This is a major version upgrade from 6.x.x
TOC
IMPORTANT:
- If upgrading see Upgrade Identity Panel
- NOTE: Even though this is a major upgrade, the minor upgrade procedure may be followed after:
- Install .NET Core 8
- Review Identity Panel configuration for breaking changes (see notes below)
- If performing a clean install see Install Identity Panel
- Identity Panel Version 7 eliminates separate URL for Access Panel
- Service Panel settings are refactored in v7 and will need particular review post upgrade
Changes
Version 7 of the Identity Panel suite is our largest release to date and has numerous changes.
Suite
Introduces new graph processing model which dramatically enhances performance across the suite including HyperSync Panel, Service Panel, Access Panel, and Identity Panel reporting.
Supports .NET 8
Numerous provider enhancements including new providers like ADP, and new functionality for existing providers like Google Workspace, Entra, and Okta
Unifies Service Panel and Access Panel into one theme-able interface
Identity Panel
New provider framework, called Panel Connections supports faster and more robust scanning, higher export performance, and better schema support for point-and-click actions and exports in Service Panel, Access Panel, Test Panel, and HyperSync Panel. Version 7 continues to support existing providers, so migration to the new provider framework is optional.
Graph based report data source allows reports with hundreds of thousands of rows to build in seconds.
Introduces shared Request Policies framework that is usable across the product suite
- Request recipient override and delegation
- Bulk response via Excel
- Innovative request response UI
- Campaign ownership and management tools
- Flexible workflow and messaging options with re-usable templates and event triggers
- Time based queuing and batching of communications to reduce message fatigue
- Policy-based approach to individual vs. batch response
- Advanced logic for multiple approval chains, time-based escalation, and auto-escalation to prevent self-approval
- Integration into data-retention policies and advanced reporting capability
Introduces flexible Projected Silos framework for visualizing identity data for end users, whether for self-service, attestation, service desk operations, etc.
HyperSync Panel
Performance improvements from new graph framework: Example full synchronization time of 100,000 users is reduced from 5-15 minutes to 30-60 seconds.
Introduces immediate Delta Sync by default: all objects are synchronized immediately as they are scanned, allowing new accounts to be processed, provisioned, and updated, in seconds.
Eliminates sticky joins of Hyperverse records to better support cleanup of invalid join data. Introduces new join editor.
Built-in exports for Panel Connection providers, eliminates need to write workflows or action fixtures for data export and provisioning operations:
Faster processing of exports for Panel Connections 3-5x speedup in account export rate.
Eliminates Event Sync Rules: scenarios where they might have been used are covered by immediate delta sync.
Service Panel
New enhanced and modernized UI merged with Access Panel UI
Faster search response, and support for global search across all configured object types
Service Panel identity is tracked in Time Traveler can be used as a synchronization data source
Enhancements to settings interface for Service Panel makes it easier to project identity data and write form activities without loss of flexibility.
Access Panel
Access Panel is now fully integrated with Service Panel's user interface.
New policy engine allows version-controlled policies to be centrally configured for resource control.
Advanced criteria policies allow rules that inspect both resources and identities. This allows advanced membership rules that allow flexible modeling of multiple paradigms, including simple dynamic groups, hierarchical RBAC, and ABAC. Allows replacing hundreds of dynamic group definitions with a few simple policy rules.
Separation of Duties policy engine allows both reporting and enforcement. Maintains high performance (full policy synchronization in minutes) with large matrices of hundreds of thousands of users and millions potential entitlement conflicts.
Attestation Campaign Engine
Supports two modes (Survey and Entitlement) allow traditional access recertification, as well as identity reviews (such as for contractor recertification).
Flexible enrollment for one-off, recurring, and continuous campaign modes
Easy-to-use campaign management and reporting interface
Responsive and performant even with very large campaigns of tens of thousands of requests
Surfaces relevant data for responding users such as risk attributes like employment status and last logon, resource privilege level, and last certification time and response
Comments
0 comments
Article is closed for comments.