now possible to configure the display format (the way that a date is shown in the RITM UI) and how the date is stored (typically in CIAM where specific rules/patterns might be required).
What's changed
The RITM UI now shows more characters of structure and group names
- Some customers use long(er) names for structures and/or groups. Especially for names where the first characters are the same it would not always be immediately clear which group memberships a user has when managing the user via "Edit user" or "Access profile". We now widened the information on the groups tabs of the mentioned pages.
What's improved
Performance improvements
- We improved the general performance of several functional API calls to RITM. For functional APIs that involves many users we sometimes used too many resources.
What's fixed
Denying role requests was not possible from the RITM UI
- It is not possible to deny role request for a managed identity via the profile page of that user. We fixed this bug and now it's possible to deny requests again from all places where an admin could manage the requests of an user.
Translations are wrong when activating/deactivating rules in the RITM UI
- When a rule was activated or deactivated we show translation codes instead of the actual text/translation. This has now been fixed so that managing rules shows the correct texts for the configured languages.
Using an invalid API key sometimes gives the wrong error message
- When using an invalid API key to call an API we sometimes show a "User not exist" error message and sometimes a "Authorized key not exist" error message. We now aligned the error handling of all use-cases to always show "Authorized key not exist" when an invalid API key is used.
Version 2024.1
Updated Feb 14, 2024
What's new
Ability to store the filter on the user management and reports page
- We added the functionality to store a filter on the "Users > Management" and "Reports > Users" pages in the RITM UI:
- Store the filter by clicking on the "Save" icon.
- Get back to your default filter by clicking on the "Apply" icon.
- Remove the default filter by clicking on the "Clear" icon.
What's changed
Don't show number of identities for roles when information is not present
- For some customers with a very large number of users, and depending on configuration, we don't know the number of identities that have been assigned a role. This was previously shown as 0 in the RITM UI. We now no longer show this incorrect information to avoid confusion.
What's fixed
Unable to manage phone numbers from Puerto Rico in the RITM UI
- It is not possible to add a phone number in the RITM UI by selecting Puerto Rico in the RITM UI. We now allow phone numbers from Puerto Rico with the caveat that the country selection will show the correct flag and "+1". The actual phonenumber should now start with 939 or 787.
Version 2023.12.2
What's improved
Improved width of drop-down lists
- We improved the way that we deal with drop-down lists in the RITM UI when dealing with long names/entries for a lot of use-cases.
Performance improvements
- We improved the performance of the functional API to get managed identities. Especially when fetching more than one user and when users have a lot of role assignments.
- We improved the performance for customers that have defined many roles, regardless of which type of role. The improvements will be noticeable for admin users when managing rules in the RITM UI.
What's fixed
Changes to admin users are not immediately in effect for functional APIs
- When an admin is updated with respect to roles, the functional APIs will not immediately take these changes into account. The issue, which was due to incorrect cache invalidation, has now been fixed.
Version 2023.12.1
What's improved
Increased width of drop-down lists (group selection)
- In a previous release we already increased the maximum width of a drop-down list when selecting groups from a flat structure. We now also increased the maximum width when selecting groups from a nested/hierarchical structure. Long group names, especially when the first characters are the same for some, are now easier to spot.
What's fixed
Wrong success message when inviting users
- When a user is successfully invited via either the "Invite user" or "Send invitation" option we show a message that the user was successfully created. The succes message now shows the correct text when a user is created or invited.
Version 2023.12.0
What's improved
Performance improvements
- We improved the general performance of functional API calls to RITM.
What's fixed
Exact name search for access roles fails
- Performing an exact name search for access roles fails. The issue has been corrected and we now do allow again for using both partial and exact name searches.
Searching for users in RITM UI include leading/trailing spaces
- Whenever one searches for users in the RITM UI, at multiple places, we would included any leading or trailing spaces in the search. This sometimes lead to users found, but more often no users, depending on the page/dialog in the UI. We now remove all leading and trailing spaces when searching for users.
Version 2023.12.0
What's improved
Performance improvements
- We improved the general performance of functional API calls to RITM.
What's fixed
Exact name search for access roles fails
- Performing an exact name search for access roles fails. The issue has been corrected and we now do allow again for using both partial and exact name searches.
Searching for users in RITM UI include leading/trailing spaces
- Whenever one searches for users in the RITM UI, at multiple places, we would included any leading or trailing spaces in the search. This sometimes lead to users found, but more often no users, depending on the page/dialog in the UI. We now remove all leading and trailing spaces when searching for users.
Version 2023.11.3
What's improved
Performance improvements
- We improved the performance for customers that have defined many roles,. The improvements will be most noticeable for the import functionality in the RITM UI.
What's fixed
Changing primary email-address sometimes fails
- When an administrator wants to change the primary email-address of a user, or is requested to do so, the user will receive an email with a verification link. A user that is not logged in when clicking on the link will not land at the correct page. We have fixed the primary email change functionality so that a change can be initiated again by the user and an administrator.
White screen shown instead of the profile page
- We sometimes show a white screen instead of the profile attributes of users. This happens when some specific attributes have canonical values. The profile page has been fixed to show all configured attributes and their values again.
Administrator cannot create admin roles via the API
- Some administrators that are authorized to create admin roles and have themselves an admin role where the scope is configured with the "Common groups" option, are sometimes not able to create admin roles via the functional API. We fixed creating admin roles, regardless of the admin role(s) of the administrator.
Version 2023.11.2
What's improved
Performance improvements
-
We improved the performance for customers that have defined many roles,. The improvements will be most noticeable for:
-
The functional API to search for access roles
-
Role requests and approvals in the RITM UI, regardless of which type of role
-
The performance for most functional API's has been improved by avoiding unnecessary internal calls.
- Adding and removing roles via the functional API's and RITM UI has been improved, and performance improvements should be noticeable for all admin users.
What's fixed
Users with no admin/personal role would see an empty profile page
- When a user doesn't have either an admin or personal role and when they try to use the RITM UI, they would see an empty profile page. We now inform the user that they don't have access to the RITM UI, this is true for example for users with only access roles.
Version 2023.11.1
What's improved
Performance improvements
- We improved the performance for customers that have defined many roles, regardless of which type of role. The improvements will be noticeable for power users when managing roles for groups (for customers that are multi-company enabled) and when using the mass update functionality in the RITM UI.
- The performance for several functional API's has been improved, specifically when the API's are invoked as power users.
Improvement to "Send invitation" responses on error
- The "Send invitation" functional API returned a generic error message when it was invoked by a user without a primary email address. We now include more context in the error messages.
What's fixed
The "id" attribute doesn't show correctly on the Reports page
- When the "id" attribute is enabled to show on the "Reports > Users" page we don't show the "id" of the users, but some other id instead. The "Reports > Users" page has been fixed to correctly show the configured attributes.
Default canonical values are shown on the profile page
- We always show the default canonical values instead of the translated ones on the profile page. These are typically the values as they are stored for users and not what should be shown in the UI. Note that the drop-downs for attributes with canonical value does show the translated values. The profile page has been fixed to show the translated canonical values instead of the default values.
Version 2023.11.0
What's improved
Performance improvements
- We improved the performance for customers that have defined many roles, regardless of which type of role. The improvements will be noticeable for power users when managing admin roles in the RITM UI.
Requests/approvals now includes the context option
- Customers that have the multi-company feature enabled can now have end-users request roles for a particular context (structure/group combination). At the same time approvals will now also take this requested context into account.
What's changed
Request approvers can no longer change the original request
- It is no longer possible to change the requests created by end-users. The approver can only approve or deny.
Reset password disabled for some use-cases
- We previously enabled reset password for almost all managed users of an administrator when configured on the admin role. We didn't show the reset password option for users in an inactive state and there are a few more use-cases where we don't allow a reset password with this release. Reset password can no longer be triggered when:
- The state of the user is either INACTIVE or GRACE
- A user doesn't have a primary email address
What's fixed
Unalterable attributes seem to be editable on the profile page
- Unalterable attributes might not show as read-only on the profile page and seem to be editable due to the "Edit" menu option. Note that the attribute is actually not editable. We now show unalterable attributes as read-only again without a menu item on both the edit user pages as well as the profile pages.
When requesting a role, the description is not shown
- We sometimes don't show the description of the role when one is requested, or we showed the wrong description. Role requests have been fixed so that we now always show the correct description of the role, when available.
Version 2023.10.1
What's improved
Performance improvements
- We improved the performance for customers that have defined many roles, regardless of which type of role. The improvements will be noticeable for several use-cases in the RITM UI as well as for functional APIs, but will mostly be noticeable for actions by power users.
What's fixed
Patching users via the functional API fails for power users
- For some use-cases where roles for users are managed via the functional API we would respond with an error that the user is not allowed to manage these roles. This issue has been fixed, so that regardless of the role of the administrator we would correctly check if the administrator is allowed to manage certain roles.
Version 2023.10.0
What's improved
Improved displaying of dates and times in the RITM UI
- In an effort to allow for displaying dates and times in more consistent way and also manage dates and times better we introduced some extra types for attributes:
- "Date"; an attribute with this type would for example show as "11 Oct 2023" and be managed via a date picker
- "Datetime"; an attribute with this type would for example show as "11 Oct 2023", 20:00" and be managed via a date and time picker
- Note: "Date" and "Datetime" marked attributes will be stored in UTC. Any attributes that need a particular format will still have to use the "String" type for attributes and will not use a data and/or time picker. We are planning to improve in this area.
Remove "All" option when selecting roles in the RITM UI
- The "All" option has been removed whenever roles have to be selected, as there could potentially be different types of roles with the same names which could lead to confusion or even wrong assignments. We now only provide the "Access", "Admin" and "Personal" choices for the role type.
Performance improvements
- We improved the performance for customers that have defined many roles, regardless of which type of role. The improvements will be noticeable for several use-cases in the RITM UI as well as for functional APIs, but will mostly be noticeable for actions by power users.
More validations on the rule wizards in the RITM UI
- Previously it was possible to skip some required configuration when defining rules in the RITM UI which would lead to having to go back and forth on the tabs. We improved some of the validations and the way that potential errors are shown.
