Okiok

OKIOK Announces the Availability of RAC/M Identity 3.16.0


RAC/M Identity™ is our simple and effective identity governance (IAM) solution that enables businesses large and small to understand and manage the complex relationships between users and their access to physical and digital resources, offered as an on-premise or SaaS solution.

NEW AND NOTEWORTHY

Review Campaign – Reviewer Group

The assets and groups have been modified to allow the configuration of a “Reviewer Group”. This will be used in review campaigns where elements need to be reviewed by someone linked to the asset. Previously, these review campaigns assigned the review to the asset owner but this gives more flexibility as the reviewer can be the same as the owner or different. #3004

In the assets:

In the groups:

* When the system starts after the update, delegation groups will be created automatically with the current asset owners and set in the “Asset reviewer” field so that the current behavior in campaigns remains unchanged.

When a reviewer is defined on a group, it overrides the configuration of the reviewer on the asset. #3117

In the campaign management screen, a link “(See delegates from [delegation group name])” has been added under each reviewer to display the list of delegates for that reviewer in this campaign.

Review Campaign – Filter

In a given campaign, a reviewer can be part of multiple delegation groups each having some elements to review in the campaign. These elements are properly segregated so that only the members of a delegation group can review the elements assigned to it. The solution now provides visibility to the reviewer of these different delegation groups that he is a part of and allows filtering the elements to review based on them. The default filter is to see all elements from all delegation groups which was the behavior before this feature was introduced. #3377

Review Campaign – Asset reviewer

A new option was added to have “Asset reviewers” review the elements in campaigns of type “All entitlements” and “Identity review – Only show accounts (entitlements of those accounts are not shown)”. This uses the new “Asset reviewer” functionality mentioned above. Previously, only “Identity reviewers” or “Specific reviewer” could be used in these types of campaigns. #3117

Review campaign – Role content reviewer (groups, included roles and access)

A new option was added to determine who should review the elements in campaigns of type “Role content review – Included roles and entitlements”. This option “Role content reviewers (groups, included roles and accesses)” selects the reviewers based on the content of the role (security groups or nested roles) to review whether these accesses should be given when the role is assigned to an identity. Previously the only option available was to have the reviewer of the parent role review which entitlements should be part of his role. #2631

Text editor

It is now possible to create, edit and delete configuration files and data files in the administrative console. It is also possible to delete log files in this console. #1870

Segregation conflict

In the Self Service portal, when a user requests accesses that results in an SOD conflict, there is now a detailed screen showing the exact reason for the conflict including any intermediate entitlement. #2987

IMPROVEMENTS

BUG FIXES

BREAKING CHANGES

Duplicate configuration property

Changed the behavior of the server to detect the configuration error when the same value is present more than once in the configuration file. In these cases, the server will not start and will indicate the error instead of starting and taking one of the duplicate values at random. #3313

If you have duplicate configuration properties in the config.properties file, a startup error will occur. For example, if you set the webapp.theme property more than once, you will see the following message in the RAC/M Identity server log during startup:

One or more duplicate keys are present in conf/config.properties for: webapp.theme

To avoid this error, make sure that each property in the config.properties file is set only once.

Exit mobile version