PingOne Advanced Identity Cloud

Rapid channel changelog

Subscribe to get automatic updates: Rapid channel changelog RSS feed

For release notes published before May 2024, refer to the Rapid channel changelog archive.

December 2024

03 Dec 2024

Reversions

Versions 15824.0 and 15770.0 have been reverted. All changes associated with these versions have been withdrawn. This affects the following changelog entries:

02 Dec 2024

Version 15824.0

This release reintroduces many features, enhancements, and fixes previously present in reverted versions.

Key features

PingOne Authorize node

Use this node to send a decision request to a specified decision endpoint in your PingOne Authorize environment.

PingOne Create, Identify, and Delete Nodes

The following PingOne nodes are now available:

PingOne Identity Match node

Use the PingOne Identity Match node to identify if a user exists both in the user repository and in PingOne, using defined attributes.

PingOne Create User node

Create new users in the PingOne platform using the PingOne Create User node. Create users based off of an existing user’s properties or choose to create the user anonymously. For example, when used in conjunction with PingOne Verify.

PingOne Delete User node

Delete users from the PingOne platform with the PingOne Delete User node.

PingOne Verify Nodes

Use the following PingOne Verify nodes in conjunction with the PingOne Identity Match node, PingOne Create User node, and PingOne Delete User node to create a seamless verification process in your journey:

PingOne Verify Evaluation node

Leverage PingOne Verify to initiate or continue a verification transaction with the PingOne Verify Evaluation Node.

PingOne Verify Completion Decision node

Determine the completion status of the most recent identity verification transaction for an end user.

Use before the PingOne Verify Evaluation node to determine the status of the verification process or after the PingOne Verify Evaluation node using a script to evaluate the transaction.

For example, you can evaluate if the transaction was completed using a passport and route your journey accordingly.

Use these nodes in place of the PingOne Verify Marketplace nodes.
reCAPTCHA Enterprise node

The reCAPTCHA Enterprise node node adds Google reCAPTCHA Enterprise support to your journeys.

SAML application journeys (AME-27850)

Added support for SAML application journeys with a new setting on the remote SP. Configure a specific authentication journey that always runs for users authenticating with your SAML 2.0 app, regardless of existing sessions or configured authentication context.

Set Failure Details node (AME-27871)

The new Set Failure Details node lets you configure a localized error message on journey failure. You can also configure extra details in the response body of the failure request.

Set Success Details node (OPENAM-12335)

The new Set Success Details node can be used to add additional details to the success response of a journey.

Enhancements

  • AME-26050: You can now create Next-generation Policy Condition scripts that have access to all common bindings, such as openidm and httpClient. Additionally, some existing bindings have been wrapped to improve usability in scripts.

  • AME-28228: OAuth 2.0 audit logs now include the OAuth2 client ID and any journey associated with the client.

  • AME-28941: There’s a new format-agnostic endpoint for Prometheus monitoring (/metrics/prometheus). The response payload format has not changed.

  • AME-28949: There’s a new compliant endpoint for Prometheus monitoring (/metrics/prometheus/0.0.4). The response payload format is the same as the previous endpoint, except metric names that had a suffix of _total now have a suffix of _sum.

  • AME-29009: When using the new FIDO Metadata Service, if you link to the FIDO metadata using a URL, Advanced Identity Cloud periodically downloads and updates the latest FIDO metadata based on the nextUpdate date specified in the downloaded data.

  • AME-29093: Added configuration for integration with WebAuthn Metadata Services (such as the FIDO Metadata Service). This includes a realm-level WebAuthn Metadata service and a new FIDO Certification Level configuration attribute in the WebAuthn Registration Node.

  • AME-29769: The Social Provider Handler node has a new configuration option, Store Tokens, that allows access and refresh tokens to be stored in the transient state.

  • FRAAS-22321: You can now obtain the HTTP client location from the X-Client-Region HTTP header within your scripts and journeys. The X-Client-Region header contains the country (or region) associated with the client’s IP address in the form of a Unicode CLDR region code, such as US or FR. For most countries, these codes correspond directly to ISO-3166-2 codes.

  • IAM-3323: You can now use XPath transformation functions with additional Workday application template attributes.

  • IAM-4540: You can now change the border color of a selected input field in journey and end-user pages.

  • IAM-6499: You can now associate a required authentication journey with an OpenID Connect (OIDC) application.

  • IAM-7198: You can now associate an authorization policy with an OIDC or SAML v2.0 application.

