CoreOne Admin User Interface

Anonymization was not triggerd in the new version of the admin user interface, while deleting core identities. This is now implemented.

The naming in wording regarding the provisioned and not provisioned identites was unified across all screens.
Editing the CoreOne Suite target system lead to validation messages which prevented saving the form. This issue has been resolved.

CoreOne Application Interface

Breaking Change: The identity/find-object-id-in-target-system API method in was changed from GET to POST. If you used the find-object-id-in-target-system workflow activity, the change is reflected automatically, but if you are using the API directly, you will need to adjust.

The default behaviour on error for the organizational unit attribute calculation task has been adjusted to restart
In some cases resource assignments stayed in the state delete pending for no reason. The cause was evaluated and the issue has been resolved.
The Active Directory attribute group_scope was changed from a drop down attribute to a string text, as the provisioning engine does not support drop down values correctly. You still can use drop down values in the mapping, there the handling works as expected.

It’s now possible to persist the AHV / SSN number to the Core Identity as part of the AHV / SSN verification step. You can find more information on how to configure this here.

If the claim local was not mapped in the identity type, this lead to display errors in the Admin User interface. The claim will be mapped automatically to all configuration with the update, if it is not mapped yet. While creating new configuration, the local claim is now a mandatory parameter.
When a connection test was executed with no API user and application secret set on the target system, the connection test failed. This issue has been fixed.
When synchronizing external permissions from and external identity provider, there was a chance for a race condition that prevented the sync from running through before the user was completely.
In order to support logon methods that can not identify a user as reset methods, the reset flow order has been adapted.

Breaking change / Deprecated: The Disabled Pages setting of the portal has been deprecated as the views now are completely controlled by the permissions. If you previously had access rights to certain menu points but these were hidden by the Disabled Pages configuration, they’re now being shown again. Please check the permissions and access roles for customers to ensure that users only see their needed views and menu entries!

The empty value / null value handling in the OpenLDAP Connector was not implemented correctly which lead to provisioning errors for mapped attributes that did not have any resolved values. The issue has been resolved.