The Identity Governance and Administration team in Broadcom’s Identity Management Security division is pleased to announce that we have achieved GA release for Symantec IGA 14.4 CP1.

We would like to extend our sincere thanks to all the global teams for their work and commitment in delivering this release. Congratulations to all the team members and to all involved in making this release a success!

Release Highlights

Symantec IGA 14.4 CP1 release comes with many exciting features and enhancements across the Identity Manager, Identity Governance and Identity Portal components that are included in Symantec IGA, as well as the Virtual Appliance.  

Important Note: Support for Release 14.4 is available only until 30 April 2022, at which point existing deployments of 14.4 must move to 14.4 CP1 to receive continued support.  For Virtual Appliance, 14.4 CP1 is supported only on Centos Stream 8 and Amazon Linux 2.  For migrating Centos 6 based installation to Centos Stream 8/Amazon Linux, please navigate here.

Some of the marquee features and enhancements of this release for each component include:

Identity Manager 

• Connector Xpress 2.0 for REST Applications

• Patch Deployer Tool

• Unlock an Account as a Self-Service Task

• Support for Open ID Connect (OIDC) Authorization in the Identity Manager SCIM Inbound REST Service

Connector Xpress 2.0 for REST Applications

Over the years, the REST API has gained popularity as it is developer-friendly and easy to understand. A rise in the adoption of REST API has increased the demand for an identity management solution to manage identities of a REST application residing on-premise or on the cloud. To cater to the growing demand to manage identities of a REST application, Symantec IGA provides the ability for organizations to build their own dynamic REST connector using Connector Xpress 2.0.

Connector Xpress 2.0 is an intuitive web interface that is designed to create a metadata structure of a REST application and deploy it to a Provisioning Server. Metadata is a configuration file that defines a REST application using the dynamic configuration and mapping information that is provided in the Connector Xpress 2.0 such as application connection parameters, application details, application API details, resources (users, groups, roles), and associations between resources.

To manage identities of a REST application from the Identity Manager user console, the metadata must be manually deployed to the Identity Manager server. Once deployed, a new endpoint type and the endpoint management screens are created based on the metadata configuration data.

For more information, see Connector Xpress 2.0 for REST-Based Applications.

Patch Deployer Tool

Identity Manager 14.4 CP1 includes our brand new tool that helps customers to deploy patches automatically to their Identity Manager server environments.

For more information, see Patch Deployer Tool.

Unlock an Account as a Self-Service Task

Users can select Not able to access your account? on the login page to unlock their account.

Identity Manager allows users to unlock their account using the one-time password verification method. The supported delivery methods for the one-time password are Email and SMS (Text Message, Voice Call). With the self-service unlock user functionality, users can now unlock their account with no administrator or help desk involvement, thus reducing help desk calls and loss of productivity.

For more information, see Unlocking an Account as a Self-Service Task.

Support for Open ID Connect (OIDC) Authorization in Identity Manager SCIM Inbound REST Service

Identity Manager now supports Open ID Connect (OIDC) Authorization in the Identity Manager SCIM Inbound REST Service. Open ID Connect is a simple identity layer on top of the OAuth 2.0 protocol. It enables clients to verify the identity of the end-user based on the authentication performed by an Identity Provider (IDP) Server, as well as to obtain basic profile information about the end-user in an interoperable and REST-like manner.

For more information, see the Creating SCIM Service Configurations section in the Getting Started with SCIM topic. Also see Open ID Connect Account API for information about the corresponding API.

Identity Governance

• Performance Improvements

• Resize the Column Width of the Certification Attributes

• Monitor the Recent Import and Export Jobs from the Universe Connectivity Tab

Performance Improvements

Identity Governance performance has been improved in the following areas:

• Import of data in the Identity Governance cluster environment.

• Import of Active Directory accounts with associated GROUPS/RESOURCES.

• Import of data using Compare and Merge.

• Loading time of the following Identity Governance web pages with heavy business workflows:

• Home page

• Workflows (Home > Administration > Workflows)

• Workflows Filter (Home > Administration > Workflows > Filter)

• Certification Management (Home > Compliance Management > Certification Management)

Resize the Column Width of the Certification Attributes

An administrator can now resize the column width of the certification attributes using the Column Width field that is newly added in the Display tab of a certification template. By default, the Column Width size is set to 200 pixels and it can range from 75 to 500 pixels.

A resizable Column Width field prevents the text truncation of the certification attributes, and enhances the look and feel of the certification screens for a business user.

