Access Assurance Suite (AAS)
September 2024
Version: 9.6.0
September 12, 2024
Access Assurance Suite Features and Enhancements
-
The Initial Configuration screen now allows skipping steps to get to the workflow import step.
-
The Database Installer Utility is enhanced to support the selection of an OLE DB provider to use.
-
Provides the ability to uninstall the Core AAS Connection Server and Core AAS Connection Client services.
Core Access Features and Enhancements
-
New Approval Process configurations to associate with accesses to meet your organization’s needs. These new approval process configurations allow for configuring one or more approval steps.
-
Modernized the Manage Access Catalog interface.
-
Added ability to configure the columns of data viewable on View Requests and Request Management screens.
-
Policy conditions have been enhanced with the addition of “Not Like” and “Not In” conditions.
-
Accesss requests for multiple users enhanced with full name searchs.
-
Approvers now have the ability to review their approval history.
Access Assurance Portal Features and Enhancements
-
Improved session management.
-
Menu.xml file enhanced to support absolute URLs.
-
Support for the older Manage User Access and original Identity Mapping pages is no longer available.
Access Assurance Portal Lite Features and Enhancements
-
The new Access Assurance Portal Lite provides users outside of the enterprise network access to the functionality of the Access Assurance Portal.
-
An enhanced page is now available for use when the Access Assurance Portal Lite component is installed in a perimeter network and SAML SSO-based authentication is used by the external end users.
Data Management Features and Enhancements
-
Data Mangement has been enhanced to skip to the scheduling step of data collection without needing to configure steps 2 and 3 first, saving time in developing data mapping rules.
-
Ability to decouple the scheduling of the Identity Mapping rules from the data feed collection schedule is available.
-
Enhancements added to profile mapping include the addition of Active, Status, UserType, and NULL values.
-
The post-processing dropdown displays the current configured value.
-
Columns added to staging tables for exception processing.
-
Preference popup no longer displays duplicates.
Core Password Features and Enhancements
-
Transparent Synchronization updated to work with new DCOM defaults.
Core Compliance Features and Enhancements
-
Enhanced with the ability to submit a review cycle with a single quote as part of the contents of the comment.
-
Delegation to review Certification review cycle after the review cycle end date is possible.
-
Improved UI on the Review Cycles screen.
December 2022
Version: 9.5.0
December 2, 2022
Access Assurance Suite Features and Enhancements
-
Microsoft Windows Server edition 2022 support.
-
Support for the Transparent Synchronization Listener for Windows and the Password Management Module and Connector for Microsoft Active Directory when using Windows Server 2022 Domain Controllers.
Core Access Features and Enhancements
-
Improved Manage Access - The Manage Access and access request submission process is improved for better usability and performance.
-
Manage Applications – new feature to classify “applications” by all the related target systems.
-
Different time-bound range can be applied for each access in the request.
-
Account Awareness – Manage Access is now aware of the accounts mapped to the profile and prompts for selection of unique account if the profile has more than one account for the requested target.
Access Assurance Portal Features and Enhancements
-
Single Sign-On Authentication - SAML based SSO authentication is now available for authentication into the Access Assurance Portal.
-
Access Assurance Portal Lite for Perimeter Network - The web-based presentation components of the Access Assurance Portal can be installed within your perimeter network (DMZ) with the business application layer in the internal network.
-
Improved performance for authentication and authorization.
-
Support of deep links for portal pages – Users can navigate straight to specific page of the URL from their bookmark or email after authentication.
September 2021
Version: 9.4.0
September 7, 2021
Access Assurance Suite Features and Enhancements
-
AAS support on Google Cloud. AAS components and customer target systems can coexist in Google Cloud.
-
AAS now supports the Microsoft Edge Web Browser. This replaces the Microsoft Internet Explorer, which is no longer supported.
Core Access and Core Provisioning Platform Features and Enhancements
-
Request Management feature provides users with the ability to easily search requests, perform specific actions like sending reminders, canceling requests, or resubmitting failed requests, and filter requests by type, submission date, status, and more.
-
Time Bound access feature enables users to request access that is valid only for a specific amount of time.
-
Policy management has been enhanced with the addition of role-based access that assigns access to users based on clearly defined roles in the organization.
Enhancements to the Provisioning Platform
- Connector for Microsoft Active Directory Forest Authentication has been added to the suite.
