PingDirectory

Delegated Admin 4.9 (March 2022)

Managing accounts now includes the ability to unlock accounts

Improved Delegated Admin

Previously, the only way to unlock an account was for an administrator to reset the password. Now, delegated administrative users can directly unlock an account without resetting the password. For more information, see Unlocking user accounts.

The initiate password reset option does not unlock accounts.

Resource types can now have custom names assigned for Members and Nonmembers columns

Improved Delegated Admin

This option is available for the Groups, Users, and Generic rest resource types.

For more information, see Manage groups.

The grant type is now set to Authorization Code with PKCE

Improved Delegated Admin

Earlier versions of Delegated Admin have used the Implicit grant type as the default OpenID Connect (OIDC) grant type. Because the Implicit grant type can leak access tokens, it is no longer recommended for use. In new installations of Delegated Admin, the grant type is set to Authorization Code with PKCE. To change your default OIDC grant type to Authorization Code with PKCE in existing installations of Delegated Admin, see Changing the default OIDC grant type.

For more information on the Implicit grant type, see OAuth 2.0 Implicit Grant.

dadmin-account-locked is not available for filtering

Issue Delegated Admin

Because the account locked state, dadmin-account-locked, is not a true attribute, it is not available for filtering in reporting.

No resources displayed for a correlated resource type

Issue Delegated Admin

If a resource is linked to more correlated resources than the correlated resource type’s search limit, then no resources will be displayed for that correlated resource type. To view the resources for that correlated resource type, increase the correlated resource type’s search limit.

Fixed error message issue

Fixed DS-40723 Delegated Admin

Fixed an issue where an error message was not displayed when password generation was unsuccessful.

Fixed multi-valued attribute deletion error

Fixed DS-45075 Delegated Admin

Fixed an issue that prevented the first value in a multi-valued attribute from being deleted.

Updated the warning banner for configuration errors

Fixed DS-45079 Delegated Admin

Updated the warning banner for configuration errors to only display for the first 10 seconds after signing in to Delegated Admin.

Added the ds-pwp-modifiable-state-json attribute

Fixed DS-45448 Delegated Admin

Added the ds-pwp-modifiable-state-json attribute to user resource types automatically.

Fixed a user password policy issue

Fixed DS-45502 Delegated Admin

Fixed an issue in which a user’s password policy was not being used to generate new passwords for the user.