What's changed
Don't allow duplicate roles in the RITM UI
- We have changed the behavior in the RITM UI to no longer allow you to add a duplicate role. Customers that have the multi-company feature enabled can no longer add duplicate roles within the context of one group. All customers can no longer add duplicate roles when there is no context.
What's fixed
Unalterable attributes are still send for the functional API
- Unalterable attributes can be written once and should not be altered afterwards. We would however, in some circumstances, still allow you to change these attributes by using the "Edit user" functional API. Unalterable attributes will now never be changed, as intended, regardless if users are managed via the RITM UI or via the functional APIs.
Changing the state of users in the RITM UI could lead to errors
- Whenever the state of a users was changed in the RITM UI (e.g. "Block user", "Delete user") we would sometimes show an error in the UI even though the actual change happened. Secondly the RITM UI would not show the just changed user. The issues with respect to state changes have been fixed so that the UI shows the new state of the user and doesn't report an error.
White screen is shown when managing roles for users in the RITM UI
- We would sometimes show a white screen when trying to manage the roles of users, for example via "Edit user". We fixed the issue so that role management is again possible for all use-cases.
Deleting an attribute category doesn't cleanup the list of categories
- When an attribute category is deleted (not being the last) in the RITM UI, other categories don't have the proper position number anymore. The issue has been fixed so that the numbering is correct whenever an attribute category is deleted, regardless of the place in the list.
Version 2023.09.1
What's new
Manage canonical values for attributes
- Customers can already use the existing functionality to use so-called canonical values for attributes to enable a drop-down for attributes in the RITM UI. These canonical values would previously be set/changed by Thales professional services. We now introduce the ability to allow customers to manage canonical values for string attributes themselves:
- The previous "Edit attribute" single dialog has been changed into a dialog with multiple tabs:
- The "General" tab defines some generic information about attributes
- A new "Visibility" tab defines the pages and dialogs where attributes are needed to be shown
- "Canonical values" is a new tab that is only present for attributes of type "String" and should be the actual values that are stored for attributes of user. The translatable text as shown in the UI for these canonical values still needs to be managed by navigating to "Settings > Customisation > Translations", choosing "Edit translations" and using the "Attributes values" tab on the dialogs.
What's improved
Performance improvements for the API used for retrieving managed identities
- We improved the response times for retrieving one or more managed identities of the authenticated user, along with their profile attributes, groups and roles.
What's fixed
Functional API to edit users would sometimes result in a 500 error
- Customers that have attributes configured as "Unalterable" and are using the API to only change group or role information would sometimes get a 500 error. We fixed the issue so that the API can now be used again to edit users without specifying or changing profile related attributes.
Wrong error reported when changing the password fails
- We sometimes show the wrong error for the new password when users tried to change their password on the profile pages. This happens for example when "Password history" was enabled on the IdP side (CIAM) and a user tries to change the password to something that was used before. The potential errors shown for the new password are now aligned to the errors from the IdP.
Pagination for attributes categories is not correct
- Going to the next page for attribute categories in the RITM UI doesn't show the next page, but shows all attribute categories from the current and next page. We fixed the pagination for attribute categories so one can go back and forth between the pages.
Trying to create a user that already exists fails with a generic 500 error
- When trying to create a user with, for example, the same primary email address, we will respond with a generic 500 error, instead of the expected 409. Creating a user with an already existing identifying attribute (like primary email address) will now again result in a 409 error.
"Add user" in the RITM UI doesn't show the password field
- When the state attribute is not configured to show on the "Add user" page/dialog, we will show the confirm password field, but not show the actual password field. This means that a user could not be created. We fixed the logic with respect to showing or not showing the password field and adding a user will now properly show the necessary fields.
No roles available to assign in context in the RITM UI
- For customers that are using the multi-company feature we sometimes didn't allow the administrator to assign roles if all managed roles were already assigned in a different context. We now allow administrators to assign the roles, that they are allowed to manage, again for every context.
Version 2023.09.0
What's fixed
Users with only contextual personal roles can't manage their profile
- For customers that are using the multi-company feature and have users where a personal role is assigned in context, the users will not be able see and thus manage their profile. The issue has been fixed to allow users with a personal role, regardless of how it was assigned, to see and manage their profile again.
Logout from the RITM UI doesn't always revoke access tokens
- When logging out from the RITM UI. we don't always revoke the access and refresh tokens. Next to an "end session" send to the IdP we now also correctly revoke all necessary tokens.
Wrong dialog in the RITM UI is shown in some use-cases
- When an admin tries to perform some actions with respect to "Add user", "Invite user", "Send invitation" or "Edit user" we would sometimes show the wrong dialog (based on an previous invocation of the mentioned action). We now correctly show the correct dialog for the correct action again.
Version 2023.08.2
What's new
Allow language specific attribute names and attribute descriptions
- Previously we would provide customers with the functionality to change the display names and descriptions of attributes that are used in the RITM UI. These name and descriptions would however be the same for each language. We now introduce language specific attribute display names and descriptions:
- The defaults defined for the attributes via "Data > Attributes > Attributes list" are still used if not overwritten by specific ones.
- Display names and descriptions can now be changed, for each supported and enabled language, by navigating to "Settings > Customisation > Translations", choosing "Edit translations" and using the new "Attributes names" tab on the dialog.
- Note: Customers that already provided defaults too better suite their needs, might need to override the new defaults with more specific ones.
Allow language specific canonical names for attributes
- Customers can already use the existing functionality to use so-called canonical values for attributes to enable a drop-down for attributes in the RITM UI. An example would be the email address type of "Work", "Home" or "Other". We now introduce the ability to not only change the displayed name, but also the ability to do this per language:
- The defaults defined for the attributes, as defined during setup or via configuration by Thales Professional Services, are still used if not overwritten by specific ones.
- Canonical names can now be changed, for each supported and enabled language, by navigating to "Settings > Customisation > Translations", choosing "Edit translations" and using the new "Attributes values" tab on the dialog.
What's fixed
The /roles/assignable functional API would return a 400 error in some cases
- When the /roles/assignable functional API is called by a user with no admin role(s) we would return a 400 error in the response. The functional API has been improved to return a proper response, in this case with no assignable roles found.
The functional API to edit users doesn't take roles defined on the groups into account
- For customers that are using the multi-company feature and are managing users via the functional APIs, we don't always allow to manage roles that are configured on a group level. We introduced a new version of this functional APIs to allow the management of roles, regardless if a role is defined in an admin role or on a group level. Note: These new versions of the functional API /api/v2/user/:uid (PATCH) and /api/v2/user-update (POST) are more strict and some of the error responses changed slightly.
Version 2023.08.1
What's fixed
The /roles/assignable functional API doesn't return the relevant admin roles
- When an application is passed to the /roles/assignable functional API we don't add relevant admin roles to the response. The functional API has been fixed for all use-cases when an application is passed, regardless if a role is defined in an admin role or on a group level (for customers that have the multi-company feature enabled).
Version 2023.08.0
What's improved
Also show role names for the /structure/authorized functional API response
- For customers that are using the multi-company feature and use roles defined for a specific group we already show the role codes in the response for the /structure/authorized functional API. We have now also added the role names in the response.
What's fixed
The /roles/assignable functional API doesn't return the correct set of roles
- For customers that are using the multi-company feature we don't always return the correct set of roles for Delegated Administrators that have multiple contextual admin roles. The /roles/assignable functional API has been fixed to cater for all possible use-cases.
Delegated admin doesn't always see the role requests of managed identities
- For customers that are using the multi-company feature, a delegated admin would not see the new requests for roles from his managed identities when the role was specified for a specific group. The delegated admin use-cases are fixed so that they will see the requests, regardless where the role is defined that is managed by the delegated admin.
We don't allow all official country codes in the RITM UI
- We don't allow all official countries when managing addresses and/or phone numbers of users through the RITM UI. This issue has now been addressed, and we allow for all officially assigned country codes, through the use of the country names, when managing country related information of users.
There are hardcoded texts in the RITM UI for role types
- Some parts of the RITM UI that show information for role types use hardcoded English texts. We have now added the possibility to also change/translate these texts in the RITM UI.
Version 2023.07.3
What's new
Introduce German language
- The German language pack has been added to RITM. Customers that would like to start using this language pack can add this via the "Settings > Customisation > Translations" page. Note that this task can only be performed by power users of the organisation.
Version 2023.07.2
What's fixed
Admin with only view rights on some attributes can't save a managed identity
- Users with admin roles where some of the management of attributes has been limited to "View only" could not save a managed identity in the UI in some cases. This issue, which was particularly prominent for boolean attributes, has now been fixed so that any configuration for the admin roles can now be used to manage and save a managed identity.
Version 2023.07.1
What's improved
Managing boolean attributes and their values in the RITM UI
-
We have improved the way that boolean attributes and their values (true/false) are shown and managed via the RITM UI:
-
If a boolean attribute is available in a filter it will now also have the "All" option next to "Yes" (for true) and "No" (for false). "All" will cover both "Yes" and "No" for the filter.
-
On pages where individual users are managed, like "Edit user", we now more clearly show if an attribute has a value, by showing "Yes" or "No", or has no value yet, shown as "Not set".
- When an attribute already has a value, the choices in the drop-down are "Yes and No" only. If the attribute is not set yet we will also show an "Not set" option to indicate that there is no value for this attribute currently.
-
On pages where multiple users are managed, like "Users > Management", we now more clearly show if an attribute has a value, by showing "Yes" or "No", next to no value yet shown as "-".
What's fixed
Structures with no members don't show 0
- With the "Structure member count" job we count the number of users that are a member of each group and structure. A structure with no users however shows a "-" instead of "0". We fixed the issue so that it's now clear if the count is 0 or if the job hasn't run yet (which would show a "-").
Version 2023.07.0
What's new
Allow organisations to reset a language to the default
- Customers with many changes to the default texts/translations are now able to reset to the default instead of changing items back one-by-one.
What's improved
Calculating the group members
- We have improved the way that groups are updated with the information about the number of group members. The job that is used to update the groups now has increased performance and might be needed to prevent groups from being removed if they still have members.
