CoreOne Admin UI

While assigning a role or resource to various entities, you are now able to select the assignment context.
The new API V2 is now part of the health check page.
Core Identities now have a state of either active, deleted or supended
- All context mappings still contain the active flag, so existing mappings do not need to be changed
- New context mappings for StateId and StateSystemName are available to account for the new states
By suspending a Core Identity, you set all it’s associated identities into a deactivated state but all assignments that are valid, stay assigned. Read here for more.
There is a new Attribute tab on the detail page of a Core Identity that allows for a more precise editing of the attribute values.
There is a new Role tab on the detail page of a Resource.
Employment types can now be marked as not assignable from within the CoreOne Self-Service Portal
There are various new security roles. The most important one is the new CoreOne Organization Unit Permission Manager Security Role. When assigned in the context of an organization unit, this role gives permission to manage the permission in accordance with the configured catalogs for all Core Identities, associated to that organization unit.
All role assignments are now based on the configured catalogs and catalog management UIs haven been added.

CoreOne Application API V2

There are new password change and password reset methods.
There are new main password change and password reset methods which populate password to any connected systems.
There are new API methods to update a Core Identity with easier handling.
The swagger documentation is now divided into auto-generated endpoints (data-centric) and custom endpoints (business-centric).
There is a new system_name on the Target System entity. This will identify a target system uniquely in many places.

Users with expired re-certification processes are prevented from login in to other applications other than the CoreOne Self-Service Portal.
If the only possible path for an authentication is an external identity provider, the user will now be redirected automatically.
Local claims and attributes can now be updated automatically from external authentication providers. The update occurs upon each login request of a user.
The Core Identity entity now has a read only e-mail address for easier access.
JWT Certification Secrets for clients are now supported.
The matching attributes for external identities is now configurable on the external identity provider configuration. By default, external and internal identities are matched on the email address.
BREAKING CHANGE: The SMS setting classes have been moved to the Infrastructure library.
SMS OTPs now contain a screen reader version
BREAKING CHANGE: The RequestId is no longer passed from request to request by default. This behavior can be re-enabled in the settings.

BREAKING CHANGE: Check specific customer security roles as some of the changes might break your existing security roles

BREAKING CHANGE: The CoreOne Computer Management, DHCP Management, DNS Management and Print Management features are no longer supported
BREAKING CHANGE: The email templates Registration/EmailVerification and Verification/PasswordReset are deleted and a new template Verification/NewEmailVerification was added.

New readonly_email column was added on core_identity table. It will be updated for emails that are not configured with rexexp on core_identity_mail_prio_mapping table. For others - it will be updated once the UpdateIdentityTask has run or you can run your own script.

This version has some XSS vulnerabilities in the Self-Service Portal which have been fixed in version 8.1. Please update to version 8.1 or higher.

A new welcome widget section has been added to the dashboard. This section can easily be overridden by customers.
A new Shop module has been added to the Self-Service Portal where users can order roles for them-self or other users.
It’s now possible to load companies from an external source that are associated with the current user. This allows users to register companies even quicker.
The activation of companies can be done depending on the signing rights that are stored in external sources. We currently support single and double signing rights.
User Interactions / Tasks now feature a tag label. By setting the tag, you can decide on which page of the portal a user interaction should appear. Read here for more.
The date of the last re-certification of a company is now being displayed on the detail page of a company.
BREAKING CHANGE: Approvals can now be accepted or declined in the Self-Service Portal. The default templates were changed.
Invitations to representations that effect the same person are now declined automatically
It’s now possible to set default values for authentication devices
BREAKING CHANGE: So far the organization unit attribute value groups were used to determinate the organization unit type. This has been replaced by the actual organization unit type selector.

A new SCIM System Connector has been implemented that allows you to provision entities using the SCIM standard.
The new SCIM Connector also supports the new context aware resource assignments.
A new OpenLDAP System Connector has been implemented that allows you to provision entities into a OpenLDAP system.
The Active Directory System Connector now can provision all account options to Active Directory.

BREAKING CHANGE: In the import configurations it’s now possible for data providers who uses credentials (currently LDAP (Active Directory and OpenLDAP) and SQL (MySQL and Oracle)) to get them from a target system. This allows it to omit the username and password from the import configuration so it doesn’t get serialized which in turn makes it safer to store it in the database or to transfer/share it..
BREAKING CHANGE: The active flag of a core identity has been moved to a core identity state where there are now three different states: active, deleted and suspended.
The passwords from target systems can now be reused from any target system by specifying it in the import configuration.

You now can trigger the re-certification of a users communication data from with workflows.
A new send SMS to Core Identity activity has been added.

BREAKING CHANGE: Please ensure that you are migrating from MySQL 5.7 to the latest 8.* version if you are using MySQL.