The Identity Security Group (IDG) in IMS is pleased to announce that we have achieved GA release for Symantec IGA 14.4 on 3/8/2021.

We would like to extend our sincere thanks to all the global teams for their work and commitment in delivering this release. Congratulations to all the team members and to all involved in making this release a success!

Release Highlights

Symantec IGA 14.4 release comes with many exciting features and enhancements. Some of the marquee features and enhancements of this release are:

• SCIM 2.0 Inbound Service

• Full Support for Deploying to jBoss EAP 7.2 and WildFly 15

• Federated Authentication

• Modern Authentication for Exchange Online

• Changes and Improvements in Virtual Appliance

• Improved Performance of Bulk Task Submission in a Certification

• Provision to Handle Sensitive Data from the Provisioning Layer

• User Roles Certification Enhancements

SCIM 2.0 Inbound Service

The System for Cross-domain Identity Management (SCIM) specification is designed to make identity management in cloud-based applications and services easier. For Identity Manager, the new SCIM 2.0 Inbound Service feature provides a standardized REST interface for User and Group Management that uses the same flexible, task-based solution for building and managing identities.

Full Support for Deploying to jBoss EAP 7.2 and WildFly 15

This release supports fresh installs to jBoss EAP 7.2 and WildFly15 For Identity Manager, Identity Governance and Identity Portal. The Virtual Appliance now supports WildFly15 as the default application server.  Deployments of previous Symantec IGA releases that have not already migrated to jBoss 7.2 and WildFly 15 will require use of the Server Migration Utility to move the deployments into the new supported JBoss 7.2 and WildFly 15 Servers prior to using the Symantec IGA 14.4 installers.

Federated Authentication

Most enterprises are embracing Security Assertion Markup Language (SAML 2.0) and OpenID Connect standards for secure single sign-on access to applications in their environment. SAML 2.0 and OpenID Connect based single sign-on identity management offers a range of benefits such as,

• Improved user experience

• Increased security

• Reduced costs

• Enables seamless interoperability between systems, independent of implementations

In our endeavour to help customers adopt SAML 2.0 and OpenID Connect for fast, simple, and secure access to applications in their environment, we have enabled Identity Manager, Identity Portal and Identity Governance to be SAML 2.0 and OpenID Connect compliant. Enterprise users can now seamlessly access Identity Manager, Identity Portal and Identity Governance applications with SAML 2.0 and OpenID Connect based secure single sign-on authentication.

Modern Authentication for Exchange Online

Traditionally, the client applications have been using Basic Authentication to connect to Microsoft Office 365 Exchange Online and access its resources. Basic Authentication is simple to set up but less secure, vulnerable to interception, and susceptible to brute-force and password spray attacks. It requires applications to send username and password with every request which is often stored or saved on the device. This opens possibilities for attackers armed with tools and methods to capture user credentials and increases the risk of credential re-use against other servers or services.

In our effort to support Identity Manager user access to Exchange Online resources with Modern Authentication, we have enhanced the Microsoft Office 365 connector to support Certificate-Based Authentication by using Exchange Online PowerShell v2 (EXO V2) module. With Certificate-Based Authentication in place, users are authenticated with a client certificate and are allowed to access resources without the need to enter credentials.

Changes and Improvements in Virtual Appliance

Virtual Appliance for the Symantec IGA 14.4 release comes in two flavors:

• Platform v2 - Virtual Appliance running on CentOS Stream 8 or Amazon Linux 2, packaged as a new image

• Platform v1 - Virtual Appliance running on CentOS 6 or Amazon Linux 1, packaged as an upgrade patch
  
  Note: Platform v2 comes with additional new features and enhancements when compared to platform v1. To benefit from them, we recommend you to migrate Virtual Appliance to the supported CentOS Stream 8 or Amazon Linux 2 platform.

Some of the marquee features of this release that augment the Virtual Appliance deployment are:

• [Platform v2] FIPS 140-2 support for Amazon Web Services (AWS) is added only at the point-products (Identity Manager, Identity Governance) level.

• [Platform v2] Added Disaster Recovery support for multi-cluster deployments.

• Virtual Appliance supports WildFly 15 for Identity Manager, Identity Governance and Identity Portal.

Improved Performance of Bulk Task Submission in a Certification

Identity Governance now provides the ability to achieve performance improvement of more than 50% for the bulk tasks submission (approve / reject) in a certification with the usage of the new out-of-the-box Workpoint processes.

These new Workpoint processes are designed to elevate the performance of bulk task submission in a certification by eliminating the process of job creation for each task in a business workflow. To experience enhanced performance, you must associate these new Workpoint processes with the certification templates and use the templates to create certification with large entitlements.

Provision to Handle Sensitive Data from the Provisioning Layer

Identity Manager enhances the security and integrity of sensitive data by extending the attribute encryption capability to the provisioning layer. Administrators can now store sensitive data as encrypted (3DES) in the Provisioning Directory and also mask the sensitive data while viewing in Provisioning Manager.

User Roles Certification Enhancements

Identity Portal User Roles Certification screens are enhanced to enrich the certifying manager experience while certifying user roles in an organization. The following enhancements are added to the existing User Roles Certification screens:

• A portal administrator can now configure both the default and custom role attributes in the Admin UI .  

• A Portal administrator can now configure a well-known Identity Manager attribute in the Admin UI.

• A Portal administrator can now control the display of user attributes under the Certify tab of the IM Roles Certification module in the Identity Portal User Console by configuring them at Admin UI.

• Added filters to the IM Roles Certification Module of Identity Portal User Console.

Note: To learn more about the new features and enhancements, refer to the respective release notes of the Symantec IGA components:

• Identity Manager

• Identity Governance

• Identity Portal

• Virtual Appliance

Support for Symantec IGA 14.4 will be available through April 2022.  Basic Extended Support may be available for a limited time after the End of Support date.

14.4 (Centos 6) is an interim release to facilitate the migration to 14.4 (Centos 8). 14.4 (Centos6) is the last release on the Centos 6 platform.

Helpful Resources

Broadcom provides resources to help you in the form of education, product documentation, community user group environments and experienced support personnel - please find a sample of these resources at the following locations:

• Symantec IGA Release Notes - Find details about the product features included in this release.  To ensure all available materials, please log into the site by using your Broadcom Support ID and password.

• Symantec IGA Support Dates - Find release and support lifecycle dates for all releases of Symantec IGA.

Thank you again for your continued business,

The Symantec IGA Product Management and Engineering Teams