What's fixed
Pagination for the release notes doesn't work
- Instead of being able to step through the release notes page by page, we increased the size of the table shown. We now properly do pagination again for all places where we show the release notes.
Creating or inviting new users via the RITM UI could show an error
- When trying to create or invite new users, via the RITM UI, without adding any roles, we would show an error. This issue has been fixed and we now again allow you to create/invite users without any initial roles.
Version 2023.06.3
What's fixed
Deleting an application category would not delete this category from applications
- Deleting an application category via the functional API does not delete this category from all the applications where this category is referenced. We now properly remove the category from the applications when a category is removed via either the functional API or via the RITM UI.
Deleting an application role would not delete this role from access roles
- Deleting an application role, either via the functional API or via the RITM UI does not delete this application role from all the access roles where this application role is referenced. Removing an application role will now correctly remove any reference from the access roles.
Deleting an application would not delete this application from access roles
- Deleting an application, either via the functional API or via the RITM UI does not delete this application from all the access roles where this application is referenced. Deleting an application will now correctly remove any reference from the access roles.
Filtering on some attributes in the UI doesn't work
- In case a customer environment has been configured to be able to manage a lot of users (500 thousand or more), some attributes could not be filtered for on the "Users > Management" page. This issue has been fixed so that regardless of the configuration we will filter on the attribute values as intended.
Changes to users would sometimes need a refresh in the UI to show
- Customers would sometimes need to perform a refresh on the "Users > Management" page in the UI after a user has been updated. We have improved the update of the users on the "Users > Management" page so that a refresh should not be needed anymore after an update of a user.
Creating an admin role via the functional API would sometimes fail
- When trying to create an admin role with an entitlement and a scope for a child in a nested structure, we would sometimes show an error in the API response. The issue has been fixed so that any type of entitlement scope can be used again.
Version 2023.06.2
What's fixed
Search in drop-down for groups not always present
- Depending on the screen size and the number of groups in a flat structure, we would not always show the search option, which would still require scrolling through a too long list. The drop-down is now again showing the search if the number of items does not fit on the screen or is not easily scrollable.
Deleting a role would not delete this role from the group config
- When removing a role (all types), for customers that are multi-company enabled, we would not remove the role from the groups that have this role configured. We now properly remove the roles from both the admin roles and the group config when a role is removed.
Version 2023.06.1
What's new
Introduce custom identifier for RITM Admin roles
- We have introduced a custom identifier for RITM Admin roles. This identifier is optional, but has to be unique and can thus be used to uniquely define, next to the "code", an admin role. The identifier can be used in a search for admin roles with the new functional API to managed admin roles.
Functional APIs to manage RITM Admin roles
-
New functional APIs are available to read or search for:
-
Attribute categories. The information returned by this API might be needed as input for managing RITM Admin roles when configuring the authorization with respect to attributes for the managed scope of users.
- Role information. The basic role information returned by this API, for all types of roles, might be needed as input for managing RITM Admin roles in case that roles per group configuration is required.
-
Menu access. This API returns information about all possible menu entries that are available in case the RITM Admin role needs to be configured for access to the UI, and in case some specific API calls are needed (currently the authorization for the APIs is managed via the same mechanism).
-
New functional APIs are available to manage (Create/Read/Update/Delete):
- RITM Admin roles
What's fixed
Delegated administrators might see too many users
- Delegated administrators that have a scope of management for a particular group, would potentially see too many users in the UI and/or API responses. Note, that these "extra" users cannot be managed. We have fixed the use-cases for all scopes as configured in the RITM Admin role, so that delegated administrators only see the users that they should.
Users with only a personal role can't change their password anymore via the UI
- The "Change password" page doesn't show anymore for users that only have a personal role. This issue has been fixed so that users with at least a personal role are able to change their password again.
Filtering on number attributes in the UI doesn't work
- Attributes that are defined with the type "Number" cannot be filtered on in the RITM UI. We fixed the issue so that users with the correct authorization can filter again on any type of attribute (when enabled and configured).
Version 2023.06.0
What's fixed
No groups selectable when assigning roles in context
- When adding a role in context, for customers that are multi-company enabled, the group would sometimes not be selectable and we show an empty list instead. We've fixed the issue for flat structures so that the groups, limited to the group memberships of the user, are shown and selectable again.
Deleting a group membership doesn't delete contextually assigned roles
- When removing a group membership, for customers that are multi-company enabled, the contextually assigned roles are not removed even if the admin deletes after reading the warning message. We will now properly remove the contextually assigned roles when a group membership is removed. Note that the "about to be removed" role will still show on the "Roles" tab to allow the admin to re-add the group membership and not having to add the role assignments again. There is a visual indicator on the "Roles" tab for roles that are about to be removed.
Users can no longer update their own attributes
- Users with only one or more access roles are no longer able to update their attributes via the RITM functional API. All use-cases for users that want to update their attributes, either via the RITM UI when users have a RITM personal role, or via the API with any role, are now fixed. Note that a future release of RITM will introduce the requirement to have a RITM personal role for UI and API use-cases to be able to allow for fine-grained control over the attributes of users.
It's possible to assign the same group membership multiple times
- It's currently possible to create or update a user and add multiple group memberships for the same group. We are now no longer allowing you to add the same group memberships multiple times.
Some text messages in Dutch show a stray ">"
- Some of the warning or error messages in Dutch show a stray ">". We've made some small changes to some of the texts to show up properly in the UI.
Version 2023.05.4
What's improved
Managing and using structures and groups in the RITM UI
- We have implemented some changes to improve the RITM UI if it comes to managing, mainly flat, structures and the associated groups. The improvements are both in the area of performance for customers with many, more than a few thousand, groups as well as some improvements in how flat structures are managed:
- The management of structures and groups has been split. The configuration of structures is now separate from the management of groups.
- Group management for flat structures has been improved to use a table approach. Searching can now be done on the group-code and/or group-name, but is only available for flat structures.
- Saving a group will be in effect immediately and there is no need to also save the structure.
- The performance of all places in the UI where groups are used for flat structures has been improved and it provides the same search capability for group-code or group-name.
- Unnecessary and duplicate calls have been removed to improve the performance even further.
Version 2023.05.3
What's improved
Performance when managing many users
- Customers that wish to manage many users, more than several hundred thousand, would run into performance issues when trying to manage these via the RITM UI. Especially when not being a power user or when searching and/or filtering we sometimes saw a decreased performance or no result at all. The integration between RITM and CIAM has been greatly improved for these specific use-cases allowing the Delegated Admin or Service Desk to manage many more users than before.
What's fixed
Updating groups in structures is not reflected in some API responses
- Changes in for example the customer attributes for groups, when managed via the RITM UI, are not reflected in API responses of some of our functionals APIs like /api/v1/users/managed-identities. For improvement reasons we cached some of the group related information, but didn't clear this cache when changes happened via the RITM UI. The caching is now cleared, when appropriate, in all UI and API use-cases.
Version 2023.05.2
What's improved
Searching and filtering requests
- We have improved the way that administrators, with the appropriate access rights, can search for and filter approved, pending and denied requests:
- Search will now check for the name (combination of first name and last name) and email-address and will only need a partial text
- Filtering can be done on several items of the request:
- Full name of the requestor (case-insensitive)
- Full email-address of the requestor (case-insensitive)
- The name of the role presented in a drop-down
- The role type (drop-down)
- The status (drop-down)
- Date period when the role was requested
What's fixed
End-user doesn't see his own role requests
- When an end-user is allowed to request roles he doesn't see the actual pending, approved or denied requests. We now again show all the requests to the end-users.
Delegated admin doesn't always see the role requests of managed identities
- A delegated admin would see the new requests for roles from his managed identities when looking at the main requests page, but not when looking at the profile page of those users. The delegated admin use-cases are fixed so that they will see the request, regardless on which page they check.
Approved role request don't lead to assigned roles
- When an end-user is allowed to request roles, he requests one, and an admin approves the request, the role assignment actually doesn't take place. We've fixed the issues when requests are approved so that the end-users will get the roles they requested (if approved).
Version 2023.05.1
What's improved
Selecting the preferred language of users
- We now also take the preferred language of the user (stored as part of their profile) into account when deciding in which language the RITM UI should be shown. This of course also depends on the enabled language packs.
What's fixed
Updating a user via the profile page shows incorrect errors
- When updating a user via the profile page we show errors about missing values for some required attributes and/or empty some attributes in the UI. The user is stored properly but the UI doesn't reflect that. We fixed updating users so that the stored values are always shown after the update.
"Withdraw invitation" shows an error in the RITM UI
- When initiating a "Withdraw invitation" for users that are in an "Inactive" state, we sometimes showed an error message, although the user was actually deleted. The "Withdraw invitation" has now been fixed to properly remove the user. In some odd cases a refresh of the page would potentially be needed to reflect the deleted user.
Changing the primary email-address or phone-number doesn't work properly
- For customers that have been enabled to perform the changes to primary email-addresses and/or phone-numbers via the Credential API verification workflow (as part of CIAM), we wrongly immediately updated the user. The integration with the CIAM Credential API has been fixed to properly use the defined workflows for this, either when the user changes these items themselves or when this is done on their behalf by an administrator.
Version 2023.05.0
What's new
Introduce view option for attribute categories
- Previously, any user with an admin role and appropriate entitlements would be able, by default, to "view" all attribute values of their managed identities on several pages in the RITM UI but also via the functional APIs. This means that there was no way to limit the viewable attribute values per admin role. With the introduction of the "view" option for attribute categories you can now limit, on a per category basis, what attributes are shown to a particular admin. It is now possible to have, for example, a different page for "Edit user" for a Delegated Admin that is only allowed to see some limited information, compared to the Service Desk that is able to see all attributes of users.
What's fixed
Filtering on structures and groups doesn't work anymore in the UI
- Filtering on structures and groups doesn't work anymore in the UI, the list of users will not change. We fixed the filtering so that it is again possible to filter on all the items shown in the filter dialog.