  • OPENAM-22666: The well-known endpoint is no longer required when configuring a social identity provider service. If it is not provided, Advanced Identity Cloud uses the client secret for signature verification.

  • OPENAM-23109: During a WebAuthn registration flow, if Store data in transient state is enabled, the Authenticator Attestation Global Unique Identifier (AAGUID) is now added to the node state under the webauthnData key.

Fixes

  • AME-28016: When an invalid redirect URI is provided to the /par endpoint, the URI mismatch error is now redirect_uri_mismatch instead of invalid_request.

  • AME-28017: Advanced Identity Cloud now accepts the requested OAuth 2.0 endpoint as a valid JWT audience claim, as per RFC 7519 and RFC 9126.

  • AME-28906: The stack trace of an authentication exception generated on login failure is now logged only when debug level logging is enabled.

  • AME-29170: On LDAP decision node login failure, stack traces are now logged at debug level.

  • IAM-7523: The user receiving a forwarded fulfillment task now has permission to approve or reject the task.

  • IAM-7537: Governance functionality is now only shown for the alpha realm.

  • OPENAM-18252: Journeys acting on multiple subjects now successfully update universalId in the tree context during the authentication flow.

  • OPENAM-20314: Added the ability to indicate whether an OIDC provider doesn’t return a unique value for the sub claim.

  • OPENAM-22966: Social IDPs now support NONE as a client authentication method. Use this option if the provider doesn’t require client authentication at the token endpoint.

November 2024

26 Nov 2024

Reversions

Version 15726.0 has been reverted. All changes associated with that version have been withdrawn. This affects the following changelog entries:

25 Nov 2024

Version 15770.0

Enhancements

  • FRAAS-22321: You can now obtain the HTTP client location from the X-Client-Region HTTP header within your scripts and journeys. The X-Client-Region header contains the country (or region) associated with the client’s IP address in the form of a Unicode CLDR region code, such as US or FR. For most countries, these codes correspond directly to ISO-3166-2 codes.

21 Nov 2024

Version 15726.0 (supplementary)

This version has been reverted and all associated changes withdrawn.

Key features

PingOne Create, Identify, and Delete Nodes [1]

The following PingOne nodes are now available:

PingOne Identity Match node

Use the PingOne Identity Match node to identify if a user exists both in the user repository as well as in PingOne, using defined attributes.

PingOne Create User node

Create new users in the PingOne platform using the PingOne Create User node. Create users based off of an existing user’s properties or choose to create the user anonymously. For example, when used in conjunction with PingOne Verify.

PingOne Delete User node

Delete users from the PingOne platform with the PingOne Delete User node.

PingOne Verify Nodes [1]

Use the following PingOne Verify nodes in conjunction with the PingOne Identity Match node, PingOne Create User node, and PingOne Delete User node to create a seamless verification process in your journey:

PingOne Verify Evaluation node

Leverage PingOne Verify to initiate or continue a verification transaction with the PingOne Verify Evaluation Node.

PingOne Verify Completion Decision node

Determine the completion status of the most recent identity verification transaction for an end user.

Use before the PingOne Verify Evaluation node to determine the status of the verification process, or after the PingOne Verify Evaluation node using a script to evaluate the transaction.

For example, you can evaluate if the transaction was completed using a passport and route your journey accordingly.

Use these nodes in place of the PingOne Verify Marketplace nodes.
reCAPTCHA Enterprise node [1]

The reCAPTCHA Enterprise node node adds Google reCAPTCHA Enterprise support to your journeys.

20 Nov 2024

Version 15726.0

This version has been reverted and all associated changes withdrawn.

Key features

Set Success Details node (OPENAM-12335)

The new Set Success Details node can be used to add additional details to the success response of a journey.

Set Failure Details node (AME-27871)

The new Set Failure Details node lets you configure a localized error message on journey failure. You can also configure extra details in the response body of the failure request.

Enhancements

  • AME-28941: There’s a new format-agnostic endpoint for Prometheus monitoring (/metrics/prometheus). The response payload format has not changed.

  • AME-28949: There’s a new compliant endpoint for Prometheus monitoring (/metrics/prometheus/0.0.4). The response payload format is the same as the previous endpoint, except metric names that had a suffix of _total now have a suffix of _sum.

  • AME-29769: The Social Provider Handler node has a new configuration option, Store Tokens, that allows access and refresh tokens to be stored in the transient state.

  • AME-29009: When using the new FIDO Metadata Service, if you link to the FIDO metadata using a URL, Advanced Identity Cloud periodically downloads and updates the latest FIDO metadata based upon the nextUpdate date specified in the downloaded data.

