Identity Intelligence 1.1.1 Release Notes

April 2020

Identity Intelligence 1.1.1 includes new features and resolves previous issues.

Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs.

The documentation for this product is available on the Documentation website in HTML and PDF formats. If you have suggestions for documentation improvements, click comment on this topic at the bottom of any page in the HTML version of the documentation posted at the Identity Intelligence Documentation page.

1.0 What’s New

The following sections outline the key features and the issues resolved in this release:

1.1 SSL Communication by Default

Identity Intelligence now supports SSL between Identity Intelligence and its related components by default. You can choose to configure either one-way or two-way (mutual) SSL authentication. For more information, see Securing Communication Between Components.

1.2 Database Schema Documentation

Identity Intelligence documentation now includes the Database Schema documentation. This documentation provides information about Entity and Event schema for Identity Intelligence and also some sample queries for common use cases. You can use this information to create custom queries to retrieve data from Identity Intelligence. The schema documentation also contains sample queries for typical use cases. For more information, see Database Schema Documentation.

1.3 Software Fixes

Search in Access Rights Page Does Not Display the Latest Details

When you click Search in the Access Rights page, you can now view the latest details appropriately. (Bug 1159997)

Logging In Immediately After Log Out Leads to an Empty Page

When you log in to Identity Intelligence immediately after log out, the browser now displays the user interface appropriately. (Bug 1143141)

Legend is Unavailable for Non-Process Events in the Activity Type Visualization

Issue: In Views configured to summarize the data by Activity lifecycles plotted over time, you can change the visualization to display data by Activity Type. However, Identity Intelligence displays all non-process events as black dots. Also, the corresponding legend is not available. (Bug 1144466)

Fix: Identity Intelligence now represents non-process events in a different color with a corresponding legend.

2.0 System Requirements

For information about the software and hardware requirements for your deployment and performance tuning guidelines, see Identity Intelligence 1.1 System Requirements.

3.0 Downloading Identity Intelligence

Before you begin installing Identity Intelligence, you must download and unzip Identity Intelligence and all necessary product installation packages. The installation package also includes the respective signature file, for validating that the downloaded software is authentic and not tampered by a third party.

You can download the following installation packages:

Files

Description

identityintelligence-1.1.1.5.tar.gz

  • installers

    • cdf-2020.02.00120-2.2.0.2

    • arcsight-vertica-installer_3.1.0-3.tar.gz

  • suite_images

    • transformationhub-3.2.0.10

    • idi-1.1.1.10

    • analytics-3.1.0.10

    • arcsight-installer-metadata-2.2.0.10.tar

  • upgrade

    • cdf-upgrade-2019.08.00134-2.2.0.2

  • Single-node installer scripts

Contains the files required for installing and deploying Identity Intelligence:

  • Contains the following installer files:

    • CDF installer and CDF core image

    • Vertica installer

  • Contains the following image files:

    • Transformation Hub image

    • Identity Intelligence image

    • Analytics image

    • ArcSight installer metadata

  • Contains the following required for CDF upgrade:

    • CDF installer and CDF core image

  • Single-node installer scripts

Identity Intelligence 1.1.1 (Bundle+) License.txt

Legal information about third party code contained in Identity Intelligence

NIdM_Integration_Module_4.7_EntityDataModel.zip

Driver shim and packages for Identity Manager Driver for Entity Data Model

ig-config-utility-for-entity-data-model-1.1.1.1.tar.gz

Configuration utility for Identity Governance

SmartConnector for Identity Intelligence 1.1.1.1.zip

Includes the following:

  • SmartConnector for Syslog NG Daemon installation file

  • SmartConnector categorization file for Identity Manager

  • SmartConnector categorization file for Identity Governance

ArcSight-ArcMC-2.9.4.2221.0.bin

(Optional)

Installation file for ArcSight Management Center (ArcMC)

To download and verify the signature of the downloaded files:

  1. Log in to the computer where you want to install Identity Intelligence.

  2. Change to the directory where you want to download the installer files:

    cd <download_directory>

    For example:

    cd /opt

    NOTE:If you are planning to install Identity Intelligence by using scripts, use /opt as the download location.

