April 2020 Release: Version 5.0.3
| Ticket ID | Issue |
|---|---|
| SSD-15239 | (AD Connect) Fixed an issue where AD Connect could not be installed on a non-Domain Controller sever. |
February 2020: Version 5.0.1
| Feature | Description |
|---|---|
| TLS Support | AD Connect 5.0.1 supports TLS 1.2 as we prepare to End of Life TLS 1.0. and 1.1. See TLS 1.0 and TLS 1.1 End of Life in PingOne for Enterprise for more information. |
| .NET Requirement | New installations and upgrades to AD Connect 5.0.1 require the installation of Microsoft .NET Framework 4.7.2. See Installing AD Connect for more information. |
Fall 2019: Version 4.0.10
| Feature | Description |
|---|---|
| Active Directory Global Catalog | (AD Connect only) You can now elect to use the Active Directory Global Catalog for lookups. The option to enable the Global Catalog is in the AD Connect Configuration section of the AD Connect setup (). See AD Connect final setup for more information. |
Summer 2019 Release: Version 4.0.65
| Feature | Description |
|---|---|
| Branding | (AD Connect) You can now assign branding for the login and password reset pages. See Assign AD Connect branding and designs for more information. |
Fall 2018 Release: Version 4.0.5
| Ticket ID | Issue |
|---|---|
| SSD-10054 | (AD Connect) Fixed an issue where AD Connect did not allow duplicate values in an Octet String attribute. |
August, 2018: Version 4.0.3
| Feature | Description |
|---|---|
| TLS 1.1 and 1.2 now supported | We've added support for TLS 1.1 and 1.2. (SSD-8913). |
March, 2018: Version 4.0.1
| Feature | Description |
|---|---|
| (AD Connect) Added support for non-string data types | We've added support for non-string data types sent during SSO. (SSD-6582). |
| Ticket ID | Issue |
|---|---|
| SSD-6889 | (AD Connect) Fixed an issue where AD Connect was prevented from reconnecting to PingOne if an error was encountered while attempting to connect. |
October, 2017: Version 3.0.60
| Feature | Description |
|---|---|
| (AD Connect) Added logging of authentication method | We updated AD Connect logging to distinguish the method a user employs to authenticate (such as, IWA or Forms-based). (SSD-6103). |
| Subject | Issue/Limitation |
|---|---|
| ID-1289 | If you import more than one signing certificate with the same subject name into the IIS host for AD Connect, you must first remove expired certificates with the same subject name directly through IIS Manager. If this is not done you may experience problems when removing an expired certificate and updating it with a new one. |
July, 2017: Version 3.0.50
| Feature | Description |
|---|---|
| Invalid credential errors | Invalid credential errors are now logged at the Debug level, rather than the Error level as previously. (SSD-5372, SSD-5501). |
| Ticket ID | Issue |
|---|---|
| PINGONESTG-2489, SSD-5501 | (AD Connect with IIS only) Fixed an issue where communication issues with the DC were being masked by other error messages. |
| Subject | Issue/Limitation |
|---|---|
| ID-1289 | If you import more than one signing certificate with the same subject name into the IIS host for AD Connect, you must first remove expired certificates with the same subject name directly through IIS Manager. If this is not done you may experience problems when removing an expired certificate and updating it with a new one. |
June, 2017: Version 3.0.49
| Feature | Description |
|---|---|
| Invalid credential errors | (AD Connect with IIS only) Invalid credential errors are now logged at the Debug level, rather than the Error level as previously. (SSD-5372). |
| Ticket ID | Issue |
|---|---|
| PINGONESTG-2447, SSD-5372 | (AD Connect with IIS only) Fixed an issue in AD Connect with IIS where look ups for additional user information were sometimes incorrectly based on the user's email domain instead of the Windows domain, as expected. |
| PINGONESTG-2455, SSD-5372 | Fixed an issue where AD Connect could unintentionally be configured to strip the email domain from the username before trying to look up the user information based on their email (which would always fail). The Strip Email setting is now disabled for email-based lookup. |
| Subject | Issue/Limitation |
|---|---|
| ID-1289 | If you import more than one signing certificate with the same subject name into the IIS host for AD Connect, you must first remove expired certificates with the same subject name directly through IIS Manager. If this is not done you may experience problems when removing an expired certificate and updating it with a new one. |
June, 2017: Version 3.0.47
| Feature | Description |
|---|---|
| Debug logging | We've improved debug logging (PINGONESTG-2292). |
| Ticket ID | Issue |
|---|---|
| PINGONESTG-2413 | Fixed an issue where a user's thumbnail photo attribute wasn't encoded properly. |
| Subject | Issue/Limitation |
|---|---|