April 2021
Version: 9.2.3
April 12, 2021
Access Assurance Suite Enhancements and Fixes
-
AAS support on Google Cloud. AAS components and customer target systems can coexist in Google Cloud.
Access Assurance Portal Enhancements and Fixes
-
The Password menu on the menu bar now includes a Profile Management menu item.
-
Parent menu items from menu bar can be rearranged as needed by assigning appropriate weights in the menu.xml file.
-
Enabled the authentication with the Connector for Sun Directory Server and authorization of dynamic community based on macros. Read the section Setting Up Connector for Sun Directory Server Authentication for Access Assurance Portal located below in the Readme.
-
Added the ability for customer logo to be displayed on Access Assurance Portal and the menu bar is updated to display a large logo.
Identity Mapping Solution Enhancements and Fixes
-
Improved conditions to not run disabled mapping rules.
-
Fixed the Identity mapping time out issue when using a staging table.
Enhancements and Fixes to the Provisioning Platform
-
The Admin Manager menu item now opens the Administration Manager with the Copy and Paste feature enabled.
-
Added a button for select all and deselect all in identity mapping screen of workflow.
-
Upgrade jQuery Version to 3.5.1 which enhance Security and Performances issue.
-
The new wodSSH 3.1.4 now ships for use with the Linux and UNIX based connectors.
Core Compliance Enhancements and Fixes
-
New default email template for assigning certifications. Template contains more informative details that differ based on the type of certification.
-
If the number of columns in the staging certificate table increases, a scroll bar assists with data selection for new certifications.
-
Added condition to the Unselect/Select All button so that select button can be used when navigating through other pages.
- My Certifications page:
Updated the width of Status column of my certification page to show proper status of each row in the certification.
Issue of raw data appearing in hover text over scroll bar is fixed.
Functionality enhanced so that rows of certifications grouped together collapse by default to save space.
The entire line of comments can be seen in a tool tip.
Core Access Enhancements and Fixes
-
Time Bound access management functionality. Submitters of an access request can set a start and end time for the requested access to be active. Once a time bound access request is approved, two requests are placed in the system: one that adds access to the user on the start date, and one that will remove user access on the end date. For information about how to use this function, read the Time Bound Access Management section in the Readme below.
-
Modified the Core Access user interface to show full descriptions, if the mouse is hovered over an entitlement description.
-
A new macro %Custom Macro.IsApproveAsProfileDelegationAvailable% can be used to assign Profile approval delegation.
- Manage Access improvements:
Manage Access Catalog page performance is improved for the role creation process.
Added a sorting functionality for entitlement in roles on Manage Access page
Manage Access page enhanced to disable the Submit button and to display a list of users with no available manager; or, if a default approver has been assigned, Manage Access page informs users that access requests will be sent to the default approver.
Updated all column data lengths making them consistent for access.
Manage Access page displays the list of available categories in the category list consistently.
When restriction is applied through Restrictions.Manage Access Search Roles, unused categories are removed.
Updated the Manage Access page filter to show data for intelligent modelling.
Modified the macro "Restrictions.Manage Access Search Users" which returns exact data that is shown to logged in user for Intelligent modelling.
Removed unnecessary pagination from current access on Manage Access page.
Improved performance on intelligent modelling.
Some stored procedures are updated to align consistent data sizes with the database schema.
- Approve and View Requests improvements:
Request page contains field for adding and storing comments when request is cancelled. Email template also updated to include those comments.
Approve Requests or View My Request pages input searching error fixed. The search character no longer disappears as soon as the user stops typing.
Request view page toggle button to view admin requests controlled through new entitlement "view.request.admin" and visible to users with that new entitlement. See the section, Request View Page Toggle Button for Viewing Admin Requests for information about how to set up this entitlement.
A required comment notification displays on the screen of an Approve Request. This comment field is a required field. The submit button is disabled until user enters any comment into the field.
The Approve Request page now honors the global config value: "AllowAttributeValueEditingonApproval". This enables users to modify the value of entitlement on approval.
The Approve Request Page, by default displays Acting As: All. This means that all approval requests, both approval requests that are a user's own, and delegated approval requests. Approvals and delegated approvals are differentiated by an info icon.
Improved the performance of Request Service to process the ready requests.
Fixed the functionality for auto search on View Request and Approve Request page, eliminating need to apply search filter.
