IDM 4.9 released

Looks like it is out!  Available in SLD as a new item in the third row as 4.9


List of featues I heard are:

  • Support for "Microsoft Modern Authentication" - Introduces support for OAuth2 authentication specifically tailored for email accounts within Office 365.
  • Cumulative Full Installer
  • Form Renderer Updates - Revamped form renderer with updated libraries for flexible data entry.
  • ACDI – Monitoring ( Audit, Compliance and Data Intelligence ) 
  • User application Monitoring Improvements - Real-time insights via CN = Monitor for improved user application monitoring.
  • IDM Containers (OT UBI, AWS, Azure)
  • Azure AD Driver performance and scalability

Seems like some interesting changes.

I see the DTD for DirXML Script got updated with two new lines:

www.netiq.com/.../

Changes in 4.9

Rats, do I need to update my book again?  :)  I think I will wait for some bigger changes before making a new edition.

What else have you guys found new in 4.9?

  • 0  

    Thanks for notification, Geoffrey!

    It also looks like some drivers are updated, like SCIM and REST.

    For example in 4.8 latest versions are SCIM v1.0.1.0300 and REST v1.2.0.0100, but with 4.9 we got SCIM v1.1.0.0000 and REST v1.3.0.0000

    Unfortunately there is no readme to tell us what is new (or at least I haven't fount it, yet)

    //s

    PS: links to driver documentation

    v4.9 drivers: https://www.netiq.com/documentation/identity-manager-49-drivers/

    v4.8 drivers: https://www.netiq.com/documentation/identity-manager-48-drivers/

    Kind regards,

    Sebastijan

    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

  • 0   in reply to   

    OK, I need to learn how to read provided documentation:

    https://www.netiq.com/documentation/identity-manager-49/release-notes-identity-manager-49/data/release-notes-identity-manager-49.html#new-identity-manager-49-drivers

    Quote: This release adds Java 11 support for Identity Manager 4.9 drivers. There are no new features except the updated Java version.

    Kind regards,

    Sebastijan

    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

  • 0  

    Somewhat disappointingly -yet again the new and exciting bits are Linux-only binaries for the version 1.0 release (ACDI)

    No container version and no windows version. On prem customers who don't do Linux are second class citizens yet again. Such customers do exist and these kinds of tactics just push them towards other vendors.

    On the same topic, still waiting patiently for a server version of Identity Console for Windows, rather than the electron-app "Workstation" version we got as a consolation prize. The "Cumulative Full Installer" seems to be a Linux only thing also.
    In the windows IDM 4.9 install docs, with a cursory search, I could not find any mention of how to get Identity Console installed at all. Not even a casual reference to the "workstation" edition.

  • 0   in reply to   

    Yeah. Still it would be nice with proper release notes for the newly recompiled shims. Even if it was just a quick copy/paste and find/replace on the version numbers.

  • 0   in reply to   

    Somewhat disappointingly -yet again the new and exciting bits are Linux-only binaries for the version 1.0 release (ACDI)

    No container version and no windows version. On prem customers who don't do Linux are second class citizens yet again. Such customers do exist and these kinds of tactics just push them towards other vendors.

    Technically, the original ACDI is a platform-independent solution.

    Maybe later they will compile binaries for other platforms.

  • 0  

    There is one change which could be interesting (as Lothar found), all the Container Images are now based on RHEL 9.

    - No mentioning about licensing of said use of RHEL.

    - Hardware requirement is now x86-64-v2 - if you run a visualized host for docker then that one need to support x86-64-v2, otherwise you'll not be able to start the container.

  • 0   in reply to   

    I seem to recall that I heard rumblings that this switch away from SUSE was mentioned to some partners and customers this year (wasn't at meeting personally, so only heard rumblings). One of the last remnants of the time when SUSE was under same ownership as Identity Manager is now gone I guess.

    We just checked and the new containers (except PostgreSQL) seem to be for the most part based on UBI so, then as long as OpenText was careful in not adding any non-UBI based packages it should not incur a licensing requirement.

    That said, customers could still get themselves into trouble if they insist on adding additional packages that are not UBI-licensed to the containers. 
    https://developers.redhat.com/articles/ubi-faq#ubi_details

    PostgreSQL appears to still use the official PostgreSQL image which is based on Debian.

  • 0  

    Some more feedback from my IDM User Group session (Email me to get added) today... There is an MF User Group session coming up next week I am sure it will be good as well.

    Java 11 for everything but Designer/Analyzer. (Still Java 8 due to older Eclipse build still). Validator updates did not make it for the 4.9 release so when they are ready it will be moving to JAva 11 as well.


    The changes in cn=monitor look like they are big ones.  Should be really nice to have. If you use the ACDI Workflow packages, then you will get even more Workflow info in ACDI reports.

    Direct upgrade in place from 4.7.5 and all of the 4.8 builds to 4.9 which is nice.

    The form renderer in Forms is basically same rev as in IGA, but with some differences.

    ACDI looks pretty useful.   SkyPro has been building this for maybe a decade now, and is very powerful. The most interesting options are Time Machine, and object histories.  The ability to see all the changes made to a user over their lifecycle. Or to hunt down when a particular change was made and by whom is nice. 

    You can export the state of an object at any time as LDIF, which basically means you can restore an object to any time point.

    Looks really good. 

    The included free ACDI Basic does not include all the reports not Time Machine, so you will likely want to buy the Pro version.

  • 0   in reply to   

    Can we interpret the lack of love/attention for modernizing Designer / Analyzer as a firmer confirmation that they are on the way out?
    Or was it just that switching underlying layer to a newer Eclipse base is seemingly a huge amount of work.

    A while back I feel the talk was that they wanted to duplicate some bits of Designer as web based apps so they could be cloud friendly, but that there was no end of life for Designer yet on the cards.

  • 0   in reply to   

    I have no official information. I did ask that specific question at another opportunity.  It was clear that an offline tool for IDM policy and workflow was NOT going away.  But Eclipse was not necessarily the way forward.

    I have no further info.  On the UG session Hari suggested he would do a session on this topic which I intend to hold him to. (He is a tough  guy to get to commit to a time though I will tell you... Not his fault, but we planned this session back in March!)

    Also yes, switching to a newer Eclipise is apparently a huge deal.

    The Workflow in IGA is based on bmpn.io which is a web based workflow editor.  And they did not yet port Policy Builder to IDCOnsole, so who knows...