  • AME-29093: Added configuration for integration with WebAuthn Metadata Services (such as the FIDO Metadata Service). This includes a realm-level WebAuthn Metadata service and a new FIDO Certification Level configuration attribute in the WebAuthn Registration Node.

  • AME-26050: You can now create Next-generation Policy Condition scripts that have access to all common bindings, such as openidm and httpClient. Additionally, some existing bindings have been wrapped to improve usability in scripts.

  • OPENAM-23109: During a WebAuthn registration flow, if Store data in transient state is enabled, the Authenticator Attestation Global Unique Identifier (AAGUID) is now added to the node state under the webauthnData key.

Fixes

  • AME-28016: When an invalid redirect URI is provided to the /par endpoint, the URI mismatch error is now redirect_uri_mismatch instead of invalid_request.

  • AME-28017: Advanced Identity Cloud now accepts the requested OAuth 2.0 endpoint as a valid JWT audience claim, as per RFC 7519 and RFC 9126.

  • AME-28906: The stack trace of an authentication exception generated on login failure is now logged only when debug level logging is enabled.

  • AME-29170: On LDAP decision node login failure, stack traces are now logged at debug level.

  • OPENAM-18252: Journeys acting on multiple subjects now successfully update universalId in the tree context during the authentication flow.

  • OPENAM-22966: Social IDPs now support NONE as a client authentication method. Use this option if the provider doesn’t require client authentication at the token endpoint.

  • OPENAM-20314: Added the ability to indicate whether an OIDC provider doesn’t return a unique value for the sub claim.

20 Nov 2024

Version 15723.0

No customer-facing features, enhancements, or fixes released.[2]

19 Nov 2024

Versions 15711.0, 15715.0

No customer-facing features, enhancements, or fixes released.[2]

18 Nov 2024

Versions 15703.0, 15708.0

No customer-facing features, enhancements, or fixes released.[2]

15 Nov 2024

Versions 15687.0, 15696.0, 15699.0

No customer-facing features, enhancements, or fixes released.[2]

14 Nov 2024

Version 15682.0

Enhancements

  • OPENDJ-11012: Added support for Microsoft Identity Cloud PBKDF2-SHA512 password scheme in Advanced Identity Cloud.

11 Nov 2024

Version 15618.0

No customer-facing features, enhancements, or fixes released.[2]

08 Nov 2024

Version 15611.0

No customer-facing features, enhancements, or fixes released.[2]

07 Nov 2024

Version 15601.0

No customer-facing features, enhancements, or fixes released.[2]

06 Nov 2024

Version 15572.0

Key features

Configure journey to always run[3] (AME-27848)

Added a new setting for journeys to always run regardless of existing user sessions.

SAML application journeys (AME-27850)

Added support for SAML application journeys with a new setting on the remote SP. Configure a specific authentication journey that always runs for users authenticating with your SAML 2.0 app, regardless of existing sessions or configured authentication context.

SAML application script binding[3] (AME-28012)

Added a new samlApplication binding for querying the SAML 2.0 authentication request properties and IdP and SP configuration attributes.

Suspend and resume journeys (OPENAM-21806)

Next-generation decision node scripts can now use the new action.suspend() method to suspend the current authentication session and send a message to the user. Implement custom logic with the resume URI, for example, to send an email or SMS using the HTTP client service.

Enhancements

  • AME-27074: Added a new configProviderScript action to each authentication node endpoint to generate a configuration provider template script, for example: authentication/authenticationtrees/nodes/MessageNode?_action=configProviderScript.

  • AME-28258: Added a new "webAuthnExtensions" input to the WebAuthn Registration and Authentication nodes. This can be set via a Scripted Decision node. It is expected to contain a map of extension name to input. Output is currently not available.

  • AME-28384: The outcome of a Scripted Decision node can now also be a CharSequence type.

  • AME-28777: The refresh token grace period now applies to both client-side refresh tokens and server-side refresh tokens.

  • AME-29157: Authentication nodes with limited possible outcomes are now available to the Configuration Provider node, including:

    The Identity Assertion node, Push Wait node, and Enable Device Management node nodes with fixed outcomes are also now available to the Configuration Provider node.

  • OPENAM-22601: You can now use the next-generation script binding, utils, to generate secure random numbers.

  • OPENAM-22811: NodeState has two new methods: mergeShared(Map<String, Object>) and mergeTransient(Map<String, Object>). Use them to merge keys into the shared/transient state, including "objectAttributes" keys.

