Why AvatierProductsSolutionsCustomersPartners
PricingRequest DemoResourcesSupport(925) 217-5170

Avatier Identity Management Suite (AIMS) 2018 Fall Release

Container and Orchestration · Cloud Application Integration · Password-less Login · Multi-Factor Authentication (MFA) · RESTful API’s

Deploy a unified framework for enterprise applications, cloud subscriptions, and identity security.

Identity Anywhere

New AIMS Landing page to showcase all AIMS modules, our Customer Care facilities, and our API.
Added a number of new CAPTCHA types including – Math, Number Sort, and Cube
Added support for Google Recaptcha V3 – Invisible CAPTCHA
Ability to disable the Cross Site Forgery Email alerts. The setting is on by default. Turning this option off will only write the data to the audit log and PSNET log.
Option to use managed SSL/TLS implementation instead of the managed one for SOAP connections. This is done by setting "SOAPUseManagedSecurityAPI" to "true" in the Attributes table.
Fixed Cross Site Request Auditing bug where the Cross site request warning was being triggered incorrectly.
Added an Anti-Forgery token for CSRF Validation
Eliminated unneeded extra AD calls during Authentication
Upgraded Telerk DLLs to v2017.3.913 for added security
Ability to configure timeout for SQL database calls
Microsoft SQL Server 2016 Certified
The Please Wait modal popup and Risk popup have been restyled

Password Management

Group Management for multi factor authentication assignment. Use AD groups to manage who can use the different MFA options
Increased the number range in drop down for Word list filtering strength
During PB monitored ctrl-alt-del password resets, allow for reverse user lookups
For the Windows login screen, provide Password Policy Feedback when the user tries to enter a password via the ctrl-alt-del making sure string passwords are being used
Ability to add SMS Carriers through the administration UI. You can now add country, name, and email address for additional carriers, alter existing names and email formats as well as disable items
Added Inclusion Group configuration for DUO, Google Authenticator, Biometrics, Symantec, OTP SMS and OTP Email. Accounts included in the specified group will be prompted for the respective information during enrollment and use in Password Station and SSO.
Added a key value to suppress the use of X-Frames for those customers who embed Password Station inside another web application that cannot use frames. In the Attributes table of AIMSCONFIG database, EnableSameOriginalHTTPHeader when set to a value of false with suppress the use of frames
Added feature that now allows the passing of the user’s domain, User ID and page designator to the Password Station default.Aspx page to place the user on the selected page. A new security setting in Password Station “Enable Destination URL Parameter for PS Default Page” was added to enable this feature
Corrected an issue with "One-Time" questions which are mass enrolled where caching was causing a user that just updated their questions to be prompted with "Your account is not properly enrolled for Password Station. Security Questions not found". The Audit Log would then contain the error "Questions challenge has invalid question sequence"
Configuration check that prohibits the configuration where “Require Help Desk Personnel to verify the user’s security question” and “Display One-Time Passcode SMS Verification” are enabled together, or “Require Help Desk Personnel to verify the user’s security question” and “Display One-Time Passcode Email Verification” settings are enabled together. The appropriate warnings are displayed at the top of the screen when a configuration save is attempted
Ability to configure an “Inclusion Group” to all Multi-Factor authentication mechanisms. MFAs that have an inclusion group defined will not appear to the user during Password Station Enrollment unless the user is a member of the specified group
Include best practice security questions to Password Station and Password Central. These questions will be appended to the list of questions currently in use by a customer and the items will be enabled by default
With an LDAP Authoritative Source with mappings to AD allows for Password Synchronization when Ctrl+Alt+Del is used across secondary accounts by performing a reverse mapping lookup
Added options to store the OTP Phone and Email address in the AIMS database instead of storing them in the Authoritative Source directory
The ability to have multiple Password Station landing pages has been added to the product. By passing the value of the connector ID in the URL, a user is now directed to different landing pages
PS Enroll User collection now excludes disabled users from the license count. When a user is disabled, the license is freed upon the next user collection that is either scheduled or manually invoked
Modified feedback when user is directed to change password screen when password is expired and they enter an incorrect current password. The text now just notes that the current password is wrong and user must hit Continue to try again