| ID-1289 | If you import more than one signing certificate with the same subject name into the IIS host for AD Connect, you must first remove expired certificates with the same subject name directly through IIS Manager. If this is not done you may experience problems when removing an expired certificate and updating it with a new one. |
June, 2017: Version 3.0.44
| Ticket ID | Issue |
|---|---|
| PINGONESTG-2377 | Fixed an issue where the photo attribute wasn't encoded properly. |
| Subject | Issue/Limitation |
|---|---|
| ID-1289 | If you import more than one signing certificate with the same subject name into the IIS host for AD Connect, you must first remove expired certificates with the same subject name directly through IIS Manager. If this is not done you may experience problems when removing an expired certificate and updating it with a new one. |
May, 2017: Version 3.0.43
| Ticket ID | Issue |
|---|---|
| SSD-4726 | Fixed an issue when using Filter as the lookup method with "Strip mail" disabled. AD Connect was appending the domain name if the user didn't include it. |
| SSD-5013 | Fixed an issue where, under certain conditions, errors were being displayed without the proper styling. |
| PINGONESTG-2341 | Fixed issue where static resources weren't loaded correctly on some pages. |
| Subject | Issue/Limitation |
|---|---|
| ID-1289 | If you import more than one signing certificate with the same subject name into the IIS host for AD Connect, you must first remove expired certificates with the same subject name directly through IIS Manager. If this is not done you may experience problems when removing an expired certificate and updating it with a new one. |
April, 2017: Version 3.0.42
| Ticket ID | Issue |
|---|---|
| PINGONESTG-2251 | Fixed an issue with filter-based authentication where disabling the Strip Email resulted in appending the Windows domain to usernames during the lookup. |
| Subject | Issue/Limitation |
|---|---|
| ID-1289 | If you import more than one signing certificate with the same subject name into the IIS host for AD Connect, you must first remove expired certificates with the same subject name directly through IIS Manager. If this is not done you may experience problems when removing an expired certificate and updating it with a new one. |
March, 2017: Version 3.0.38
Enhancements
- Support for TLS v1.1 & v1.0 following Salesforce removal of TLS v1.0 support
- From March 4, 2017, Salesforce is no longer supporting TLS v1.0. To minimize
impact for PingOne customers that use PingOne to connect to Salesforce via
delegated authentication for AD Connect with IIS, we've put together
information and instructions. These show you how to ensure your IIS deployment
running AD Connect for IIS supports the updated version of TLS (TLS v1.1 or
v1.2).
See How do I determine if I am impacted by Salesforce's TLS changes?
| Ticket ID | Issue |
|---|---|
| SSD-4121 | (AD Connect) Fixed an issue where concurrent SSO requests using IWA were resulting in network collisions. |
| ID-1357 | Fixed an issue that was causing some users to get an HTTP Error 400 when attempting to SSO to ZScalar from AD Connect. |
| Subject | Issue/Limitation |
|---|---|
| ID-1289 | If you import more than one signing certificate with the same subject name into the IIS host for AD Connect, you must first remove expired certificates with the same subject name directly through IIS Manager. If this is not done you may experience problems when removing an expired certificate and updating it with a new one. |
January 2017: Version 3.0.37
| Subject | Issue/Limitation |
|---|---|
| SSD-3870 | If you import more than one signing certificate with the same subject name into the IIS host for AD Connect, you must first remove expired certificates with the same subject name directly through IIS Manager. If this is not done you may experience problems when removing an expired certificate and updating it with a new one. |
| SSD-4139 | Fixed an issue where a user's middle name attribute could not be used in a SAML assertion. |
August 16, 2016: Version 3.0.31
| Ticket ID | Issue |
|---|---|
| ID-5623 | Fixed an issue where AD Connect was providing PingOne with the computer name, rather than the fully qualified domain name (FQDN). |
August 30, 2016: Version 3.0.32
| Ticket ID | Issue |
|---|---|
| ID-5826 | Fixed an issue where the connection to PingOne can intermittently be lost under certain conditions. |
| ID-5838 | When you use a custom theme.zip with AD Connect with IIS, the favicon is placed in the root directory. This prevents the custom theming from handling the state properly. |
August 9, 2016: Version 3.0.22
-->Enhancements
- AD Connect installer
- We've added the ability to define a verification certificate as part of the AD
Connect installation process. During installation, you have the option to:
- Create a new self-signed certificate.
- Select an existing certificate.
