NetIQ Identity Console 1.3 add various new features and resolves several previous issues. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs.
For more information about this release and for the latest release notes, see the Identity Console Documentation Web site. To download this product, see the NetIQ Downloads Web site.
Identity Console 1.3 provides the following key features in this release:
This release adds support for the following operating system for the standalone installation:
SUSE Linux Enterprise Server (SLES) 12 SP1, SP2, SP3, SP4 and SP5
SUSE Linux Enterprise Server (SLES) 15 SP1 and SP2
Red Hat Enterprise Linux (RHEL) 7.8, 7.9, 8.0, 8.1, 8.2 and 8.3
OpenSUSE 15.1 and 15.2
This adds support for the following browsers:
Latest version of Google Chrome
Latest Version of Mozilla Firefox
Latest version for Microsoft Internet Edge
This release introduces the following new features:
Identity Console can now be installed independently without a Docker environment. For more information, see Deploying Standalone Identity Console (Non-Docker) in the Identity Console Installation Guide.
This version of Identity Console let’s you add or remove multiple servers for your drivers and driver sets. For more information, see Adding or Deleting Servers in the Identity Console Administration Guide.
This version of Identity Console adds support for manging the Identity Manager drivers and driver sets properties. Using the Identity Console portal, you will be able to perform several tasks such as, setting driver and driver set parameters and configuration, configuring the trace and log levels etc. For more information on the new capabilities, see Managing Driver Set Properties and Managing Driver Properties in the Identity Console Administration Guide.
In this release, Identity Console introduces the capability to monitor a variety of statistics for a driver or an entire driver set. The statistics includes, cache file size, the size of the unprocessed transaction and oldest and newest transactions etc.For more information, see Managing Driver Set Statistics in the Identity Console Administration Guide.
This version of Identity Console ships the capability to view detailed information about how an object participates in Identity Manager relationships. These relationships include the connected systems that are associated with the object. For more information, see Inspecting Identity Manager Objects in the Identity Console Administration Guide.
This version of Identity Console ships the capability to view the data flow of the Publisher and Subscriber channels for all the drivers in a single view. For more information, see Managing Data Flow in the Identity Console Administration Guide.
This version of Identity Console provides the ability to manage those objects which contain reference to an entitlement. For more information, see Managing Entitlement Recipients in the Identity Console Administration Guide.
This version of Identity Console provides the ability to create, delete and filter different work orders generated by drivers. For more information, see Managing Work Orders in the Identity Console Administration Guide.
Using this version of Identity Console, you can check the password synchronization status and verify the password synchronization settings. For more information, see Managing Password Status and Synchronization in the Identity Console Administration Guide.
Using this version of Identity Console, you can manage the library objects which store multiple policies and other resources that are shared by one or more drivers. For more information, see Managing Libraries in the Identity Console Administration Guide.
Using this version of Identity Console, you can manage both the user and server certificates. These services allow you to protect confidential data transmissions over public communications channels such as the Internet. For more information, see Managing Certificates in the Identity Console Administration Guide.
Using this version of Identity Console, you can create, modify and delete various SNMP Group objects. For more information, see Managing SNMP Group Objects in the Identity Console Administration Guide.
This section lists those features which are not supported with this version of Identity Console but supported in iManager and Identity Designer.
The following features will not be supported with Identity Console:
Credential Provisioning
ID-Provider Policies
The following features are not supported with Identity Console currently and can be accessed via Identity Applications and Identity Designer:
Provisioning Requests
Workflows
Role-Based Entitlement Tasks
eDirectory to eDirectory Driver Certificate Wizard
Import/Export via File
Email Server Options
For information about prerequisites, computer requirements, installation, upgrade or migration, see Planning to Install Identity Console in the Identity Console Installation Guide.
Log in to the NetIQ Downloads page and follow the link that allows you to download the software. NetIQ provides a single tar.gz file to install Identity Console. Such as, IdentityConsole_130_Containers.tar.gz for Docker and IdentityConsole_130_Linux.tar.gz for standalone installation.
NOTE:Identity Console 1.3 supports eDirectory 9.2.4 HF2 and Identity Manager Engine 4.8.3 HF2. You must upgrade your eDirectory and Identity Manager Engine instances before using with this version of Identity Console.