Version 2023.04.2
What's new
"Infinite scrolling" to replace current pagination for user management
-
We implemented a new way of browsing identities by replacing the current "pages approach" with "infinite scrolling". The page buttons have been removed and the total amount of users is no longer shown. Administrators can now scroll through the users that they are viewing or managing. This is particularly relevant for customers with a big number, more than several hundred thousand, of identities. Together with some upcoming improvements in other places, this will lead to a much improved performance when managing identities. The relevant pages where changes have been made: - "Reports > Users" main page
- "Users > Management" main page
- "Managed identities" tab on the users' profile page
- "Affected identities" tab for mass updates
- "Affected identities" tab for rules
Version 2023.04.1
What's improved
Improved performance
- We greatly improved the performance for the functional APIs to manage access roles. Next to improved performance we also worked on the reliability when creating/deleting access roles in fast succession.
Rules search for affected identities
- The "Affected identities" tab shows identities that match the conditions but the search on that tab was limited to a full email-address. The search is now extended to a partial, case-insensitive, first name, last name or email-address.
What's fixed
Admin and personal roles are not always sorted on the UI
- After saving, when adding or editing roles, we sometimes, for a brief moment, didn't show a sorted (by name) list of roles. This has now been corrected to always show the correct sorted list of roles.
Delegated admin can't delete a group in a structure they created
- A delegated admin, with the appropriate rights, was able to create a structure and a group via the functional API, but wasn't able to remove that group via the functional API. We fixed the issue with the functional API so that delegated admins can perform all management tasks for structures and groups, if allowed.
Version 2023.04.0
What's improved
Improved performance
- For functional APIs that needed information about groups, we now improved the performance of retrieving the information for these groups and cache this information when appropriate.
What's fixed
Profile pages show "undefined" for attribute values
- On the profile pages, either for self-service or when looking at someones profile, we showed "undefined" for attributes that are configured to be shown, but didn't have a value for that user. The profile pages have now been fixed, so that we show an empty value in case there is no value.
Rules don't show affected identities
- The "Affected identities" tab doesn't show any identities even though the conditions should include some identities. We now again properly calculate the number of affected identities when creating or running rules.
The name iWelcome and iWelcome logo is still shown
- When logging in or when refreshing a page in the RITM UI, we are sometimes showing the name iWelcome and the iWelcome logo on the tab. We have fixed this so that OneWelcome and the OneWelcome logo is shown instead.
Version 2023.03.3
What's fixed
Admins cannot add group memberships, when patching users, for new groups
- When an admin creates a new group via the functional API, this group would be in their scope, and they would immediately (within one hour) try to add this new group as a group membership to a managed identity it might fail with a "401 Unauthorized" error message. The issue, which was due to incorrect cache invalidation, has now been fixed.
Version 2023.03.2
What's fixed
Delegated admins could remove group memberships when patching users
- When the toggle "Show all group memberships of users within the selected scope." is not active for their entitlements on the admin role, a delegated admin could potentially remove group membership of users. Exactly the ones they were not suppose to be seeing. We fixed the issue, so that the group memberships, regardless of the view rights, are kept in tact. Unless explicitly requested to be removed and in the scope of the delegated admin.
Version 2023.03.1
What's new
Allow for unalterable attributes
- There are use-cases where an attribute can be written once and should not be altered afterwards. RITM now allows for this by configuring attributes to become unalterable. After configuring, these specific attributes are allowed to be set with a value when creating or inviting a user, but during a view or edit of the user these attributes will always be shown as read-only.
What's changed
Management of Access Roles
- Managing the access roles in the RITM UI was previously done with a "tile approach" where every access role was represented as a tile with an associated menu. We have changed this into a "paginated table approach" where the management becomes easier and faster, especially for customers with many access roles. Note that managing admin and personal roles still use the tile approach as the number of roles for these types are usually limited.
What's improved
Functional API authentication/authorization performance
- For customers that are using the multi-company feature and have delegated admins with one or more roles assigned in context, we greatly improved the performance during the authentication and authorization to the API. This will especially be noticeable for customers with a big number of groups.
What's fixed
Delegated admins see too many group memberships
- The toggle "Show all group memberships of users within the selected scope." doesn't limit what the delegated admin can see, for the functional API to retrieve one or more managed identities, when toggled off. All API and UI use-cases now properly follow the state of that toggle if it comes to viewing group memberships of managed identities.
Version 2023.03.0
What's improved
Generic functional API performance
- The performance of the functional APIs, as documented on https://developer.onewelcome.com/api, has been improved. Especially when using service accounts, on a regular basis, to interact with these APIs.
Retrieving managed identities performance
- The performance of the functional API to retrieve one or more managed identities has been improved for several use-cases, specifically when more users are retrieved or when these users have many group-memberships and/or role-assignments.
Version 2023.01.0
What's improved
Fetching managed identities performance
- The performance of the functional API to retrieve one or more managed identities has been improved for several use-cases, specifically when called as a "Power user".
Profile related UI performance
- Several pages in the UI now respond faster due to improvements in the underlying APIs. The performance has also improved due to the removal of unnecessary API calls, using API calls only at the pages where specific information was needed and by parallelising API calls where possible.
Close on save for "Edit user"
- We now close the "Edit user" page on a successful save to improve the usability. In combination with the aforementioned performance improvements, this leads to a far better responding UI when editing a user.
Version 2022.12.1
What's new
A new version of the "Create group" functional API
- The first version of the "Create group" functional API returns the full structure which could lead to performance issues ,next to the fact that one would not expect the full structure in the response. We now introduced the next version of this API (/api/v2/group) which only returns information about the just created group.
What's improved
Performance for group management functional APIs
- The performance for all group management functional APIs has been greatly improved. This is specifically noticeable for customers with a big number of groups.
Version 2022.12.0
What's fixed
Configuration changes for structures are not stored
- Trying to toggle off "Enable custom attributes" or "Enable roles per group" is not possible when configuring a structure. All configuration options can now be used and are stored correctly again.
"Power user" cannot assign a new role via the functional API
- If a new access role was created via the functional "Create access role" API it is not possible to assign this role via the functional "Edit user" API, as the same "Power user", immediately thereafter. We introduced caching in the past to improve the performance of some functional APIs. This cache is now properly invalidated whenever new roles are created, either via the functional API or UI.
Version 2022.11.2
What's new
"Send invitation" allows for more attributes
- The previous "Send invitation" functionality could only be used with a selected list of attributes. We introduced the capability to allow any known attribute in RITM to be included when using the "Send invitation" workflow.
What's fixed
Messages for "Send invitation" are not correct
- A success or failure when performing "Send invitation" shows the same message as when creating users. The failure and success message are now indicating that the action was about sending an invitation. We also translated the messages to Dutch.
Global permissions are not available for delegated admins
- For customers that are using the multi-company feature, we don't show global permissions like "Send invitation" if the delegated admin role was assigned in context. Global permissions from admin roles are now always merged, whether assigned in context or not. The actual fine-grained authorisations from the admin roles are of course always in effect accordingly.
Version 2022.11.1
What's improved
Searching for users now includes userName
- On the "Users > Management" page we already searched for email address, first name or last name by entering at least 3 characters. We have now added userName as part of this search for customers that use this attribute as an identifying attribute.
What's fixed
The response for /api/v1/user is in the wrong format
- The functional API for creating users showed a SCIM-like response instead of a RITM response. This has now been corrected and is in-line with other API responses (e.g. /api/v1/user/{userID} and /api/v1/users/managed-identities).
Wrong error code and response for the functional "Edit user" API
- Trying to patch a user via the functional "Edit user" API leads to a 500 response status code and message if the structure memberships are incorrectly defined. We now return a more appropriate code and response if there are for example no group memberships defined and only a structure.
Applications are not sorted when managing access roles
- Application names are not sorted when trying to add them to access roles. We now sort the application names alphabetically to improve finding the correct application.
Changing the primary email address or phone number fails
- Changing a primary email address or phone number leads to a white screen (an email verification email is send though for the change primary email address case). Both scenarios for changing your primary credentials can now be fully used again in the RITM UI.
Profile data page shows incorrect warning
- When the change password page was visited and the user would then go to his profile data page we show a warning about the fact that the new password is required. The profile data page now only shows missing required attributes that are relevant for the profile data page.
Version 2022.11.0
What's new
Introduce Dutch language
- The Dutch language pack has been added to RITM. Customers that would like to start using this language pack can add this via the "Settings > Customisation > Translations" page. Note that this task can only be performed by power users of the organisation.
What's improved
Selecting roles for contextual role assignments
- For customers that are using the multi-company feature, we now also allow contextual role assignments for roles that are not configured on a group level, but rather on the admin role itself. This allows for greater flexibility and at the same time prevents the need to have all roles always defined on a group level.
Version 2022.10.2
What's fixed
Delegated admin would see too many structures, groups or group-memberships
-
For customers that are using the multi-company feature, with a delegated admin role where the scope is set to "Common (and nested) groups" and where this role was assigned contextually we sometimes:
-
show too many structures to select from in the filter on the user management page,
- show too many group memberships when expanding a user on the user management page,
- allow the delegated admin to manage group memberships that are not in his scope,
- allow the delegated admin to see structures that are not in his scope when assigning contextual roles to users,
-
allow the delegated admin to assign group memberships for new or invited users that are not in his scope.
-
We fixed the above issues and we now only show and limit the management to:
- the structures in the scope of the delegated admin when filtering users,
- the group memberships in the scope of the delegated admin when expanding or editing users,
- the structures and groups in the scope of the delegated admin when editing, creating or inviting users.
Version 2022.10.1
What's improved
Error response handling with respect to OneWelcome CIAM
- RITM deeply integrates with OneWelcome CIAM and error responses from OneWelcome CIAM were not always handled properly which could lead to 500 response status codes when using the functional RITM API's. OneWelcome CIAM error responses are now handled by RITM and will lead to better response status codes and clearer error messages.
What's fixed
The users management page loads very slow
- The users management pages would load slowly for power users if there are a lot of roles defined in RITM. We greatly improved the performance for power users by removing some unnecessary logic for specific use-cases.
Filtering on the user management page by just the structure, shows no users
- When filtering on just a structure on the user management page, for any type of administrator, we would no longer show you all users with group memberships in that structure. We now again allow you to filter on a structure or a structure and group and show you the correct managed identities.