Core Password Enhancements and Fixes
-
PMM for Oracle Internet Directory is included in the suite.
-
Updated PMM for Netscape Directory Server and Oracle Internet Directory no longer use the Agent port and CertificateDB target configuration parameters while configuring the target. These PMMs no longer use their agent Windows service.
-
Passwords validate, even if the password and verify password fields are masked or unmasked.
-
PMM for Databases no longer writes passwords from unsuccessful password reset attempts.
December 2020
Version: 9.3.1
December 18 2020
Access Assurance Suite Enhancements
- The Access Assurance Suite includes support for Microsoft Edge browser.
-
The Initial Configuration Manager performs a valid access key check for each workflow.
-
The Initial Configuration Manager handles the Equal To (=) character in the SQL Password.
- Initial Configuration Manager sets the Access Assurance Portal AD login user value in the database schema corectly.
Access Assurance Portal Enhancements
- Access Assurance Portal service account specified in the Connection Client Configuration Wizard does not need to belong to the local administrator group. The service account does require Full Control permissions on the WebSocket folder.
- In the Access Assurance Portal, the menu bar is updated to show a default icon (if not specified) for the new parent menu added.
- In the Access Assurance Portal, the Parent Menu items in the menu bar can be rearranged as needed by assigning appropriate weights in the menu.xml file.
- The Admin Manager menu item now opens Administration Manager with the Copy and Paste feature enabled.
- The Password menu on the menu bar now includes a Profile Management menu item
- The %Get LoggedInTargetName% and %Get LoggedInUniqueIDMacro% macros are updated to get the TargetID using the %Custom Macro.SQL.GlobalConfigValues.ActiveDirectoryTargetID% macro.
- The menu bar in the Access Assurance Portal is updated to show the large logo correctly.
- The menu bar in the Access Assurance Portal correctly shows long menu names.
The Data Management Feature Enhancements
-
Data Management improved the performance of collection rule execution when more than 100k records are collected.
-
The Identity Mapping process is updated to not execute disabled rules.
Enhancements to the Provisioning Platform
-
Custom Macro.JS.DerivedUsername macro in follwoing workflow are updated to get the TargetID using the %Custom Macro.SQL.GlobalConfigValues.ActiveDirectoryTargetID% macro
-
Automate_Add
-
Automate_Change
-
Automate_Conversion
-
Automate_Delete
-
Automate_Rehire
-
Automate_Terminate
-
XMLAOProvisioning
-
-
Upgraded jQuery Version to 3.5.1 to enhance the security.
-
Identity Map screen in workflow is updated to show Select All/Deselect All buttons, which will allow users to select/deselect all the identities on the visible page.
-
Updated Profile Management workflow summary page to show a correct message when the profile registration fails.
Core Compliance Enhancements
-
Manage Certification review cycle page user interface was updated to be more intuitive perform better.
- My Certifications list page:
Summary bar is improved to present overall certification review cycle information.
“% Complete” column is renamed to “Progress” and includes a progress bar as well as the percent complete.
- More flexible column sorting and filtering.
- Review Cycle page:
- A back button added to return to the list of certifications.
- A new Progress bar is introduced for the end-user to view the status of the review cycle and to filter the current decision status with a single click.
- More flexible column sorting and filtering.
- Bulk comment functionality is introduced for any decisions that require a comment.
- Actions column is replaced with the menu-based selection for per row decision selection.
- New approach for detail view:
- Detail view is displayed in a popup window with decision buttons available.
- Detail view is configurable in the ‘CustomUserControlConfiguration’ column in the CertificationTypeDetailView table.
- A Preferences button is added to select the columns to hide in the review cycle display.
- A new macro “Restrictions.Access Certification Reassignee Profile Search” is added to restrict the profile search the reassignee.
- The functionality supplied by the previous Expand All\Collapse All buttons is now available in a single button that toggles between Expand All and Collapse All.
- The old interface is accessible if needed, change the global config value for “ShowOldMyCertificationPage” to true in Global Options.
Core Access Enhancements
- Manage Access improvements include:
- Available and Current access panels display long entitlement descriptions better.
- Current Access panel modified to stop showing unnecessary paging.
- Approve and View Requests improvements include:
- Search Filters are updated to perform a search as search parameters are entered. There is no need to click on the Search icon..
Global Config value "AllowAttributeValueEditingOnApproval" is now being honored. An approver can modify the entitlement's attribute value depends on the setting.