For more information, see Certification Display Settings.

Monitor the Recent Import and Export Jobs from the Universe Connectivity Tab

An administrator can now monitor the status of the recent import and export jobs from the "Connectivity" tab of a universe using the following two options.

• Open recent import workflow

• Open recent export workflow

These two options enhance the interface usability by providing a convenient and an alternative way to track the status of the recent import and export jobs.

For more information, see Import Data and Export Data.

Identity Portal

• Unlock User using OTP

• User-Friendly Error Messages

• Custom Forms for Password Reset and Expired Password Scenarios

• Improved User Experience of the Certification Screens

Unlock User using OTP

Business users can now unlock their account only when the account is locked due to multiple wrong password attempts. Identity Portal supports the one-time password verification method to unlock a business user. The supported delivery methods for the one-time password are Email and Mobile Phone (Text Message, Voice Call). With the self-service unlock user functionality, users can now unlock their account with no administrator or help desk involvement thus reducing help desk calls and loss of productivity.

For more information, see Unlock User.

User-Friendly Error Messages

Identity Portal error messages are now presented to the business users in a simple, precise, and jargon-free manner. Error messages display the right amount of information for the business users to understand and efficiently resolve an application error.

Error messages can now include contact details (Email Id, Phone Number) of an administrator. Administrator contact details can be configured in the Admin UI at SETUP, General Configuration, System, Admin Email and/or Phone Number. Business users can contact the configured administrator for further assistance in resolving an error.

By default, the Show Trace button does not appear in an error dialog. An error dialog displays the Show Trace button only when the Enable Display of Exception Information option is enabled in the Admin UI at SETUP, General Configuration, System.

For more information, see General Configurations.

Custom Forms for Password Reset and Expired Password Scenarios

Identity Portal supports custom forms for the Password Reset and Expired Password scenarios. Organizations can implement strict password policies by adding a Password Strength Meter to the custom form handlers.

For more information, see Custom Forms for Password Change Scenarios.

Improved User Experience of the Certification Screens

Identity Portal enhances the user experience of the certification screens by supporting the following customizations in a certification template:

• Resize the column width of the certification attributes to prevent the text truncation, and enhance the look and feel of the certification screens for a business user. By default, the Column Width size is set to 200 pixels and it can range from 75 to 500 pixels. 

• Align action buttons (approve, reject, or reassign) and indicators to either left or right side of the certification screen as per the user convenience.

Note that these enhancements are applicable to the desktop view and not to the mobile view.

For more information, see Certification Templates.

Virtual Appliance

• Platform Support

• Java Upgrade to AdoptOpenJDK 1.8.0_292

• Symantec Directory Upgrade to 14.1 SP2

• Patch Transaction Logging

Platform Support

Virtual Appliance 14.4 CP1 supports only CentOS Stream 8 or Amazon Linux 2.

Java Upgrade to AdoptOpenJDK 1.8.0_292

Virtual Appliance has upgraded the Java version to AdoptOpenJDK 1.8.0_292. Virtual Appliance has introduced a custom Java configuration (java.conf) file that you can use to disable TLS v1 or v1.1 at the platform level.

For more information, see Disable TLS v1.0 and v1.1.

Symantec Directory Upgrade to 14.1 SP2

Virtual Appliance has upgraded Symantec Directory to version 14.1 SP2.

To learn about the new features in Symantec Directory 14.1 SP2, see Symantec Directory Documentation.

Patch Transaction Logging

Virtual Appliance now maintains a record of all patch transactions in the /opt/VA/VirtualAppliance/ca_vapp_patch_transaction.log file. The patch transaction log can be used to carry out patch management and troubleshooting activities.

For more information, see Patch Transaction Logging.

Note: To learn more about the new features and enhancements, refer to the respective release notes of the Symantec IGA components:

• Identity Manager

• Identity Governance

• Identity Portal

• Virtual Appliance

IGA 14.4 CP1 customers will be required to migrate to 14.4 CP2 by March 31, 2023.  Basic Extended Support may be available for a limited time after the End of Support date.

Helpful Resources

Broadcom provides resources to help you in the form of education, product documentation, community user group environments and experienced support personnel - please find a sample of these resources at the following locations:

• Symantec IGA Release Notes - Find details about the product features included in this release.  To ensure all available materials, please log into the site by using your Broadcom Support ID and password.

• Symantec IGA Support Dates - Find release and support lifecycle dates for all releases of Symantec IGA.

Thank you again for your continued business,

The Symantec IGA Teams