Fixes

  • AME-25491: The Configuration Provider node script now correctly reads node state after an inner tree callback.

  • AME-28786: Removed several unused UI properties from default social identity provider profiles.

  • AME-29027: WebAuthN attestations containing a self-signed root CA are now rejected instead of silently removed.

  • OPENAM-22465: Fixed error to return invalid_resource_uri when request_uri client doesn’t match request parameter client in PAR authorise request.

  • OPENAM-22675: In next-generation scripting, you can now set a default name correctly when creating a NameCallback.

  • OPENAM-22688: Fixed Page node localization to default to correct locale when the incoming accepted-language header doesn’t match the node’s language configuration.

05 Nov 2024

Version 15570.0

No customer-facing features, enhancements, or fixes released.[2]

04 Nov 2024

Version 15559.0

No customer-facing features, enhancements, or fixes released.[2]

01 Nov 2024

Version 15551.0

No customer-facing features, enhancements, or fixes released.[2]

October 2024

31 Oct 2024

Version 15532.0

No customer-facing features, enhancements, or fixes released.[2]

30 Oct 2024

Version 15508.0

No customer-facing features, enhancements, or fixes released.[2]

29 Oct 2024

Versions 15466.0, 15472.0

Enhancements

  • IAM-6388: Added the ability to specify that inner journeys can’t be accessed directly.

  • IAM-7185: The mapping tab for application provisioning now shows the inbound or outbound application type without needing to inspect a drop-down.

Fixes

  • IAM-7415: When creating an assignment, the _id is now automatically generated instead of using the name specified.

28 Oct 2024

Version 15453.0

No customer-facing features, enhancements, or fixes released.[2]

25 Oct 2024

Version 15434.0

No customer-facing features, enhancements, or fixes released.[2]

23 Oct 2024

Version 15399.0

No customer-facing features, enhancements, or fixes released.[2]

22 Oct 2024

Version 15374.0

No customer-facing features, enhancements, or fixes released.[2]

17 Oct 2024

Versions 15335.0, 15337.0

No customer-facing features, enhancements, or fixes released.[2]

16 Oct 2024

Versions 15321.0

No customer-facing features, enhancements, or fixes released.[2]

15 Oct 2024

Versions 15310.0, 15312.0

No customer-facing features, enhancements, or fixes released.[2]

14 Oct 2024

Version 15300.0

Enhancements

  • IAM-7187: Integration of SAP app template with IDM scripts.

  • IAM-7243[4]: Added text field to utilities category in IGA access request forms.

Fixes

  • IAM-7385: Unable to create user when required boolean property is set to false.

10 Oct 2024

Version 15258.0

No customer-facing issues released.[2]

07 Oct 2024

Version 15211.0

Enhancements

FRAAS-22177: Renamed "Advanced Gateway" to "Proxy Connect" throughout PingOne Advanced Identity Cloud, including URLs, OpenID Connect scopes, autogenerated code snippets, and UI labels.

01 Oct 2024

Versions 15154.0, 15158.0

Enhancements

IAM-4753: Added a toggle to the application catalog to hide deprecated templates.

September 2024

30 Sept 2024

Versions 15136.0, 15139.0, 15143.0

No customer-facing issues released.[2]

27 Sept 2024

Version 15124.0

No customer-facing issues released.[2]

26 Sept 2024

Versions 15111.0, 15114.0

No customer-facing issues released.[2]

25 Sept 2024

Versions 15084.0, 15096.0

No customer-facing issues released.[2]

24 Sept 2024

Version 15063.0

No customer-facing issues released.[2]

23 Sept 2024

Version 15058.0

No customer-facing issues released.[2]

20 Sept 2024

Versions 15044.0, 15052.0

Key features

Support for LINE as a social identity provider (AME-28672)

You can now configure a social provider authentication with LINE Login when signing in from a browser. There is a separate configuration for authenticating from a mobile app.

Learn more in Social authentication.

Identity Governance request and approval forms[4] (IAM-6358)

Identity Governance now lets you create request and approval forms to make it easier for end users to request access to applications.

Learn more in Identity Governance forms.

Enhancements

  • OPENAM-22666: The well-known endpoint is no longer required when configuring a social identity provider service. If it is not provided, Advanced Identity Cloud uses the client secret for signature verification.

Fixes

  • FRAAS-16228: Promotions are now halted if the AM CORS service is disabled; the service is essential to the correct functioning of promotions.