- Upload a certificate file.
May 17, 2016: Version 3.0.22
Enhancements
- New configuration parameter for AD Connect
- We've add the Subject Attribute parameter to the AD Connect Configuration section when installing or reconfiguring AD Connect. Use this parameter to choose the value to use for SAML_SUBJECT. The possible values are sAMAccountName and userPrincipalName.
| Ticket ID | Issue |
|---|---|
| ID-361 | Fixed an issue where AD Connect wasn't sending the address attributes in the SCIM User object if the StreetAddress attribute wasn't set. |
| Subject | Issue/Limitation |
|---|---|
| Provisioning | For a single PingOne account, if you have two AD domains with two provisioners, do not modify groups on one domain while the other domain's provisioner is restarting. This can cause unpredictable behaviour to occur. Ticket ID: IX-315. |
April 26, 2016: Version 3.0.20
Enhancements
- New configuration parameter for AD Connect
- We've add the Subject Attribute parameter to the AD Connect Configuration section when installing or reconfiguring AD Connect. Use this parameter to choose the value to use for SAML_SUBJECT. The possible values are sAMAccountName and userPrincipalName.
| Ticket ID | Issue |
|---|---|
| ID-5012 | Fixed an issue where users had no access to applications until the AD Connect Configuration service was restarted. |
| ID-4705 | Fixed an issue where PingID needed to be re-enabled after upgrading AD Connect. |
| Subject | Issue/Limitation |
|---|---|
| Provisioning | For a single PingOne account, if you have two AD domains with two provisioners, do not modify groups on one domain while the other domain's provisioner is restarting. This can cause unpredictable behaviour to occur. Ticket ID: IX-315. |
March 15, 2016: Version 3.0.14
Enhancements
- None
- (None to report for this release.)
| Ticket ID | Issue |
|---|---|
| ID-4668 | Fixed an issue where the AD Connect for IIS installation wasn't finding the required .NET version, although it was installed. |
| ID-4650 | Fixed an issue where provisioning for AD Connect was failing. |
Known issues and limitations
| Subject | Issue/Limitation |
|---|---|
| Provisioning | For a single PingOne account, if you have two AD domains with two provisioners, do not modify groups on one domain while the other domain's provisioner is restarting. This can cause unpredictable behaviour to occur. Ticket ID: IX-315. |
January 22, 2016: Version 3.0.12
Enhancements
- None
- (None to report for this release.)
| Ticket ID | Issue |
|---|---|
| ID-4010 | Fixed an issue where SSO wasn't working unless you restarted the AD Connect Configuration Service. |
Known issues and limitations
| Subject | Issue/Limitation |
|---|---|
| Provisioning | For a single PingOne account, if you have two AD domains with two provisioners, do not modify groups on one domain while the other domain's provisioner is restarting. This can cause unpredictable behaviour to occur. Ticket ID: IX-315. |
January 12, 2016: Version 3.0.10
Enhancements
- None
- (None to report for this release.)
| Ticket ID | Issue |
|---|---|
| ID-3995 | Fixed an issue where you weren't able to select the Provisioner Only option using a mouse or trackpad. |
Known issues and limitations
| Subject | Issue/Limitation |
|---|---|
| Provisioning | For a single PingOne account, if you have two AD domains with two provisioners, do not modify groups on one domain while the other domain's provisioner is restarting. This can cause unpredictable behaviour to occur. Ticket ID: IX-315. |
October 15, 2015: Version 3.0.8
Enhancements
- None
- (None to report for this release.)
| Ticket ID | Issue |
|---|---|
| ID-3613 | Fixed an issue where the installation instructions in the header of the screen to select the installation type weren't being displayed properly. |
| ID-3501 | Fixed the naming of the AD Connect with IIS selection on the installation type screen. |
September 16, 2015: Version 3.0
Enhancements
- Group Hierarchy Support
- We've added a configuration option to enable support for nested Active Directory groups. When this option is enabled, the nested groups will inherit the SSO permissions of their parent group or groups. See Installing AD Connect for instructions.
- Auto-Update Changes
- You can now use auto-update if your current installation is version 3.0 or higher. All prior versions of AD Connect require a manual update. See Updating AD Connect for instructions.