Filtering on the user management page for the internal structure doesn't work
- When filtering on the internal structure on the user management page, as a power user, we would not show you the correct set of users. We now show you the correct managed identities again when filtering on the internal structure or internal structure and internal group.
Removing/changing a group removes too many contextually assigned roles
- For customers that are using the multi-company feature, we removed all contextually assigned roles for the structure, and not just the structure/group combination, when a particular group-membership was removed or changed. We now only remove the contextually assigned roles for the specific context when needed.
Version 2022.10.0
What's improved
Updating users and fetching managed identities performance
- We sometimes saw slower response times for the functional APIs when updating users or fetching the managed identities of an admin user. We've enhanced the performance and we will continue to introduce performance improvements, where possible and applicable.
What's fixed
A delegated administrator would potentially see too many identities
- For customers that are using the multi-company feature we sometimes showed the wrong list of managed identities if the delegated administrator was a delegated administrator for one group and a normal business user in a different group. We now correctly show the managed identities of the delegated administrator.
Contextually assigned roles sometimes don't show the group name
- For customers that are using the multi-company feature we sometimes showed "redacted" instead of the actual group name in case of nested structures. We now show the proper structure and group name for all contextually assigned roles.
Changing a group-membership doesn't trigger a warning in some cases
- For customers that are using the multi-company feature, we didn't show an error if the changed group-membership leads to invalid contextually assigned roles. We now show a warning dialog in case an administrator removes or changes a group-membership and we have to remove some role-assignments.
Version 2022.10.0
What's improved
Updating users and fetching managed identities performance
- We sometimes saw slower response times for the functional APIs when updating users or fetching the managed identities of an admin user. We've enhanced the performance and we will continue to introduce performance improvements, where possible and applicable.
What's fixed
A delegated administrator would potentially see too many identities
- For customers that are using the multi-company feature we sometimes showed the wrong list of managed identities if the delegated administrator was a delegated administrator for one group and a normal business user in a different group. We now correctly show the managed identities of the delegated administrator.
Contextually assigned roles sometimes don't show the group name
- For customers that are using the multi-company feature we sometimes showed "redacted" instead of the actual group name in case of nested structures. We now show the proper structure and group name for all contextually assigned roles.
Changing a group-membership doesn't trigger a warning in some cases
- For customers that are using the multi-company feature, we didn't show an error if the changed group-membership leads to invalid contextually assigned roles. We now show a warning dialog in case an administrator removes or changes a group-membership and we have to remove some role-assignments.
Version 2022.08.0
What's fixed
Searching for a group leads to 500 errors
- When searching for a specific group via the functional group API we would throw a 500 error. This issue has been fixed and we now properly return the group information.
Creating a user via the functional API returns a 500 error
- Creating users via the functional API resulted in a 500 error. The user was actually created but the response indicated something else. We fixed the issue so that it's again possible to correctly create users via the UI and the functional API.
Version 2022.07.3
What's new
Users are always a member of a default internal structure and group
- Whenever a user is created or updated via RITM, we will automatically add the user as a member of a default structure and group (if not already present) that is primarily used internally.
- This functionality will allow a delegated manager to remove the last group membership of a managed identity. Last group could refer to actually the last group or the last group visible to the delegated admin.
- The internal structure and group are only visible for power users.
- Users with only this internal group membership can only be managed by power users.
Version 2022.07.2
What's fixed
The list of managed identities via the functional API shows information about yourself
- The functional managed identities API should only list your (the authenticated user) managed identities but also shows information about yourself. We now again only show the information from your managed identities.
Adding roles to groups is not possible if they are not part of your cascadable roles
- For both the UI and functional API use-cases we no longer allowed you to add roles to the group if these were not part of the roles you are able to manage for your managed identities. The list of roles that you can add to the group are now no longer restricted.
/api/v1/users/managed-identities fails with a 500 response
- When requesting just the information of one user via the functional API, we sometimes generated a 500 response. The managed identities functional API can now be used again to retrieve information about any of the managed identities.
Version 2022.07.2
What's fixed
The list of managed identities via the functional API shows information about yourself
- The functional managed identities API should only list your (the authenticated user) managed identities but also shows information about yourself. We now again only show the information from your managed identities.
Adding roles to groups is not possible if they are not part of your cascadable roles
- For both the UI and functional API use-cases we no longer allowed you to add roles to the group if these were not part of the roles you are able to manage for your managed identities. The list of roles that you can add to the group are now no longer restricted.
/api/v1/users/managed-identities fails with a 500 response
- When requesting just the information of one user via the functional API, we sometimes generated a 500 response. The managed identities functional API can now be used again to retrieve information about any of the managed identities.
Version 2022.07.1
What's new
Define a different set of attributes for user management related pages
- We previously allowed only one set of attributes for all three user management related pages. We now allow a different set of attributes for the following pages:
- The profile page of a user (self-service)
- The page that an admin uses admin to access the profile page of a user
- The page that the admin uses to edit a user
What's improved
Too many columns are shown when managing the roles of a user
- In the case that the multi-company feature is not enabled, we are still showing some columns related to that functionality, when managing the roles of a user. We now correctly show the correct columns for all use-cases
What's fixed
The list of managed identities on someone else's profile page is not correct
- We were wrongly showing the list of your managed identities when looking at the managed identities of someone else. This has now been fixed to correctly show which users are managed by the intended person.
The group names are not sorted when assigning a role to a user
- In the case that the multi-company feature is enabled, and you wanted to assign a role in context (adding structure/group information), the groups of a structure were not sorted. The sorting of structures and groups is now consistent with the other RITM pages.
The structure and group names are not sorted when performing mass updates
- Structure and groups were not sorted when creating the scope for the mass updates or when defining the group membership additions/removals. The sorting of structures and groups is now consistent with the other RITM pages.
/api/v1/user/{userID} appears to fail when updating user information
- The functional API for updating users, sometimes showed an error code and message, even though the actual update was performed. We now show the proper response when updating a user when there are complex attributes with an sub-attribute of the same name.
Removing role assignments using /api/v1/user/{userID} is not possible anymore
- It was no longer possible to remove role assignments for a user when using the functional API for updating users. We now allow you to remove a role assignment again, with or without using the multi-company functionality.
Version 2022.07.0
What's fixed
Potential entitlement issues for users with multiple email addresses
- We used to search the identity store by looking for a user's email address which could lead, in some edge cases, to the wrong entitlements. This particular search is now based on the user id of the user, which is always unique and this makes sure that the entitlements are what is assigned to them.
Removing groups and/or roles through mass updates does not work
- Adding groups and/or roles was working fine but deleting them did not work as expected. You can now use mass updates again to remove both groups and/or roles.
Showing a page with roles can be very slow
- On the roles page, we show the number of users with this role assignment and the user who created the role. If the user who created the role in the past is not longer in the identity store this would lead to a slow behaviour when rendering the page. Especially when there were more roles created by a user that was removed. The pages are now rendered fast again as they should.
Resetting the platform menu to default shows too many items
- If you have moved items around in the menu and want to return to the default, too many menu items would be shown that are not relevant to your organisation. We now only show the relevant menu items when resetting the platform menu to the default.
/api/v1/users/managed-identities gives wrong response for some multi-valued attributes
- The functional API for retrieving managed identities showed some multi-valued attributes twice in the response. This has now been fixed to only show these attributes in the correct schema extension object.
/api/v1/user/{userID} appears to fail when updating user information
- The functional API for updating users, sometimes showed an error code and message, even though the actual update was performed. We now show the proper response when updating a user that has some complex attributes as part of his profile.
Version 2022.06.3
What's new
Introduce resources, privileges and resource types on the RITM UI
- Resources represent fine-grained access to users outside of RITM. A resource can, for example, be an insurance policy that users need access to.
- Privileges represent the kind of actions that a user can execute on a resource, for example "read-only" or "update". Privileges are optional.
-
Resources can be grouped in resource types for easier management. Resource types are also optional.
-
Access roles can now be configured to include access to resources and not just access to applications as before.
- The new functionality is feature-toggled, disabled by default and can be enabled when requested.
Functional APIs to manage the newly introduced capabilities
-
New functional APIs are available, when authorised, to manage (Create/Read/Update/Delete):
-
Resources and their privileges
-
Resource types
-
The functional APIs for managing access roles has been enhanced to cater for the new resources functionality.
Version 2022.06.2
What's new
Check maximum length of strings, if defined
- If an attribute (as part of the schema) is configured to have a maximum length (i.e. maxChars is set), RITM now shows a specific error with respect to the length if exceeded. Previously we would only use the more generic "pattern" to check the size of a string and thus generate a generic error message.
What's fixed
Validation when creating and updating users
- We introduced some extra validation when power users create or update users via the API. This makes sure that the groups and roles that are used during creation or update are defined in RITM.
Changing the structure type in the UI
- It was not possible to change a structure type from flat to nested and vice-versa in some cases. This is now possible again, flat to nested is always possible and nested to flat is possible if there are only groups on the first level.
Create group API error message
- Creating a group with a non-existing role linked to it, now gives a correct error message.
Update structure API validation
- It's now possible again to just change the name and other specifics of a structure. We previously would show you an error message in most cases.
Assigning roles to users (multi-company)
- An admin could select structures that are not in his scope when assigning roles in the multi-company cases and selecting the group dropdown would lead to an error. The admin now only sees the structures that he is entitled to.
Version 2022.06.1
What's improved
Validation on organisation changes
- Several improvements to the validation of changes made to organisation information managed by OneWelcome. This includes better parameter checking and improved connection details validation.
What's fixed
Pagination of the release notes
- Pagination of the release notes page (launched when clicking on the release number on the bottom left) is now working properly for the selected number of items on the page.
Version 2022.06.0
What's fixed
Updated docker images
- Several base docker images have been updated to the latest to fix some security vulnerabilities.
Version 2022.05.0
What's new
Custom attributes for access roles
- You are now able to store extra information for access roles by using custom attributes. The custom attributes could be used to store internal identifiers or references.