16 Sept 2024

Version 14975.0

Key features

Additional cloud connectors

The following connectors are now bundled with Advanced Identity Cloud:

  • AWS IAM Identity Center Connector v1.5.20.23 (OPENIDM-20038)

  • Box Connector v1.5.20.23 (OPENIDM-20367)

Learn more in the ICF documentation.

Enhancements

  • OPENIDM-19698: Added ability to use wildcards in the watchedFields property.

Fixes

  • OPENIDM-19336: Fixed an issue where delegated administrators couldn’t add new users to their organization.

  • OPENIDM-20238: Fixed an issue where clustered reconciliation can fail with "Expecting a Map or List" under specific circumstances.

13 Sept 2024

Version 14962.0

Key features

Advanced Reporting[5] (ANALYTICS-763)

Advanced Identity Cloud now offers Advanced Reporting to let you create custom reports on activity in your tenant environments. You can query a number of metrics to create useful reports for your company.

Learn more in Advanced Reporting.

Fixes

  • FRAAS-21715: Environments can now be unlocked if configuration rollback fails because there are no promotions to roll back.

11 Sept 2024

Version 14927.0

No customer-facing issues released.[2]

10 Sept 2024

Versions 14912.0, 14920.0

No customer-facing issues released.[2]

09 Sept 2024

Versions 14868.0, 14888.0

Key features

Scripted SAML v2.0 NameID values(AME-25921)

The NameID mapper script lets you customize SAML v2.0 NameID values per application.

Set State node (AME-26443)

The Set State node lets you add attributes to the journey state.

Http Client service (AME-27936)

The new Http Client service lets you create named instances that you can reference from a next-generation script to make mTLS connections to external services.

Learn more in Access HTTP services.

Enable Device Management node (SDKS-2919)

The new Enable Device Management node lets end users manage devices from their account.

Enhancements

  • FRAAS-21728: Updated the cookie domain API to add default values for GET requests where cookie domain values haven’t been overridden by a PUT request. The default values are derived from the existing tenant cookie domain configuration, so are backward compatible.

  • AME-26594: Added secrets API binding to all next-generation script contexts.

  • AME-27129: Added option to exclude client certificate from SAML hosted SP metadata.

  • AME-27792: Added AM-TREE-LOGIN-COMPLETED audit log event that outputs a result of FAILED. when a journey ends with an error.

  • AME-27839: Added the ability to specify connection and response timeouts for Http Client service instances.

  • AME-28008: You can now disable certificate revocation checks, or all certificate checks entirely, on your Http Client service instances.

Fixes

  • OPENAM-15410: Fixed an issue that prevented customization of claims if profile and openid scopes are requested.

  • OPENAM-20609: Fixed inconsistent error message when generating access token using refresh token after changing username.

  • OPENAM-21974: Adds an OAuth 2.0 client configuration for the new version of the LinkedIn provider.

  • OPENAM-22298: Log unretrieved SP and IdP descriptors in SAML2 Authentication node.

06 Sept 2024

Versions 14851.0, 14858.0

No customer-facing issues released.[2]

05 Sept 2024

Version 14848.0

No customer-facing issues released.[2]

03 Sept 2024

Version 14800.0

No customer-facing issues released.[2]

02 Sept 2024

Version 14781.0

No customer-facing issues released.[2]

August 2024

30 Aug 2024

Versions 14761.0, 14767.0

Fixes

  • FRAAS-21713: The promotion process now retries getting an access token from the lower environment, preventing promotion failures.

29 Aug 2024

Version 14741.0

Key features

DocuSign application template (IAM-6194)

The DocuSign application lets you manage DocuSign service accounts and synchronize DocuSign accounts and Advanced Identity Cloud identities.

Enhancements

  • IAM-6493: The PingOne application template now supports specifying an LDAP gateway.

  • IAM-6868: Added screen reader label to end-user access approval button.

  • IAM-6870: Added screen reader label to end-user access request button.

  • IAM-6880: Added a toggle in the hosted pages journey settings to disable the error heading fallback that displays if there is no heading in the page content. (FORGEROCK-1582)

Fixes

  • IAM-7033: Unable to save user filter in AD/LDAP app template.

27 Aug 2024

Version 14717.0

No customer-facing issues released.[2]

26 Aug 2024

Version 14683.0

No customer-facing issues released.[2]

22 Aug 2024

Version 14652.0, 14669.0

No customer-facing issues released.[2]

21 Aug 2024

Version 14626.0

Key features

BeyondTrust application template (IAM-6492)

The BeyondTrust application lets you manage and synchronize data from Advanced Identity Cloud to BeyondTrust.