Single Sign-On (SSO)

Improved the overall functionality for managing user tags in SSO to be easier and more intuitive.
Added a new control for the Tags dialog box that when in edit mode, allows you to backspace over a tag to remove it
Added the ability to update search tags and descriptions on personal applications when the associated Enterprise application tag and descriptions are changed
Added the ability to search Enterpriser tags when filtering for SSO Applications
Added "All Personal" option to the My Tags dropdown
Added the ability to have case insensitive tag searches for both My Applications and Enterprise Applications
Corrected issue on the Web Applications page where the edit button had an incomplete border
Improved usability when attempting to remove an Enterprise application from the user portal. The save button was grayed out, but still clickable and returned an empty banner at the top of the page. Now, a disabled save button will not perform any action. Enterprise applications can only be hidden from the User’s portal page but not removed
Added SSO Edge Browser Extension support for Windows 10. Chrome, Safari, Firefox and Internet Explorer were already supported SSO browsers
Improved functionality when clicking on the configuration gear icon of an SSO application would select all displayed applications in the edit screen. Now, only that application is selected
Updated functionality when changing the currency type on the Access tab of an SSO web application definition caused the post back to switch to the Basic Configuration Tab. Now, the focus stays on the access tab
Added functionality for when in AIMS/SSO/Web Applications/Add and the “Hide Applications Already Added” checkbox is deselected, the focus is shifted to the filter text box

Lifecycle Management

Automated Approvers feature that allows for leveraging existing systems to automatically approve a user’s access if certain requirements are met. I good example of this would be making sure a user has taken proper training prior to being granted access to a system.
Identity Analyzer Connector level enable option allowing for configuration to determine what systems are included in the IA collection process
Role Consolidation will help to make sure that roles and privileges are managed. If user has privilege A as a standalone privilege, then is given role B which contains privilege A, then the standalone privilege assignment is removed and managed by the role
Alter Recipients for IE User email template "Recipient Acknowledgement Required"
Allow for Delegation of who can see and manage GE rules
Email address to all the user grids and exports in the Test Rule wizard plus on the non-wizard rule execute page
Added the “Show Details” button to the “Remove access” screen under User Management in the Identity Enforcer client. You can now view the details to obtain information about the provisioned item, including the recorded form data
Added a feature in Identity Enforcer / Security / Identity Properties that allows the suppression of the SLA in the shopping cart
Dynamic Workflow capabilities to better leverage existing data to have a workflow assigned based on specified data attributes related to the user
Allow customers to enter display name and have it resolve to email address
Account Terminator removes all proxies when it disables an account resulting from a Disable and not Leave of Absence
Ability to use “Evaluate” button for the Office 365 Queue screen to force an override of the Office 365 queued items countdown timer and force an evaluation on the next iteration of the retry processor, usually within one minute
Added a feature to associate a role code with a role, and set the provision event in the HR feed to map the code to up to 6 columns in the HR data
Improved functionality where after role consolidation or simple transfer, granted items that should have been marked as “Approved and Executed” were incorrectly stuck in an “Approved and Executed But Not Fully Granted” state. During an upgrade, this data will be corrected to reflect the true state of the transaction
Adjusted Deferred Queuing that when enabled and an item comes through the HR Feed for an existing user and is future dated, that items no longer eligible for deferred queueing. Deferred queuing is now only for items where the authoritative source account does not exist yet.
Corrected an issue with Roles and Approver page always showing future dated items. Now, once a future dated item is fully approved, it is hidden from the approver page for workflow administrators. You must check the “Show Future Events” check box to display future dated actions. The workflow administrator can cancel future dated requests.
Added the ability for Store Manager to import groups at the root of the domain, and those not contained within a specific OU
Functionality to combine the role consolidation and role reconciliation logic so privileges added outside of a role that are then added to a role are removed from the remove access grid when they become part of the role and the role is consolidated. The request history then correctly shows a history of "relocated."
Ability for Automated Approvers to be specified in the workflow
Ability to CSV Export the tables on the IE Unresolved Approvers page.
Improved page load performance for the Approver/WorkflowAdmin UI for customers who have large numbers of items in the queue.
Added a “Select All” option on the Privilege list grid for Roles to allow for bulk Privilege removal from Roles.
Modified Rehire so that outstanding Privilege Remove/Expire requests are not removed during a Rehire event.
For Automated Approvers a new column was added to the Request Detail screens with a label of "Date Retried". Also when a retry condition is met the reason will be listed in the Justification field. Once fully actioned the "Date Retried" field will be cleared and the "Date Actioned" filed will be populated.
When using an HR Feed with role codes you can now specify a default role name to be used as a fallback option.
Added the ability to sort items by column headers in the Approver Queue screens.
Added Privileges Created, Privileges Changed, and Privileges Removed One-Click reports.