  3. Download all the necessary product installer files from the Micro Focus Downloads website.

  4. To verify the signature of the downloaded files, enter the following command:

    Syntax: sha256sum <file_name>; cat <file_name>.sha256

    Example: sha256sum identityintelligence-x.x.x.x.zip; cat identityintelligence-x.x.x.x.sha256

    The output from each set of compressed installation packages should match their corresponding SHA-256 signatures. If they do not match, download the files again and verify the signature. If the checksum does not match even with the new files, contact Micro Focus Customer Support.

  5. To unzip the downloaded files, enter the following commands:

    For tar file: tar xvfz <file_name>.tar.gz

    For zip file: unzip <file_name>.zip

4.0 Installing Identity Intelligence

Micro Focus provides several options for installing your Identity Intelligence environment. For more information, see the Administrator Guide for Identity Intelligence.

5.0 Upgrading Identity Intelligence

You can upgrade to Identity Intelligence 1.1.1 from Identity Intelligence 1.1. For information about upgrading Identity Intelligence, see Upgrading Identity Intelligence.

6.0 Known Issues

Micro Focus strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.

6.1 Approver Information is Missing in the Summary Panel for Workflow Processes from Identity Manager

Issue: Identity Intelligence does not display approver information in the Summary Panel for workflow processes from Identity Manager. (Bug 1159995)

Workaround: This issue is caused as the permission name is missing in 31524 Workflow Approved events in Identity Manager 4.8.0 (Bug 1160045). This issue will be fixed in Identity Manager 4.8.1. To get an immediate resolution to this issue, contact Micro Focus Customer Support.

6.2 Identity Intelligence Displays Modified Account Details as Blank

Issue: In the User Profile page, Identity Intelligence does not display the account details for the account for which User logon name is modified in the Active Directory. Blank space is displayed instead of the modified account details. (Bug 1158482)

Fix: This issue is caused by a bug in Identity Manager 4.8.0.0 (Bug 1157343) and is fixed in Identity Manager 4.8.0.1. Therefore, if you are using Identity Manager 4.8.0.0, ensure that you upgrade Identity Manager to version 4.8.0.1 or later.

6.3 Ignores Some Identity Manager Data Received from Non-LDAP-based Drivers

Issue: Identity Intelligence receives data from Identity Manager through the Identity Manager Driver for Entity Data Model. This driver was designed to collect data that Identity Manager receives from drivers similar to the LDAP-based Directory Integration drivers for Identity Manager. Identity Intelligence can also receive data that originates from other types of Identity Manager drivers. However, some drivers might configure data in a way that the Entity Data Model driver cannot interpret. To avoid corrupting data that might be displayed in View and Profiles, the Entity Data Model driver ignores any collected content that does not meet its expected formatting.

For more information about the LDAP-based Directory Integration drivers, see the documentation site for Identity Manager drivers.

Workaround: If you have an incidence where Identity Intelligence fails to appropriately display data that originates from a non-LDAP-based driver, please contact our Customer Center to determine the exact nature of the data problems.

6.4 Formatting Issues in PDF if Columns Have Large Data

Issue: In the View’s table, when you add a column whose fields contain a large data, Identity Intelligence fails to export the data appropriately in the PDF file. For example, some rows in the Message column might contain such a large amount of data that Identity Intelligence cannot incorporate it appropriately in the PDF. (Bug 1064599)

Workaround: Export the data as a CSV file.

6.5 Identity Intelligence Displays a ? for User Information that Contains Non-English Characters

Issue: If user information such as a name or email ID contains non-English characters, Identity Intelligence displays ? for those non-English characters. (Bug 1168412)

Workaround: None.