Enhancements

  • IAM-7011: Older app templates are no longer marked "deprecated".

19 Aug 2024

Version 14592.0

No customer-facing issues released.[2]

16 Aug 2024

Versions 14568.0

No customer-facing issues released.[2]

14 Aug 2024

Versions 14530.0, 14538.0

No customer-facing issues released.[2]

13 Aug 2024

Version 14516.0

No customer-facing issues released.[2]

12 Aug 2024

Version 14467.0

No customer-facing issues released.[2]

09 Aug 2024

Version 14465.0

No customer-facing issues released.[2]

08 Aug 2024

Version 14454.0

No customer-facing issues released.[2]

07 Aug 2024

Versions 14443.0, 14450.0

No customer-facing issues released.[2]

06 Aug 2024

Version 14442.0

No customer-facing issues released.[2]

05 Aug 2024

Versions 14425.0, 14432.0

No customer-facing issues released.[2]

02 Aug 2024

Versions 14410.0, 14417.0

Enhancements

  • IAM-5233: Update SAP SuccessFactors app template to support connector version 1.5.20.22.

  • IAM-6874: Update journey analytics to use hourly data.

Fixes

  • FRAAS-21318: Promotion report now categorizes AM session service changes correctly.

July 2024

25 Jul 2024

Versions 14309.0, 14313.0

No customer-facing issues released.[2]

24 Jul 2024

Versions 14275.0, 14277.0, 14285.0

No customer-facing issues released.[2]

23 Jul 2024

Versions 14257.0, 14260.0

No customer-facing issues released.[2]

22 Jul 2024

Version 14238.0

No customer-facing issues released.[2]

19 Jul 2024

Version 14225.0

Key features

Adobe Admin Console application template (IAM-6195)

The Advanced Identity Cloud Adobe Admin Console application lets you manage users, groups, and user group memberships between Adobe Admin Console and Advanced Identity Cloud.

Enhancements

  • IAM-4279: Display available ESV placeholders in Decision Node script editor.

  • IAM-4654: Enable creation of all script types in Advanced Identity Cloud admin UI.

Fixes

  • IAM-5356: Session logout warning not displaying when maximum idle time set to a higher value than maximum session time.

  • IAM-6628: New draft option shouldn’t exist for out-of-the-box workflows.

  • IAM-6779: Pagination for list of apps not working when there are over 4000 apps.

18 Jul 2024

Version 14199.0, 14213.0

No customer-facing issues released.[2]

17 Jul 2024

Version 14175.0, 14187.0

No customer-facing issues released.[2]

16 Jul 2024

Version 14160.0, 14165.0

No customer-facing issues released.[2]

15 Jul 2024

Version 14149.0, 14150.0, 14156.0

No customer-facing issues released.[2]

12 Jul 2024

Versions 14108.0, 14113.0

Fixes

  • FRAAS-20397: The promotion process now retries tagging the lower environment after a network interruption, preventing blocking promotion failures.

11 Jul 2024

Versions 14100.0, 14101.0

No customer-facing issues released.[2]

10 Jul 2024

Version 14093.0

No customer-facing issues released.[2]

09 Jul 2024

Version 14069.0

No customer-facing issues released.[2]

08 Jul 2024

Versions 14062.0, 14063.0

Fixes

  • FRAAS-20983: Promotion reports now list changes to the default OAuth 2.0 provider.

05 Jul 2024

Versions 14046.0, 14047.0

No customer-facing issues released.[2]

03 Jul 2024

Version 14018.0

No customer-facing issues released.[2]

02 Jul 2024

Version 14013.0

Fixes

  • FRAAS-20970: The /monitoring/logs endpoint now returns an X-Ratelimit-Limit header with a fixed value of 60. Previously, the value was misleading due to the way it was calculated when scaling an environment’s resources. The X-Ratelimit-Remaining header continues to report the number of requests that may be sent before receiving a rate limited response.

01 Jul 2024

Versions 13982.0, 14004.0

Fixes

  • OPENIDM-18495: Disable sorting in the connector data tab in the IDM admin UI (native console).

June 2024

27 Jun 2024

Versions 13964.0, 13966.0

Key features

Additional cloud connectors

The following connectors are now bundled with Advanced Identity Cloud:

  • Adobe Admin Console connector (OPENIDM-19843)

  • DocuSign connector (OPENIDM-20190)

For more information, refer to the ICF documentation.

