Important considerations for upgrading to this version of Delegated Admin:
PingDirectory 22.214.171.124 is now the minimum required version to use with Delegated Admin 4.0.0. If you are on an older version of PingDirectory, it will be necessary to upgrade to PingDirectory 126.96.36.199 to maintain compatibility.
Delegated Admin 3.5.1 is compatible with PingDirectory Server 188.8.131.52. However, versions of Delegated Admin that are earlier than 4.0.0 will not be compatible with versions of PingDirectory Server that are later than 184.108.40.206.
By default, the display name for the logged in delegated admin will no longer
display. To re-configure this functionality, please see the section on enabling the
name attribute to be returned with the OIDC id token. See the
Delegated Admin Guide for more information.
generate-passwordextended requests and password validation details request controls. This change is not applied during an update. You must run the following two dsconfig commands when updating :
dsconfig set-access-control-handler-prop --add \ 'global-aci:(extop="220.127.116.11.4.1.3018.104.22.168")(version 3.0; \ acl "Authenticated access to the generate-password extended \ request for the Delegated Admin API"; allow (read) userdn="ldap:///all";)'
dsconfig set-access-control-handler-prop \ --add 'global-aci:(targetcontrol="22.214.171.124.4.1.30126.96.36.199")\ (version 3.0;acl "Authenticated access to the password validation details request \ control for the Delegated Admin API"; allow (read) userdn="ldap:///all";)'
These are new features for this release of :
- Invite new users via e-mail: Taking advantage of the new e-mail notification capabilities of 188.8.131.52, now administrators can configure the service so that when a delegated admin creates a new user, the server can send an HTML e-mail to tell the new user their password and invite them to use their new account. Combine this with PingFederate self-service profile management to invite the new user to complete their profile.
- When creating users or resetting passwords, delegated admins now have the option to type in the new password or have the server generate a password. Previously the application only supported server-generated passwords.
- More flexibility in delegating the management of user profiles: Now administrators can configure the service so that delegated admins of one type, such as Employee, can create and manage users of other types, such as Customers or Members. Previously delegated admins could only create and manage users of their own type.
The following are known issues in this version of Delegated Admin:
Deploying the Admin Console to an external container using JDK 11 requires downloading the following dependencies and making them available at runtime (for example, by copying them to the WEB-INF/lib directory of the exploded WAR file).
- groupId:jakarta.xml.bind, artifactId:jakarta.xml.bind-api, version:2.3.2
- groupId:org.glassfish.jaxb, artifactId:jaxb-runtime, version:2.3.2
The following table identifies issues that have been resolved with this release of Delegated Admin:
|DS-39352||When adding a user to groups and there were no non-member groups to display, the notice text did not use proper context to reflect this state.|
|DS-39782||Constructed attributes were not updated in the application after their associated attributes were edited. A page refresh or subsequent data request was required to reflect the change for the constructed attribute in the application.|
|DS-40690||This scenario occurred when a delegated admin only had permission to edit users in certain groups. If the delegated admin then went to a user’s profile and removed them from the group which governed permission over that user, this action resulted in an application error.|