New functional API to manage application categories
- Introduced a new set of API endpoints that allow the creation, retrieval, update, and deletion of application categories. This API usage is only allowed for admin users with the correct set of entitlements.
New functional API to manage 3rd party applications
- We now have a new set of API endpoints to manage 3rd party applications and allow the creation, retrieval, update, and deletion of these. Only admin users with the correct set of entitlements can use these APIs.
New functional API to manage access roles
- The new functional API endpoints allow the creation, retrieval, update, and deletion of access roles. The correct entitlements, for admin users, are needed to be able to use these APIs.
What's improved
Flexible retry mechanism
- A flexible retry mechanism has been implemented with respect to external endpoints (i.e., OneWelcome CIAM). This enhances the stability and reliability of the solution.
What's fixed
Updated docker images
- Several base docker images have been updated to the latest to fix some security vulnerabilities.
Version 2022.03.5
What's improved
"Send invitation" endpoint improvement
- Even though the roleAssignments are optional we didn't treat it as such. We now no longer produce a 500 error when roleAssignments are not passed.
What's fixed
Fix for custom multivalued complex attributes
- Creating and/or updating custom multivalued complex attributes was causing issues when trying to save a user, this has been fixed.
Version 2022.03.4
What's new
New functional endpoint for “Send invitation” capability
- Introduced a new “/api/v1/user/apiSendInvitation” endpoint that can be used by an authenticated admin to send an invitation to a user.
What's improved
Structures and groups endpoints improvements
- Enhanced the functional endpoints for managing structures and groups to allow the configuration via API of multiple roles per group.
What's fixed
Fixes on contextual role assignments
- Fixed minor UI/UX issues when managing the roles of a user and including structure and group context information.
Version 2022.03.3
What's fixed
Error on inviting a user as a delegated admin
- Fixed an error where delegated admins that didn’t have the default Admin role were not able to invite new users and were getting an error message.
Issue on creating / updating groups
- Fixed a backend validation error on creating new groups or updating existing ones.
Version 2022.03.2
What's improved
Updated structure and group functional endpoints for "Roles per group"
- The functional endpoints provided by RITM for managing structures and groups have been enhanced to also cater for the new "Roles per group" configuration.
What's fixed
Error on creating a user with no roles
- Fixed an error that would occur when attempting to create a user that did not have any roles assigned.
Version 2022.03.1
What's fixed
Error on updating a user with no roles
- Fixed an error that would occur when attempting to update a user that did not have any roles assigned.
Version 2022.03.0
Note
The following new capabilities and improvements are available as a feature toggle and are enabled on a per-organisation basis.
What's new
Roles per group configuration
- Introduced a new toggle on static structures configuration that allows the enablement of "Roles per group" capability.
- Introduced a new tab on the "Add group" called "Roles" where you are able to configure what roles can be assigned to users that are part of the group, in addition to the ones already configured in the delegated user's admin role.
Enhanced information for assigned roles
- Introduced additional information that can be stored together with the role assignments of users, such as the person who assigned the role, the roles of the person who assigned the role, the assignment method (manual by a user admin or automatic using a schedule job), as well as structure and group context.
New "Context" and "Method" columns on the "Roles" tab
- Introduced new "Context" and "Method" columns on the Roles tabs on the "Add user", "Invite user", "Send invitation", "Import identities" and "Access profile" popups.
Context configuration on the "Roles" tab
- When assigning a role to a user, you are now able to also store structure and group context information with that assignment. The configured context will appear on the "Context" column in the Roles tab.
What's improved
Enhanced APIs for retrieving/ managing context information
- Updated the following API endpoints to cater for the additional role assignment context information introduced: /users/managed-identities, /third-party-applications/roles and /user, /user/:uid.
What's fixed
Member calculation for groups with children
- Restricted the deletion of nested groups that had users assigned to their children groups via the UI or API.
Version 2022.02.3
What's improved
Performance improvements
- Removed an unnecessary parameter from the call we do for retrieving the entitled groups of an Admin user.
- Improved the way we retrieve entitlements for users with the default Admin role.
What's fixed
"Structure members count" job issue
- Fixed an issue related to "Structure members count" job where structures with custom attributes configured were group members calculation was not done correctly.
Version 2022.02.2
What's fixed
Group deletion issue
- Fixed an issue that was causing more groups on the same level to be removed when a single item was deleted via API.
Event logs improvements
- Enhanced events logs for actions performed via API calls using access tokens or API keys.
“Enable custom attributes” toggle
- Fixed an issue where on adding a new structure, the “Enable custom attributes” toggle could not be disabled once it was enabled.
Version 2022.02.1
What's new
OneWelcome Mobile Identity integration
- Introduced the ability to leverage the use of OneWelcome Mobile Identity for organisations that wish to do so.
- The integration features both self-service and service desk capabilities.
-
Self-service capabilities allow users to:
-
View the mobile apps already linked to their account within their profile page.
- Link a mobile app to their account within their profile page.
-
Unlink a mobile app from their account within their profile page.
-
Service desk capabilities allow users to:
- View the mobile apps already linked to managed identities' accounts within the profile page.
- Unlink one or all mobile apps from the account of a managed identity.
- Verify the identity of a managed user by means of a push notification.
What's improved
Enhanced group assignment permissions
- Delegated managers are no longer able to assign users to groups which they created and that are not part of their scope.
Add role button display improvement
- The “Add role” button is no longer displayed on the profile page of a managed identity if there are no other roles to assign.
What's fixed
"New user" menu fix
- Fixed an issue where the “New user” selector was not shown if “Send invitation” was the only item configured in the admin role permissions of a user.
Version 2022.01.4
What's fixed
Fixed display issue for the primary toggle
- Solved an issue where the primary toggles for email-address, phone numbers and addresses were not always shown on some of the pages.
Version 2022.01.3
What's fixed
Send invitation validation improvements
- Improved validation for the attributes provided when inviting a user through the send invitation flow.
Version 2022.01.2
What's fixed
Issue when creating a new group via API
- Fixed an issue where you would not be able to create a new group, but instead would receive an error message that the group already exists.
Marking applications as favourites
- Fixed an issue where marking an application as a favourite application would no longer work on the self-service profile.
Version 2022.01.1
What's new
Role information on a “need to know” basis
- Updated the Admin role capabilities with a new entitlement that allows the configuration of whether a delegated admin is allowed to see all the role assignments of his managed identities, or only the ones within his scope, that he is able to manage.
- The new configuration was added on the main “Entitlements” tab.
New invitation flow
- Introduced a new method of inviting users to the platform, where they are sent an invitation email requiring them to accept the invitation by registering or by logging in in case they already have an account.
- This invitation flow supports the use case where the same user can be invited by different delegated managers from different companies, without disclosing the fact that the user already exists on the platform.
- The new functionality is available on the “New user” popup on the User → Management page, and can be restricted though Admin role configuration.
- Additionally, the attributes displayed on the new “Send invitation” page can be configured from the Data → Attributes page.
Ability to move a group to another parent or to level 1 via API
- Introduced the ability to move a group within the same static, nested structure to another parent, or for it to become a level 1 group.
- The new capability is possible through the existing /group/{code} endpoint.
What's improved
Improved usability on disabling the use of custom attributes in structures
- When disabling the use of custom attributes in the structure configuration wizard, we no longer display the confirmation dialog if there are no attributes configured on the “Custom attributes” tab.
What's fixed
Roles and groups disappearing from the UI when self-updating
- Fixed a UI issue where roles and groups would disappear from the “Edit user” popup when a user with the default Admin role was editing himself.
Save on Applications shows an error snackbar
- We no longer display an error message when saving an application on the "Application roles" or "Categories".
Access token refresh issue
- Fixed an issue where if the access token of a user is expired and we try to get a new one by providing a refresh token, that would fail in situations when the user did not receive a refresh token at login time or when the refresh token is expired.
Fixed snackbar issue on saving an Attribute configuration
- The snackbar translation test is not correctly displayed when an attribute configuration is saved.
Version 2022.01.0
What's fixed
Fixed minor security vulnerability
- Fixed a minor security vulnerability in one of the Object Data Modeling libraries used by RITM.
Version 2021.12.1
What's fixed
Fixed attribute validation on import
- Fixed a validation issue where the values for the first attribute configured for a mass import were not being validated correctly. That could lead to potential issues when actually performing the import as there the validation could fail.
Version 2021.12.0
What's improved
Improved display of Groups in Structure configuration
- Increased the width of individual groups in the Structure configuration to 33% of the content width, to better cater for long group names and improve the overall usability.
Improved user import template attribute configuration
- The downloadable user import template now uses the attributes where the Management import toggle is enabled, not a default set of attributes.
What's fixed
Fixed snackbar label for user imports
- The success snackbar displayed when performing a user import no longer shows the code, but the correct content retrieved from translation.
Fixed imports of users
- Fixed a validation issue that was preventing user imports to be performed successfully.
Validation fixes for Attributes per group
- Fixed a validation error that would appear when trying to delete a custom attribute with a duplicate code.
Fixed the patching of name or attributes within groups
- Patching a group that has attributes configured and just changing its name doesn’t clear the attributes anymore.
Version 2021.11.2
What's new
Custom attributes in Structures and Groups
- Introduced the ability to enable the use of custom attributes for static structures and groups in order to use them as external identifiers for group mapping, or storing additional group information.
- Configuration of the custom attributes is performed in a new “Custom attributes” tab, by assigning a code and a name for each of the custom attributes added.
- All custom attributes configured on the structure level will appear as additional fields on the “Add/ Edit group” dialog, where they can be assigned values.
Group information on a “need to know” basis
- Updated the Admin role capabilities with a new entitlement that allows the configuration of whether a delegated admin is allowed to see all the groups that his managed identities belong to, or only the ones within his scope.
- The new configuration was added on the main “Entitlements” tab.
What's improved
Extended API endpoints for managing structures
- The API endpoints used for managing structures by users with the correct set of entitlements have been updated to also cater for the newly introduced custom attributes per structure.
Extended API endpoints for managing groups
- The API endpoints used for managing groups by users with the correct set of entitlements have been updated to also cater for the newly introduced custom attributes.