- .NET Requirements
- Microsoft Net 4.5.2 Framework is now required. The framework installation file is packaged with the AD Connect and AD Connect with IIS distributions.
| Ticket ID | Issue |
|---|---|
| ID-2277 | Fixed issue where the option to require a password on an initial login wasn't enabled by default. |
| ID-2222 | Fixed display of popup window to authorize an AD Connect update. |
| ID-2117 | Fixed error when configuring IdP using a new account. |
| ID-2074 | Fixed error when switching to edit mode from the settings summary page after previously exiting edit mode without making any changes. |
Known issues and limitations
| Subject | Issue/Limitation |
|---|---|
| AD Connect application requests redirected to the PingOne dock (ID-1441) | If you are using AD Connect and experiencing an issue where your
application requests are being redirected to the PingOne dock when you
aren't using the dock, enable the stateless option for AD Connect:
|
August 21, 2015: Version 2.1.17
Enhancements
- None
- (None to report for this release).
| Ticket ID | Issue |
|---|---|
| ID-2277 | Fixed issue where the option to require a password on an initial login wasn't enabled by default. |
| ID-2222 | Fixed display of popup window to authorize an AD Connect update. |
| ID-2117 | Fixed error when configuring IdP using a new account. |
| ID-2074 | Fixed error when switching to edit mode from the settings summary page after previously exiting edit mode without making any changes. |
Known issues and limitations
| Subject | Issue/Limitation |
|---|---|
| AD Connect application requests redirected to the PingOne dock (ID-1441) | If you are using AD Connect and experiencing an issue where your
application requests are being redirected to the PingOne dock when you
aren't using the dock, enable the stateless option for AD Connect:
|
July 21, 2015: Version 2.1.15
Enhancements
- None
- (None to report for this release).
| Ticket ID | Issue |
|---|---|
| ID-1306 | Fixed a misleading error message when attempting to communicate with PingOne. |
Known issues and limitations
| Subject | Issue/Limitation |
|---|---|
| AD Connect application requests redirected to the PingOne dock (ID-1441) | If you are using AD Connect and experiencing an issue where your
application requests are being redirected to the PingOne dock when you
aren't using the dock, enable the stateless option for AD Connect:
|
March 16, 2015: Version 2.1.10
Enhancements
- None
- (None to report for this release).
| Ticket ID | Issue |
|---|---|
| ID-246 | Fixed an issue where the distinguishedName Active Directory® attribute wasn't being sent for provisioning. |
| ID-242 | Fixed an issue where the attribute were being converted to all lowercase. |
February 25, 2015: Version 2.1.9
Enhancements
- ID-53
- We've added immutableId to the SCIM user object map in AD Connect outbound provisioning.
Resolved issues
| Ticket ID | Issue |
|---|---|
| None | (None to report for this release.) |
January 10, 2015: Version 2.1.4
Enhancements
- Office 365 Active Profiles
- We've added support for Office 365 active profiles.
- Password Functionality
- We've added the ability to reset passwords for AD Connect.
Resolved issues
| Ticket ID | Issue |
|---|---|
| None | (None to report for this release.) |
October 28, 2014: Version 2.0.45
Enhancements
- None
- (None to report for this release.)
Resolved issues
| Ticket ID | Issue |
|---|---|
| PINT-524 | Fixed exception when selecting CA signed certificate during installation. |
October 7, 2014: Version 2.0.44
Enhancements
- None
- (None to report for this release.)
Resolved issues
| Ticket ID | Issue |
|---|---|
| Various | Minor fixes. |
August 26, 2014: Version 2.0.42
Enhancements
- None
- (None to report for this release.)
Resolved issues
| Ticket ID | Issue |
|---|---|
| PINT-277 | Fix an issue where the subject is missing when the user principal name (UPN) isn't specified for the user. |
July 17, 2014: Version 2.0.39
Enhancements
- Authentication Lookup Parameters
- We've added support for configuration of authentication lookup parameters (such as attribute name and filter).
June 24, 2014: Version 2.0.34
Enhancements
- New AD Connect
- AD Connect is now available without an IIS dependency. You now have the option to install "AD Connect" or "AD Connect with IIS".
- IWA Support
- We've added the option to use Integrated Windows Authentication (IWA) with AD Connect.
- SAML_SUBJECT Value Changed
- The SAML_SUBJECT value is changed to userPrincipalName rather than sAMAccountName as in previous AD Connect versions. You need to update your application attribute mappings if SAML_SUBJECT is a source value for any of your application connections.
- SCIM Events
- We've added support for resending of user SCIM events on group monitoring changes.
- SCIM Attributes
- We now send only required SCIM attributes during provisioning.
- PingOne URL
- The new PingOne configuration URLs are now used.
- Certificate DN Parsing
- We've improved certificate DN parsing for AD Connect with IIS.
- Auto-Update
- We've improved the workflows for auto-update.