-
Some stored procedures are updated to align consistent data sizes with the database schema.
Fixes
-
AAS resolved potential vulnerability associated with responses exposing software version numbers.
September 2020
Version: 9.3
Sept 16, 2020
New Features
-
The data collection process is now configurable using a newly designed user interface that enables administrators to control and automate data collection procedures. In addition, the data collection process has also been extended to synchronize the compliance review tables with the newly collected data, such that a compliance review can be initiated any time.
-
The AAS data collection process contains a new high-performance data collector. In addition, new collectors for Office 365, CSV, SQL Exchange 2013, and Workday are integrated into AAS.
-
Improved and automated installation process reduces the time and reduces potential errors associated with manual deployments. All required AAS software components install automatically to enable the first AAS login.
-
A new tool enables administrators to access and update specific sets of database tables with the user interface instead of accessing the database directly. Modifications are tracked with an integrated logging feature.
-
All AAS users are provided with a dashboard landing page. This initial page contains quick links for easy navigation to frequently used sections and performance-indicating charts can be enabled to provide at-a-glance information about the system.
- Reporting for AAS is enhanced by integration with HelpSystems Insite and Insite Analytics products. A free license for specific use in conjunction with AAS reporting is included.
-
AAS now contains deployment support to private cloud instances within Amazon Web Services (AWS). AAS components must share space along with the target systems in the same environment either together on-premise or in an AWS private cloud environment.
- The AAS suite supports Microsoft Windows Server 2019 and Microsoft SQL Server 2017 and 2019, enabling administrators to maintain server environments with the latest versions of Microsoft products.
Enhancements
-
New Login page to the Access Assurance Portal.
-
The menu style has been changed to a pop-out style that remains present on the side bar.
-
Access Assurance portal now has a global config: “PortalUserDisplayNameFormat” to configure the format to display names of users.
-
View My Request page provides the Admin and requesting user the ability to cancel request if approval is not processed.
-
Approve Requests and View My Requests have an enhanced filter mechanism to provide better search results.
-
A daily scheduler job added to the suite pushes the compliance data for following review cycle from the production table to the certification table.
-
Access Assurance Portal pages re-written and enhanced for better performance include:
-
ARM Delegate Privileges
-
Manage Identity Map
-
Data Security
-
Email templates
-
Global Options
-
Macros
-
-
A set of workflow templates are included in the suite to assist admins getting AAS up and running
-
A set of configurable Email templates has been provided and updated for use.
-
Custom Macros have been modified and a new macro VBS.Is AD Portal Admin has been added to AAS 9.3
-
There is a new dynamic community: Portal Admins added in 9.3.
-
Eight new Global Options have been added. For details, see the AAS 9.3 Readme.
Fixes
- AAS branding has been updated to reflect Core Security as a HelpSystems company.
Version: 9.2.2
Access Assurance Portal Enhancements
- The login process is updated to work correctly when the Forget Password link is configured on the login page.
- User Display name format - The access Assurance portal now has a global config “PortalUserDisplayNameFormat” which is used to configures the format to display names of users.
- The Access Assurance Portal menu is enhanced to show menu in the pop-out menu style.
- The Default Menu Items examples text file is updated with correct URLs.
Identity Mapping Solution Enhancements
- If the staging table does not have a TargetID column, choose any column name and mapping will use that column as TargetID.
Enhancements to the Provisioning Platform
- Administration Manager:
- Updated to display correct Help Text icons.
- Shows the Search field box for macro selection popup on the Google Chrome browser.
- Password dictionary check now supports additional symbols replacement:
@=a, !=l, 8=b, !=i, (=c, 6=d, #=f, 9=g, #=h, <=k, 9=q, 5=s, +=t, >=v, <=v, %=x, ?=y
- Custom Macro.JS.IdentityMap.Restriction macro in XMLAOProvisioning workflow is updated to pick the user account correctly if multiple accounts exist on the same target for a profile.
- Workflows now handle the attributes of NVARCHAR(max) and allow users to modify the value.
- The client IP address is logged correctly when a load balancer is used.
Core Compliance Enhancements
- The user interface was updated to be more intuitive and better performing.
- My Certifications list page:
- Summary bar is improved to present overall certification review cycle information.
- “% Complete” column is renamed to “Progress” and includes a progress bar as well as the percent complete.
- More flexible column sorting and filtering.