Improvements on API endpoints for managing structures and groups
- Find group now allows for more search parameters, such as name, code and parentGroup.
- Updating an existing structure with a wrong status now returns a 422 error.
- Group name is no longer mandatory when updating a group.
What's fixed
Fixed responses on structure/group APIs
- We now display a 404 error response instead of 500 when trying to update a structure, but passing a non-existing structureCode.
- Changed error response from 400 to 403 when trying to create a group, but the groupCode already exists.
- When trying to delete a group that still has members, we are now displaying a 403 message instead of a 500.
Fix on API endpoints for managing structures and groups
- Restricted the creation of two groups with the same code.
Version 2021.11.1
What's fixed
Avatar display fix when not configured on the Profile page
- Fixed an issue where the avatar was still briefly shown on the Profile page on first open or on switching menus on the Profile page for users with only Personal role.
Version 2021.11.0
What's fixed
Fixed multiple Admin role permissions
- Fixed an issue where for a user with multiple admin roles, the validation for retrieving his entitlements was not returning the full set of permissions.
Version 2021.10.3
What's new
New API endpoints for managing structures
- Introduced a new set of API endpoints that allow the retrieval, creation, update or deletion of structures for admin users with the correct set of entitlements.
New API endpoints for managing groups
- Similar to the structure endpoints, we introduced a new set of API endpoints that allow the retrieval, creation, update or deletion of groups for admin users with the correct set of entitlements.
What's improved
Enhanced restrictions on API endpoints for managing structures and groups
- Enforced additional restrictions on retrieving, creating, updating or deleting structures and groups via API:
- By limiting the ability to manage structures and groups to only admin users with access to Data > Structures.
- By limiting the ability to update/ delete structures and groups to only the ones within the admin user's scope or the ones created by the user itself.
What's fixed
Fixed Phone Number verification flow
- Fixed an issue where the verification flow for making a Phone Number primary in both Self Service and Service Desk scenarios would not be performed successfully.
Version 2021.10.2
What’s new
Deleting a user triggers the account deletion flow
- When deleting their own account from the self service page (My profile), users are no longer deleted immediately, but instead we trigger the account deletion flow.
What’s improved
Logout users automatically after deleting their own account
- Users are now immediately logged out from the platform after deleting their own account from the self service page (My profile).
Dial code and phone number improvements
- We now display a warning when a phone number was filled in, without selecting the dial code.
- The country prefix is automatically populated in the dial code field when the user inserts it in the “Number” field.
What’s fixed
Structure members count job is not restricted by permissions
- The “Structure members count” job type, which calculates and updates structures with regards to the number of users within them and each of their groups is no longer restricted by structure update permissions.
Version 2021.10.1
What’s improved
Improved caching mechanism for organisations
- Resolved a caching issue where the key/value pair for organisations with the same segment name were not created correctly, causing authentication issues for some instances.
Version 2021.10.0
What’s new
Support POST for updating users
- In addition to PATCH, POST is now also accepted for updating managed identities via API.
What’s improved
Restrict the ability to update or delete the Default structure and group
- Enforced the restriction on updating or deleting the Default structure or the Default group via API.
Version 2021.09.0
What’s new
Additional Actions and Attribute entitlements in the Admin role
- The Admin role now allows restrictions on managed identities' attributes, roles, groups, primary values and credential information via Edit, Show profile or Mass updates.
Profile access capability in the Personal role
- Allows the restriction of users' access to selected menu items for their own profile page.
- This capability was introduced for both consistency reasons with the Admin role, which did provide this capability, but also to be able to cater for some upcoming use-cases.
New OAuth authentication method
- RITM now also supports an authentication method using OAuth Access Tokens to cater for future integrations for the backend to interact with IDP APIs both on behalf of the authenticated user but also for administrative and generic tasks.
- Requires the use of OAuth Access Tokens and appropriate scopes.
IDP credential integration
- The password policy of the IDP we integrate with is now retrieved, used for validating a user’s password and is also exposed in the UI.
- Implemented password management capabilities for Service desk and Self-service scenarios.
- Implemented primary phone number verification flows for Service desk and Self-service.
- Implemented primary email verification flows for Service desk and Self-service.
Accordion menu capability on the Profile page
- The Profile page now supports a two-level menu layout using the accordion menu capability, allowing menus to have sub-items (children menus).
New Security menus on the Profile page
- Introduced a new “Security” menu on the Profile page that allows users to manage security settings from a Self-service or a Service desk scenario.
In-profile external links
- In-profile links were introduced for all menus within the profile page, allowing us to optimise the user experience for the various workflows provided by the IDP.
New "Password" tab on "Add user" wizard
- The new “Password” tab allows admin users to see what the password policy is when adding a new active account and to make sure the filled in information is correct.
Platform and Profile access functionality per organisation
- Allows platform admins to disable certain parts of the platform or the profile page for new organisations.
Title and X button on success/ error messages
- In-profile links were introduced for all menus within the profile page, allowing us to optimise the user experience for the various workflows provided by the IDP.
Redirect the user back to his last active page on session expiration
- If a user’s session expires, we are now redirecting him back to the last visited page in RITM, and not to his landing page. The landing page is enforced only when authenticating in a new session.
Updated default styling to OneWelcome
- The default platform styling was updated to match the new branding.
Log events for all calls and call types
- All endpoints have been checked to make sure that the audit stamp is present.
- All events are part of the setup configuration.
- All authentication methods create events (cookie/access token/API key)
Filter by Structure and Group
- Introduced the ability to filter users by Structure and/ or Group on the Users → management and Reports pages.
What’s improved
Decoupled menu items for Profile
- The menu items displayed when accessing the Profile page in a self-service versus a service desk scenario are now independent from one another.
Updated management of back-end authentication methods for an organisation / segment
- Updated backend and UI on the organisation configuration wizard to cater for the new OAuth back-end authorisation method.
Only display active Applications on the user’s own Profile
- Inactive applications are no longer shown on the authenticated user’s own profile. However, an admin is able to see all the applications that a managed identity has access to on that identity’s profile page.
Hide "Immediately" and "Once" from recurring jobs
- Recurring jobs no longer have the “Immediately” and “Once” available schedule options listed on the “Schedule” tab.
Access role wizard improvement
- You can no longer add empty applications in Access roles.
- The “+ Add application” button is no longer displayed when there are not available applications. In this case, the page will say: “There are no applications available.”
Admin role wizard improvements
- Structures set to “<Ignore>” in entitlements are no longer displayed in the entitlements overview table.
- Updated spacing between entitlements to make a clearer distinction between them.
- Parent action toggles are disabled if none of the children are enabled.
- If the admin user configuring the admin role is not allowed to cascade any role to his managed identities, or if all of the roles were already added, we now display a message to the user: “There are no other roles available”.
- “Attribute entitlements” tab is not displayed if the “Edit attributes” action is not enabled.
Personal role wizard improvements
- The “Attribute entitlements” tab is no longer displayed if access to the “Profile data” menu is not enabled in the “Profile access” tab.
- “Request access” is no longer part of the “General” tab under “Role entitlements”, but is now part of “Profile access” tab. If the user is granted access to the “Profile access” tab, he will also be allowed to request roles.
Improved response when passing a non-user related access token
- We now present a 4xx error instead of a 5xx one when doing any API call using a valid access token if the passed access token is not authorised to do these calls.
Less verbose invalid payload error
- Error code/ns is now less specific when passing, for example, an incorrect JSON to an API.
Display organisation code instead of ID in error response
- Organisation ID is no longer shown in error response when trying to Edit via API a user not in the scope of the administrator, but instead, organisation code is.
Make UID optional for retrieving access roles
- UID is no longer a mandatory parameter for a call to retrieve the access roles of a user, but instead we use the "uid" of the user that authenticates to the API as the default, if no "uid" is passed. If "uid" is passed, we always use that.
Enhanced validation when passing incorrect attributesOf on retrieving profile information of the authenticated user via API
- Passing an invalid attributesOf option on retrieving profile information of the authenticated user now returns an error message that the parameter is incorrect.
Enhanced validation for missing groupMemberships object on creating a user when using the API
- The payload is checked and we now return a 422 error response in case the group code was not passed.
Canonical values in Reports and Management Filter
- We now display configured canonical values as list items in a dropdown instead of an input field in the filter on Reports and Management, enhancing the usability of the filter.
Improvements to the managed-identities API
- Incorrect attributesOf parameter is no longer allowed, and we now check if the passed attributesOf is one of the possible ones.
- In addition to responding with the codes and names of roles assigned to an identity, we now also return the start and end date for those roles.
- Introduced the ability to "filter" on structure and group code. StructureCode and groupCode are thus become extra optional parameters in the call to the API.
Platform reorganisation
- The platform sections and naming conventions were updated to the current default platform structure and no longer reflects the old one.
Font-family and font-size consistency on the platform
- The different elements on the platform such as input fields, multi-line input fields and menus now use the same font-family.
- There are no more font size differences between input fields and multi-line input fields.
- Only the first word within on a button is capitalised anymore, not all.
Fields and dropdowns enhancements
- A search field is now shown on flat dropdowns with more than 10 items.
- The number of list items we display in dropdowns is now limited to 10.
- The search field is no longer displayed in the dropdown for nested structures.
- Implemented the Show/Hide functionality on input fields.
- The * indicator of a mandatory field is now displayed on the Settings → Organisation details page.
- The default selector state for the Profile landing page on My profile is now the same as the Platform landing page one.
Use fullCode as identifier for attributes
- As two attributes could potentially have the same code (for example “value” or “type”, we are now storing their fullCode as a more reliable identifier.
- Attributes' full code is now stored in the database.
- Attribute entitlements use the fullCode as an identifier.
- The attribute fullCode is now retrieved by the UI on Edit / My profile / Access profile.
What’s fixed
Admin role with only “View profile” rights could still manage groups
- Users without “Edit” entitlements can no longer manage the groups of users on their Profile page.
Search & Filter issues
- The “Filter” button no longer resets the filter.
- Filter results always start on page 1, so filtering on a page other than the one the user is listed on shows the searched user.
