Delegated Admin
Consider the following points when upgrading your version of Delegated Admin.
Considerations
If you’re running Delegated Admin 3.5 or earlier, upgrade it to the latest version to use PingDirectory 8.0 or later. For information about the compatibility between Delegated Admin and PingDirectory server versions, see the Compatibility matrix. |
Upgrade considerations introduced in Delegated Admin 4.9
The default OpenID Connect (OIDC) grant type used by the dadmin
client has been updated to Authorization Code with PKCE. The Delegated Admin application will continue to function normally with the Implicit grant type.
If you want to switch to Authorization Code with PKCE, see Changing the default OIDC grant type.
Upgrade considerations introduced in Delegated Admin 4.8
Two new permissions that affect user resource types have been added in Delegated Admin 4.8:
-
Update-profile
grants the ability to update user profiles without allowing password-related privileges. -
Reset-password
grants the permission to reset passwords without the ability to change other user attributes.
To preserve current admin rights, no action is required after you upgrade.
For more information, see Configuring delegated administrator rights on the PingDirectory server.
Upgrade considerations introduced in Delegated Admin 4.6
To use the functionality that allows a help desk agent to trigger a password reset for a user, you must enable the Modifiable Password Policy State plugin on the PingDirectory server that serves as a resource backend.
To enable the Initiate Password Reset menu option on user entries, perform the following steps:
-
Run the following command to enable the plugin needed for triggering Initiate Password Reset:
dsconfig set-plugin-prop \ --plugin-name "Modifiable Password Policy State Plugin" \ --set enabled:true --set "base-dn:${searchbasedn}" \ --set "filter:(|(objectClass=person)(objectClass=ds-cfg-user))"
-
Run the following command to add a Delegated Admin attribute to the users rest type for
ds-pwp-modifiable-state-json
:dsconfig create-delegated-admin-attribute \ --type-name users \ --attribute-type ds-pwp-modifiable-state-json \ --set "display-name:Modifiable Password Policy State" \ --set display-order-index:9999
When you install Delegated Admin 4.6 using the |