Fixes

  • OPENIDM-20142: Resolved a communication failure between Advanced Identity Cloud and RCS instances that could result in a prolonged failure to activate remote connectors.

Changed functionality

  • OPENIDM-20178: You can’t use scope private fields in query filters. For more information, refer to link:Security Advisory #202402.

26 Jun 2024

Versions 13953.0, 13956.0

No customer-facing issues released.[2]

25 Jun 2024

Version 13945.0

No customer-facing issues released.[2]

24 Jun 2024

Versions 13937.0

Key features

Product name change for Identity Cloud (FRAAS-20178)

To align ForgeRock products with Ping family names, ForgeRock Identity Cloud has been renamed to PingOne Advanced Identity Cloud. Name and logo changes have been updated throughout the user interfaces, and documentation updates will occur when the UI changes are released to the regular channel.

For more information, refer to the New names for ForgeRock products FAQ.

Enhancements

  • IAM-4785: Synchronize only the modified properties on a target source during reconciliation of applications.

  • IAM-5237[4]: Add ability for B2B business partners to certify access for their users using organizational-based certification.

  • IAM-5487: Correlation rules moved to the top of the reconciliation settings page.

  • IAM-5629[4]: Add ability to create scoping rules in Identity Governance.

  • IAM-6231: Scripted Decision Node now updates the list of scripts when a script is added or edited.

  • IAM-6544[4]: Add reviewer column to administrator list view of compliance violations.

Fixes

  • IAM-6135: ESV values containing accents get corrupted by encoding process.

  • IAM-6562: Label duplicated for OAuth 2.0 access token and ID token endpoints.

  • IAM-6669[4]: Badge count of violations in end-user navigation doesn’t update when an action is performed.

18 Jun 2024

Versions 13896.0, 13900.0

Key features

PingOne Protect nodes[6] (TNTP-180)

The new PingOne Protect nodes replace the deprecated PingOne Protect Marketplace nodes.

Fixes

  • FRAAS-20604: Removed superfluous AM metrics related to token store internals:

    • am_cts_connection_count

    • am_cts_connection_seconds

    • am_cts_connection_seconds_total

    • am_cts_connection_state

    • am_cts_reaper_cache_size

    • am_cts_reaper_deletion

    • am_cts_reaper_deletion_count

    • am_cts_reaper_deletion_total

  • FRAAS-20786: Fix promotion issue where an attempt was made to delete an already deleted application.

17 Jun 2024

Version 13890.0

No customer-facing issues released.[2]

14 Jun 2024

Version 13877.0

No customer-facing issues released.[2]

13 Jun 2024

Version 13865.0

No customer-facing issues released.[2]

12 Jun 2024

Version 13848.0

Key features

New utility binding available for scripting (AME-25519)

You can now use a new utility binding in your scripts to access several common utility classes. For example, the utility binding includes classes for generating random UUIDs and for base64 encoding and decoding.

Enhancements

  • AME-26199: Added the ability to set additional claims, including non-registered claims, during JWT assertion and generation, as per the specification.

  • AME-26820: Provided library scripts with access to all common script bindings.

  • AME-26993: Enhanced secret mapping for agents. Updating a secret label identifier value now causes any corresponding secret mapping for the previous identifier to also be updated, provided no other agent shares that secret mapping. If another agent shares the secret mapping, PingOne Advanced Identity Cloud creates a new secret mapping for the updated identifier and copies its aliases from the previously shared secret mapping.

  • AME-27346: Renamed Secret ID Identifier to Secret Label Identifier in the SAML remote entity provider configuration.

  • AME-27478: Renamed Client ID Token Public Encryption Key property to ID Token Encryption Public Key in the OAuth 2.0 client configuration.

  • AME-27775: Added scripting thread pool metrics per script context.

  • OPENAM-16564: Enabled next-generation scripts to access the cookies in incoming requests.

  • OPENAM-21800: Added page node functionality to next-generation scripts.

  • OPENAM-21933: Enabled auto-encoding of the httpClient form body in next-generation scripts.

Fixes

  • FRAAS-19461: Fixed an issue where large audit logs could be missing from IGA events and processing.

  • OPENAM-21748: Restored the missing get wrapper function for HiddenValueCallback in next-generation scripting.

  • OPENAM-21864: Fixed an issue that prevented setting the tracking cookie to resume a journey after returning from a redirect flow.

  • OPENAM-21897: Corrected inconsistent results from the policy evaluateTree endpoint.

  • OPENAM-21951: Enabled setting of the selectedIndex property in a ChoiceCallback in next-generation scripts.