6.6 Identity Intelligence Does not Display Identity Governance Account Aliases

Issue: Identity Intelligence does not display account that was used as an identity source for the user in Identity Governance. (Bug 1142135)

Workaround: If you have both Identity Manager and Identity Governance, configure data collection as follows:

6.7 Access Requests From Identity Governance Displays Approved Date Instead of Creation Date

Issue: In case of access request approval, Identity Intelligence displays approved date instead of creation date because creation date is replaced by approved date when the access request is approved. (Bug 1146908)

Workaround: None.

6.8 Known Issues in RedHat that Affect Identity Intelligence

Issue: Known issues associated with RedHat can affect Identity Intelligence by causing sluggish performance and errors in the server log, particularly in a single-node deployment.

  • You might observe slow responses times and that some of the deployed pods enter the “CrashLoopBackoff” state. This issue tends to occur because of large quantities of calls to the NFS client. (Bug 1145490)

  • When logging into Identity Intelligence, the server might send the user back to the login page, particularly after you first install Identity Intelligence. You would see the following type of error in the idi-web-app log:

    Unable to fetch user details from management after retrying, error: StatusCodeError: 401

    (Bug 1144088)

  • After logging into Identity Intelligence, you may be redirected to ADMIN > Account Groups page wherever you click on the user interface. (Bug 1144088)

Workaround:

  1. Follow the instructions in RedHat Solution 3915571.

  2. Restart the User Management pod by performing the following:

    1. Get the User Management pod details:

      kubectl get pods --all-namespaces | grep hercules-management

      Example output:

      NAMESPACE                                      NAME                               READY        STATUS         RESTARTS               AGE
      arcsight-installer-p2dlt         hercules-management-7f876b4978-9xkl6             2/2          Running            6                  10d       
    2. Delete the User Management pod:

      kubectl delete pod -n <namespace> <management pod name>

      Example:

      kubectl delete pod -n arcsight-installer-p2dlt hercules-management-7f876b4978-9xkl6

      When you delete any pod, the pod will start automatically.

6.9 Vertica Uninstallation Cancels Unexpectedly

Issue: When uninstalling Vertica using the uninstall-single-node.sh script, uninstallation cancels unexpectedly if you press Enter after typing y at the following prompt:

Are you sure that you want to UN-INSTALL Vertica node(s)? (y/n)?y 

(Bug 1148473)

Workaround: In the prompt, ensure that you do not press Enter after typing y.

6.10 Identity Intelligence Displays Duplicate Records When You Click the Search Button Multiple Times

Workaround: There is no workaround at this time.(Bug 1166975)

6.11 Proper Message Is Not Displayed When Valid Data Is Not Available for an Entity

Issue: When you view the details of an entity that was valid in the past but not valid currently by changing the time to Now, it displays null values instead of a proper message.(Bug 1167766)

Workaround: There is no workaround at this time.

6.12 ITOM-DI Pods Do Not Restart Automatically After Reinstalling Transformation Hub

Workaround: Manually restart all ITOM-DI pods after reinstalling Transformation Hub:

  1. Get the name of all ITOM-DI pods:

    kubectl get pods --all-namespaces | grep itom-d

  2. Restart all the pods individually by executing the command:

    kubectl delete pod -n <namespace> <ITOM-DI pod name>

(Bug 1168731)

6.13 Displays Incorrect Icon and Label for Non-Processed Access Rights Provided Event

Issue: The non-processed access rights event status is displayed as complete instead on non-process in the visualization.(Bug 1169434)

Workaround: There is no workaround at this time.

6.14 Identity Intelligence User Interface Continues to Display the Entities Even After It Is Deleted in the Data Source

Issue: When you create and delete an entity in quick succession in the data source, you can still view that entity in the Identity Intelligence user interface. (Bug 1169583)

Workaround: Contact Micro Focus Customer Support.

6.15 Known Issues in Entity Data Model Driver

For known issues related to the Entity Data Model driver, see Known Issues in the Identity Manager Driver for Entity Data Model Implementation Guide.

7.0 Legal Notice

© Copyright 2020 Micro Focus or one of its affiliates.

The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro Focus”) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.

For additional information, such as certification-related notices and trademarks, see https://www.microfocus.com/about/legal/.