Group Automation

Feature that allows the exclusion or the inclusion of disabled users in the processing of a group membership enforcement rule
Ability to specify a group that manages the parameters of a Group Enforcer rule and can test the rule.
Improved usability where in the Group Enforcement summary page there was errant HTML tags and formatting.
Renamed the label in the included user list of a role to say “Enforcement Source ID” which is better reflective of the system GUID.
Display of user's email addresses in the grids that display AD users. Grid exports will now also include the user's email address.
Added the secure attribute to cookies to increase overall security.

Access Governance

Set "Auto revoke undecided items on Project close" to off by default
Fixed an issue with emails not being sent properly to Reviewers when an Auditor made a decision.
Improved emails sent to Auditors and Reviewers when assigned at the group level
Auto Revoke settings added as a project configuration that allows access that is not verified to be automatically removed when an audit is complete
Updated Reviewers from seeing assigned items
Fixed an issue around Projects set with "In a batch when a Audit Project Owner closes the project" not submitting revoke calls to AIMS where a Revoke decision was made
Fixed an issue that was preventing the honoring of the project setting "Auto revoke undecided items on Project close" when an Auditor makes a decision that was not approved by the Reviewer
Changed text "In a batch when a Manager requests remediation" to read as "In a batch when a Audit Project Owner closes the project" for consistency
Added the capability to filter based on the AD Division Attribute

Identity Management Connectors

Amazon Web Services (AWS) Connector for Password Management and Lifecycle Management function
Azure Connector for Password Management and Lifecycle Management function
ACSC Universe connector for Password Management and Lifecycle Management function.
IBM LDAP with SDBM (RACF) as authoritative source
HP VMS Connector updated for newer operating systems. Utilizes new .NET Connector that connects using SSH.
Added Role and Profile user interface screen to Salesforce.Com privileges. The dropdowns are populated only when there is a valid connection defined on the SFDC connector.
SuccessFactors connector for Password Management and Life Cycle Management.
Certified for ServiceNow connectors for Identity Management and Ticketing integration for Kingston and London release.
Ability to read minimum password length from SAP RFC Connector in order to generate passwords that meet the current policy. Additional permissions are required for this Connector as of this build.
Account Unlock support for IBM Directory Server using SDBM/RACF backend. The unlock will undo an administrative disable. This can be turned off at the Connector level by setting the "Never unlock" option.

Multi-Factor Authentication (MFA)

Symantec VIP Integration for user authentication
Google Authenticator Mobile One Time Passcode for user authentication
Support DUO hard token as an authentication option
Ability for DUO to use the UserID instead of the user’s email address.
Okta Verify Integration for user authentication
Radius Integration for user authentication
Avatier Biometrics Integration for user authentication