Fix for attribute lineage scanning on MS Sync systems upgraded from FIM 2010 or earlier.
Identity Panel 3.4.2 is the next non-preview release after 3.3.17. See upgrade notes below for post-upgrade configuration steps.
Features and enhancements
- Contrails – draw flow rules in time traveler (license required)
- MIM and AD Sync support
- Timestamp correlation of change and MA version
- User provided Documentation flow rules
- time travel attribute source lineage in MV
- MIM DevTest (Uplift license required) – edit MIM Sync configuration in Identity Panel
- Version control
- configuration editing
- logging and flow rule helpers
- environment management
- Non-Repudiation (license required)
- Digital signing of Identity Panel database objects (ECDSA256)
- Data protection and tamper evidence features
- Signature validation and reporting
- Refactored reporting engine
- improved performance
- reduced memory consumption > 3x
- improved query constraints
- better progress tracking of dependency reports
- improved display of derived report graph structure
- more detailed explanatory messages for report configuration errors
- MA Progress health probe – if MAs are running, periodically probes to ensure that run counters are increasing. If run counters have not changed for more than a minute the MA is considered stuck
- Multiple shutter views per role
- Paged join application – retro-actively applying join rules now uses paged queries to reduce memory consumption
- Added OneDesign config link to upgrade version prompt, fixed documentation link
- Improvements to scheduler self-healing after network or reboot issues
- Improvements to Rule Tester
- Rule Engine enhancements
- Custom functions can return AttributeValue or object
- Eliminated case-sensitivity from:
- special values
- function names
- property names
- most dictionary lookups
- Improved function dispatch performance
- Sixteen new functions for writing MIM Sync flow rules
Adjust Report Settings
Any existing reports that use Memo("Set Name") to constrain queries will need to be updated to use Memo Rules. Although more optimal configurations are possible, a simple adjustment is:
1. Add a new Memo Rule to the set specified by the Memo function with the same name as the set name.
2. Set the Rule value to context
If upgrading from a version prior to 3.3.15 see Release Notes on adjusting Azure Provider.
AD Provider Settings
- Perform a schema scan of AD
- Add a new strip to "Partitions to Include" with the DNs of the partitions to scan.
If you do NOT do this, existing AD objects will be marked as deleted in Time Traveler
OneDesignConfig Upgrade Switch
This version may be installed on 3.2 and later using the OneDesignConfig.ps1 tool with the -ServiceMode MinorUpgrade switch.
Enable New Functionality
To enable new providers after upgrading, you must copy the "Types" section from config_184.108.40.2064.json to overwrite the corresponding section in config.json. This must be done AFTER the upgrade, and is required on both the web application and on each instance of Panel Service.
3.4 switches to allowing multiple shutter views to be assigned to a role. This means roles with a default shutter view must have the view(s) re-assigned.
Add Contrails Lineage
To see Contrails lines:
- Apply a license key
- Perform a full scan to capture MA settings
- If MV lineage is desired:
- Edit PanelTools config.json to set HashesForceUpdate: true
- Restart Panel Service/PanelTool and Perform a full scan
- Set HashesForceUpdate:false