Product
Hosting Environment
Operating System
Capability
Task Type
Close

PingOne for Enterprise release notes

Updated 18

Add to MyDocs | Hide Show Table of Contents

Table of Contents

May, 2018

Enhancements
Feature Description
ServiceNow provisioner (Kingston, Jakarta, Istanbul) We've added new capabilities for the ServiceNow applications:
  • Configuration options for the create/read/update/delete (CRUD) capabilities.
  • Configuration options for provisioning disabled users.
  • Support for Istanbul, Jakarta, and Kingston.

See Known Issues and Limitations for important information.

Note: This is a new ServiceNow provisioner. We've rebranded the existing provisioner from ServiceNow to "ServiceNow (Fuji)".
Box provisioner We've added new capabilities for the Box applications:
  • An option to create personal folders on user creates.
  • An option to force delete users with managed content.

See Known Issues and Limitations for important information.

Note: If you have an existing Box application, to take advantage of the new features you'll need to click through to the last page and save the application.
Resolved issues
Ticket ID Issue
SSD-7486 Fixed an issue when adding a new SAML application where changes to the signing algorithm were not being retained after saving the changes.

Deprecated features
Feature Description
Basic SSO and the browser extension Basic SSO and the PingOne browser extension are no longer offered for new PingOne accounts. Accounts that are currently utilizing Basic SSO or the browser extension can continue using these facilities without interruption. For accounts not currently using Basic SSO or the browser extension, availability of these facilities is no longer displayed.
Known issues and limitations
Subject Issue/Limitation
ServiceNow provisioner (Kingston, Jakarta, Istanbul) The following limitations apply:
  • Outbound Group Provisioning and Memberships are not supported.
  • User attributes cannot be cleared once set. They can only be updated.
  • When provisioning to ServiceNow, all user accounts in ServiceNow must have an assigned username (User ID) value. This is not a required field in ServiceNow. However, because the provisioner must use this field to sync with pre-existing users in ServiceNow, it's required for provisioning to function. If a user in ServiceNow resolves to sAMAccountName (the "standard" mapping in the provisioning channel), the accounts will be linked. Currently, if users exist in ServiceNow without an assigned UserName value, this will cause errors in provisioning. In this case, you can resolve the issue by ensuring every user has an assigned UserName, even if they are not intended to be managed by the provisioner.
  • When provisioning users, the username attribute must contain only URL-safe characters.
  • When synchronizing roles with users, the role attribute must contain only URL-safe characters.
  • If a new user is created with the same username as an existing user, a duplicate user will not be created. Instead, the existing user will be updated with any information assigned.
  • Due to limitations with the ServiceNow API, a role can be added to a user but not removed, which may cause a user’s role in the source data store to become out of sync with the user’s role in ServiceNow. For more information, see Enable User Role Removal.
  • When mapping the roles attribute, multiple calls to ServiceNow must be made to sync the user role information. This may impact provisioning performance.
Box provisioner The following limitations apply:
  • Clearing fields on updates is not supported.
  • The login attribute can't be updated through provisioning.
  • The Inactive Status Default user attribute has no effect if the Box connector is configured to delete (hard-delete) users instead of disable (soft-delete) users when de-provisioning. Additionally, deleting a user in an LDAP repository will always set the status for the user as "inactive" in the Box application.
  • Outbound Group Provisioning and Memberships are not supported.
  • A Box API limitation prevents login credentials from being updated by the provisioner when the character case differs. For example, "USER@TEST.COM", cannot be updated to "user@test.com". When the case differs, the Box API omits the login from the API operation. So, in an update operation, when the case differs, the login is omitted, but any other attributes that may have changed are provisioned and updated.
  • Due to Box API requirements, only primary, validated email addresses can be used to sync users.
  • Enabling Personal Folder functionality will diminish initial synchronization provisioning performance.

Tags Capability > Single Sign On; Product > PingOne