- Deleting all items on a table page greater than 1 now takes you to the previous page.
- Search is no longer case sensitive on the “Attributes list” and “Attribute categories” pages.
Selector width issue on Mass updates
- The width of dropdowns is no longer changed based on the name of the selected item, but is fixed to a default width.
Translation label fix on the "Applications" page of the profile
- The “There are no applications to display” message we are displaying when a user doesn’t have access to any applications is no longer hardcoded, but included in translation.
Rules wizard improvements
- The search field displayed on dropdowns within the Rule configuration wizard now works correctly.
- The phone number is now correctly displayed in the “Affected identities” tab, instead of [object][object].
- The count for the affected identities parameter on performing Mass updates/ Rules is shown correctly.
Application wizard validation issues
- The application protocol field would display a warning even after selecting a protocol. Now the selected protocol is correctly taken into account.
Job tiles information improvements
- "Immediately" is now included in the schedule overview on the "Schedule" tab for jobs.
Version 2021.08.0
What’s improved
Performance improvements on the API used for retrieving managed identities
- We significantly improved the response time for retrieving one or more managed identities of the authenticated user, along with their profile attributes, groups and (potentially) roles.
What's fixed
Fixed parameter checking for the “Edit User” API
- Improved validation when dealing with sub-attributes of complex attributes such as name, email-address or phone-number.
Version 2021.06.0
What’s improved
Excluded RITM instances from indexing in all search engines
- RITM instances are no longer indexed by search engines and will not show up in a search result.
What’s fixed
Contextual documentation links across the platform
- The top-right "Documentation & Support" external link now leads to the section of the documentation that is correspondent to the active page within the platform.
Version 2021.04.0
What’s improved
Enhanced validation when creating structures via the API
- Validation and error responses when creating a new structure were improved to prevent the creation of a non-functional structure.
What’s fixed
Additional restrictions on accessing user-specific API keys
- Access to API keys is now even more restricted and authenticated users will only be able to see or search for their own keys.
Version 2021.03.0
What’s new
New API (endpoint) for creating a user
- The new endpoint allows the creation of an ACTIVE or INACTIVE user with their corresponding attributes, group memberships and role assignments.
New API (endpoint) for editing a user
- This endpoint allows a user, in an administrative context, to change attributes, add/remove group memberships and assign/revoke roles (all types) to his managed identities.
New API (endpoint) for retrieving the list of cascadable roles of a user
- Allows users to identify what RITM Admin or Access roles they need to assign to a user in order to grant the correct Application-specific role.
New Customisation menu under Settings
- “Translations”, “Platform menu” and “Profile menu”, along with a new “Styling” page were grouped under a new “Customisation” menu, as part of “Settings”.
Organisation-level branding options
- The new “Styling” page under “Settings” → “Customisation” allows organisations to change their styling settings and brand the platform according to their visual identity.
Dynamically generated codes
- Codes for entities are now generated dynamically, with the exception of structure groups, that remain configurable.
New job type for counting Structure members
- The new job type helps optimise system performance related to retrieving structure/group information and identity information.
New job type for updating Dynamic structures
- Dynamic structure calculation and user assignment is now part of a job type, helping optimise system performance.
Request/approval flow (optional) for jobs
- Before being included in the jobs queue on the “Active jobs can now be subjected to an approval flow, requiring them to be approved in order to be performed.
Partial status for active jobs
- Is displayed in the case where not all the records were updated after a job was performed.
Platform-level customisation options
- Provides a way for platform admins to customise the default Styling (logo, favicon, colours), Platform menu and Profile menu layout.
- The customisation options configured on the platform level are inherited by new organisations created from the Platform menu, but can be overwritten by the organisation itself from “Settings” → “Customisation”.
New Styling tab to the Add / Edit organisation wizard
- We currently have no way to customise an organisation’s logos and colours on creation or after the organisation was created.
Added secure directive to the RITM cookie
- RITM no longer sends the cookie with the secure attribute set over an unencrypted HTTP request, preventing its transmission over an unencrypted channel.
What’s improved
Coloured success/error snackbar
- Implemented coloured success/error snackbars, whose colours can be customised within the “Styling” menu, by changing the “Success” and “Error” colours.
Complete coverage in translation of all texts on the platform
- All static platform texts are now translatable within the “Translations” menu.
X button on popovers
- Implemented the option to close popovers as well, using a top-right X button.
Dropdown enhancements
- A search field is now displayed on flat dropdown lists with more than 10 items.
- The number of rows displayed in a dropdown list is limited to 10.
Page consistency across 401, 403 and logout pages
- Content is now centred and framed in the same way on all pages the 401, 403 and logout pages.
Tooltip added on hovering over main menu items, truncated items and the “Primary” value indicator
- Tooltip is now displayed when hovering over a collapsed main menu item, displaying the menu’s full name.
-
Tooltip was added when hovering over truncated items with a long name.
-
A “Primary” indicator is now also displayed as a tooltip on the Profile page → Profile data.
Updated validation flow for mass imports
- Improved attribute validation within the “Import identities” wizard, checking if attribute requirements were met, for how many users, and preventing the user from moving forward within the wizard if no complete records were identified in the import file.
Improved management of required/ primary attributes
- Display a warning message on the “Edit user” and “Profile” page when a new attribute becomes mandatory for users that do not have a value associated to that particular attribute.
What’s fixed
Close Profile/ Edit popup when the user is no longer part of the scope
- Removing all groups within a user manager’s Scope from a user that he can manage now closes the Edit/Profile window and update the Users page.
Hide application favourites stars for managed identities’ profiles
- Application favourite stars are no longer displayed to a user manager when looking at a managed
“Change end date” popup fix on import
- Fixed the differences in layout between the “Change end date” popup on the “Import identities” wizard and other places where - “Change end date” was present.
Translation labels missing from Job details expand panel
- Some details were not correctly translated on the expand panel in the “Jobs” section.
Fix search functionality on applications page
- The search button on the “Applications” page was restored.
Version 2021.01.0
What’s new
Split “Add user” into “Add user” and “Invite user”
- “Add user” and “Invite user” provide the ability to configure a different set of attributes to be displayed on each of them.
- Introduced "New user" dropdown menu on the Users → Management page to group “Add user” and “Invite user”.
- Introduced "Mass actions" dropdown menu on the Users → Management page to group “Import identities” and “Mass updates”.
Attribute search, description and configuration per page
- “Attribute code” and/or “Attribute name” are included in the filter of the “Attributes list” page
- The helper text below each attribute is now configurable from the “Attributes list” page using the description field.
- Introduced the ability to configure what attributes should be displayed on different pages.
Pagination enhancements
- Implemented rows per page selector on main table pages.
- Added first/ last page buttons on all table pages.
What’s improved
Persist pagination after editing an item on a table page
- Current pagination settings now remain active after editing an item on that page.
Show the scheduled volume for job requests
- Volume is now shown for jobs pending approval on the “Active jobs” page.
Add "Protocol" and "Identifier" to the filter on the Applications list page
- “Protocol” and “Identifier” are now included in the filter on the Applications list page as dropdowns.
Retrieve and display Organisation name on the logout and 401 page
- Organisation name is now dynamically retrieved from “Organisation details” and displayed on the logout and 401 pages.
Trigger the search after 3 characters
- Search is now only triggered after 3 characters have been inserted in the search input field on Users → Management and Reports → Users pages.
Date & Time picker styling and localisation
- Text colour and button styling is more consistent with the platform styling.
- Date & Time picker display language is changed according to the user’s current language selection.
Performance improvements
- Performance was improved for managing users when having large structures and for delegated admins.
What’s fixed
Mandatory phone number indicator
- The * indicator of a mandatory field is now displayed on the Settings → Organisation details page.
Admin role with only “View profile” rights could still manage groups
- Users without “Edit” entitlements can no longer manage the groups of users on their Profile page.
Search & Filter issue
- The “Filter” button no longer resets the filter.
- Filter results always start on page 1, so filtering on a page other than the one the user is listed on shows the searched user.
- Deleting all items on a table page greater than 1 now takes you to the previous page.
- Search is no longer case sensitive on the “Attributes list” and “Attribute categories” pages.
iWelcome releases updated RITM version for online B2B cooperation and delegation
Amsterdam, 10 February 2021 - iWelcome, Europe’s #1 Customer Identity platform for B2C and B2B, released the latest version of its RITM module. RITM is an extension of iWelcome’s core IDaaS platform that allows for organisations to manage, secure and govern online collaboration with B2B customers and partners. The latest version features, among other capabilities, a number of UI/UX enhancements.
“Usability is pivotal for proficiently engaging users while minimising training and help desk calls,” says Paul Vriens, Product Manager for RITM at iWelcome. “This is even more important in a context with a multitude of external users involved. Delegation can be cascaded towards business partners and departments, where delegated managers have different levels of IT knowledge. A helpdesk employee should be able to work with the platform just as easy as an IT admin.”
That’s why iWelcome devoted a full release cycle to usability aspects, bringing customisation flexibility for a tailored experience to a level that is unparalleled among competitors.
iWelcome's latest RITM release (end of January) features styling and branding options, enriched with the following:
Branding
- Completely brandable UI (logo, theming) for all persona’s involved: business users, delegated managers, help desk operator, administrators
Navigation
- Customisable RITM menu items order, including the ability to define menu item nesting
- Ability to add additional menu items with custom external links
Content
- Possibility to customise literally any text element on the page including labels, column header, menu item name, page description etc. to absorb each RITM customer’s specific dictionary. For example: change the label “Group” into “Team” with just a few clicks
- Ability to embed links in any descriptive text on any page as a convenience to refer to custom external help pages, instruction video etc.
Day by Day
- Improved team view for the user manager with pagination and in page groups and roles view
- Preference setting to allow each user to define the landing page of choice among MyApp, MyTeam, Dashboard, MyApproval
“According to the RITM solution design philosophy, all of the newly released capabilities are point and click configurable, ensuring Admin usability and reducing reliance on technical skills,” says Paul Vriens. “This allows us to take the most out of the RITM solution for all users. Even more than before, these enhancements make RITM the most flexible and Business user friendly IAM solution available on the market to date.”