  • OPENAM-22181: Corrected an issue with UMA approve and approveAll requests failing.

05 Jun 2024

Version 13760.0

Enhancements

  • FRAAS-20048: Configuration promotions can now be rolled back using the API. An environment can be rolled back successively to revert as many previous promotion changes as needed.

    This feature can’t be used in sandbox environments; a promotion or a rollback can only be run between development, UAT[7], staging, and production environments.

04 Jun 2024

Version 13741.0

No customer-facing issues released.[2]

03 Jun 2024

Version 13731.0

Fixes

  • FRAAS-20154: ESVs with special characters are now correctly encoded. The workaround of double-encoding ESVs is no longer required.

03 Jun 2024

Fixes

  • FRAAS-11180: Authentication session whitelisting is now enabled by default for new tenants[8]

  • IAM-5593: Adding roles to certain objects no longer breaks readable titles[8]

  • IAM-6537: Journey import now alerts users if they try to import a file containing missing references[8]

May 2024

22 May 2024

Versions 13570.0

Key features

Oracle E-Business Suite app template (IAM-6342)

The Advanced Identity Cloud Oracle E-Business Suite (EBS) application lets you manage and synchronize accounts between EBS and Advanced Identity Cloud.

Enhancements

  • IAM-6376: In the applications rules tab, you can now configure custom logic to perform specific actions, such as sending an email, when an account is successfully created or updated.

  • IAM-6380: In the applications rules tab, you can now use the provisioning failure rule to configure custom logic to perform specific actions when provisioning fails.

21 May 2024

Versions 13548.0, 13552.0, 13562.0

Enhancements

  • FRAAS-15404: When updating ESV secrets, the API saves a new secret version only when it differs from the previous value.

20 May 2024

Version 13528.0

Key features

Improved promotion of applications (FRAAS-19241)

It is now possible to promote applications via the API and not just the UI.

Additionally, the provisional report has been improved to only show applications that have changed, rather than always show all applications in the report.

Enhancements

  • FRAAS-19982: Configuration promotion now fails if Advanced Identity Cloud services do not restart successfully with the new configuration.

16 May 2024

Version 13493.0

No customer-facing issues released.[2]

15 May 2024

Versions 13477.0, 13482.0

No customer-facing issues released.[2]

14 May 2024

Versions 13464.0, 13465.0

No customer-facing issues released.[2]

13 May 2024

Versions 13445.0

No customer-facing issues released.[2]

10 May 2024

Versions 13417.0, 13424.0, 13426.0

No customer-facing issues released.[2]

07 May 2024

Versions 13361.0, 13359.0

No customer-facing issues released.[2]

06 May 2024

Versions 13352.0

No customer-facing issues released.[2]

03 May 2024

Key features

Webex application template (IAM-5234[9])

The Advanced Identity Cloud Webex application lets you manage and synchronize data between Webex Control Hub and Advanced Identity Cloud.

Epic EMP application template (IAM-2407)

The Advanced Identity Cloud Epic EMP application lets you manage and synchronize data between Epic EMP and Advanced Identity Cloud.

Enhancements

  • IAM-2653: Configure object properties with user-friendly display names.

  • IAM-3857: Application list view displays enabled/disabled status of enterprise apps.

  • IAM-5913[4]: Create custom access request workflows.

Fixes

  • IAM-6264: Approval actions display in the UI even when they are not available due to permissions.

  • IAM-6296: UI doesn’t display paginated results on application data and recon tabs.

  • IAM-6409: Logging out of UI generates malformed redirect realm URLs.

01 May 2024

Versions 13317.0

No customer-facing issues released.[2]


1. This issue was released on November 20, 2024 (Version 15726.0) but inadvertently excluded from the changelog.
2. This release focuses on internal improvements and technical updates to enhance the overall stability, performance, and maintainability of the platform. While there are no direct customer-facing changes, these updates lay the groundwork for future feature releases and improvements.
3. This issue was released on September 9, 2024 (Version 14888.0) but inadvertently excluded from the changelog.
4. This change applies to a feature only available in PingOne Identity Governance, which is an add-on capability and must be purchased separately.
5. Advanced Reporting is an add-on capability.
6. These nodes were released on June 12, 2024 (Version 13848.0) but inadvertently excluded from the changelog.
8. This issue was released on May 30, 2024 (Version 13664.0) but inadvertently excluded from the changelog.
9. This issue was released on April 17, 2024 (Version 13218.0) but inadvertently excluded from the changelog.