Perform the following steps to apply eDirectory 9.2.4 HF2 and Identity Manager (IDM) Engine 4.8.3 HF2 on IDM 4.8.3 Engine container:
Run the following command to stop the Identity Vault instance on the Docker host where IDM Engine is running:
docker exec -it <engine-container name> su nds -c "/opt/novell/eDirectory/bin/ndsmanage stopall"
Download and extract eDirectory-9.2.4-HF2.zip and Identity_Manager_4.8.3_HF2_Engine.zip files in the shared volume. For example, /data.
Run the following commands to upgrade both eDirectory 9.2.4 HF2 and Identity Manager Engine 4.8.3 HF2 as root user.
docker exec -it <engine-container name> rpm -Uvh /config/eDirectory-9.2.4-HF2/Linux/*.rpm
docker exec -it <engine-container name> rpm -Uvh /config/Identity_Manager_4.8.3_HF2_Engine/Linux/*.rpm
Run the following command to change ownership to the nds user.
docker exec -it <engine-container name> /usr/bin/chown -R nds:nds /etc/opt /opt /var/opt /tmp /dev
To enable the ndsconfig service to be run as non-root user, run the following command
docker exec -it <engine-container name> /usr/sbin/setcap 'cap_net_bind_service=+ep' /opt/novell/eDirectory/bin/ndsconfig
To enable the ndsd service to be run as non-root user, run the following command
docker exec -it <engine-container name> /usr/sbin/setcap 'cap_net_bind_service=+ep' /opt/novell/eDirectory/sbin/ndsd
To enable the dxcmd service to be run as non-root user, run the following command:
docker exec -it <engine-container name> /usr/sbin/setcap 'cap_net_bind_service=+ep' /opt/novell/eDirectory/bin/dxcmd
Run the following command to start the Identity Vault instance:
docker exec -it <engine-container name> su nds -c "/opt/novell/eDirectory/bin/ndsmanage startall"
For more information on upgrading to Identity Console 1.3, see the Identity Console Installation Guide.
NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
The following list provides the summary of the known issues that you might come across while using the Identity Console portal with Single Sign-On:
The session timeout parameter com.netiq.idm.session-timeout specified in the ism-configuration properties file does not take effect in Identity Console. The portal fails to display the session time out warning message.
The session timeout parameter com.netiq.idm.session-timeout specified in the ism-configuration properties file does not take effect in Identity Console. The Identity Console portal does not log you out even if you log out from the Identity Applications (Identity Apps) which is using the same OSP instance.
The domain restriction set by com.netiq.oauth.domain parameter in the ism-configuration properties file does not take effect and allows you to login to Identity Console from any other domain.
If Identity Console is using the same OSP instance as Identity Apps, the Identity Console portal redirects you to the Identity Apps’ login page after logging out of the Identity Console portal. This occurs only for the first time after you restart the OSP server.
Issue: The Identity Console portal fails to load the drivers which are residing in a driver set when One SSO Provider (OSP) authentication is enabled along with Identity Console. You will receive the following error message:
No server in the driver set
Workaround: To workaround this issue, perform the following steps:
Login to the Identity Console portal as an Administrator.
For example, cn=admin,ou=sa,o=system
Go to Rights Management > Trustee from the Identity Console main page.
Browse and select the data container from the Context Browser.
Ensure that both data and uaadmin trustees are present. Click Apply.
Now, browse and select the driverset container from the Context Browser.
Add uaadmin as a trustee by clicking the + icon. uaadmin will be present inside the data container. Once done, click Apply.
Now the user can login as uaadmin to the Identity Console portal configured with OSP.
Issue: Identity Console does not fetch and display value for certain complex attributes such as, DirXML-EntitlementRef under the ID Vault column of the Object Inspector module.
Workaround: There is no workaround at this moment.
Issue: After viewing the activation information of a specific driver set using the context menu, the same information disappears from the driver set object.
Workaround: The activation information of a specific driver set can be viewed by accessing the IDM Administration module > Driver Set object context menu > Activation Info.
Issue: Identity Console does not support adding or deploying new policies for drivers. User can only edit existing policies using the Policy XML Editor.
Workaround: You must use iManager or Identity Designer to create and deploy new driver policies.
Issue: After the timeout period, Identity Console does not redirect its users to the login page automatically, instead, might display the following error:
http: named cookies not present
Workaround: You must manually refresh the browser to go back to the login page.
Issue: After the timeout period, Identity Console fails to display the modules under Identity Manager on its home page.
Workaround: You must manually refresh the browser to go back to the login page.
For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/.
Copyright © 2021 NetIQ Corporation, a Micro Focus company. All Rights Reserved.