- Review Cycle page:
- A back button added to return to the list of certifications.
- A new Progress bar is introduced for the end-user to view the status of the review cycle and to filter the current decision status with a single click.
- More flexible column sorting and filtering.
- Bulk comment functionality is introduced for any decisions that require a comment.
- Actions column is replaced with the menu-based selection for per row decision selection.
- New approach for detail view:
- Detail view is displayed in a popup window with decision buttons available.
- Detail view is configurable in the ‘CustomUserControlConfiguration’ column in the CertificationTypeDetailView table.
- A Preferences button is added to select the columns to hide in the review cycle display.
- A new macro “Restrictions.Access Certification Reassignee Profile Search” is added to restrict the profile search the reassignee.
- The functionality supplied by the previous Expand All\Collapse All buttons is now available in a single button that toggles between Expand All and Collapse All.
- The old interface is accessible if needed, change the global config value for “ShowOldMyCertificationPage” to true in Global Options.
Core Access Enhancements
- Manage Access improvements:
- Users search panel shows vertical scroll bar works correctly on Microsoft Internet Explorer 11 browser.
- Selected access panels minimize automatically upon request submission.
- Advanced search functionality is updated to support CustomAttrStr and other attributes from vw_Profile sql view.
- The dropdown entitlements are parsed correctly when there is a space in the value.
- Tag, Intelligent Modelling, and Categories list on Select Filters panel font size is increased for better user experience.
- The request creation process is updated to not create a duplicate request of the roles\entitlements which are already assigned.
- Categories and Tags are filtered based on the access present in the Available Access panel.
- Manage Access page is modified to show Available Access panel and Current Access panel correctly on Microsoft Internet Explorer 11 and Google Chrome browser.
- Approve and View Requests improvements:
- Shows RequestID and Requester attribute for each request.
- By default, shows the list of entitlements without the user having to click on show button.
- A new option of “View all requests as administrator” is added on the View Request page to show all the requests. This option is only available for admin users who are part of ARM Admins community.
- An admin and a requester can cancel a request if the approval is not processed on view request page.
- When there is no request to approve or deny, the Approve All & Deny All buttons are disabled on approve request page.
- Enhanced with a new filter mechanism to narrow down the search.
- Courion Request Service:
- The Courion Request service is updated to pick the request as per the “SleepTime.InSeconds” configuration.
December 2019
Version: 9.2.1
Access Assurance Suite Enhancements
-
Access Assurance Suite uses JQuery 3.3.1 and Bootstrap 4.3.1 to minimize the risk of several vulnerabilities. Security fixes added to minimize the risk of web server vulnerabilities like cross-site scripting, content sniffing and external service interactions.
-
The size of SourceIPAddress and workflow columns in the Ticketing table schema is increased.
-
New column ‘RetryCount’ added in Notification Table.
-
Microsoft SQL Server 2017 and 2019 support.
-
Microsoft Windows Server edition 2019 support.
-
Support for the Transparent Synchronization Listener for Windows and the Password Management Module and Connector for Microsoft Active Directory when using Windows Server 2019 Domain Controllers.
Enhancements to the Provisioning Platform
- Hide Auth Step 1 functionality works correctly when workflow is launched from a web server that is on a different server than application server.
- Courion-ADAttributeTrigger-1.0 connector is enhanced to include Domain Controller in the target configuration.
- Enable User Utility is modified to get and display the correct list of disabled users after clicking on Get List button.
- Workflow page header bar now displays consistently.
- Branding changes – All workflows show the product name as “Core Access Assurance Suite” on the User Authentication screen.
- Configuration of Transaction Repository in Microsoft-ADO-3.0 connector is fixed to not show “The provider you chose was not 'Microsoft OLEDB Provider for SQL Server.' Return to the Data Link page and choose the proper provider.” warning message.
- Password Reset workflow shows space between word name as ‘Verify’ and label ‘Password’.
- ENABLE ENHANCED LOGGING configuration option on PMM for Microsoft Active Directory Target configuration screen now honors the setting and logs detail logging statements in log file.
- Workflow Auth Step 1 page is updated to display correct Help Text icons for modern interface.
- All Baseline workflows are modified to cache the static macros to improve performance.
Access Assurance Portal Enhancements
- The Windows Authentication feature works correctly and no longer shows the message “Your Username or password is incorrect”.
- Portal authentication supports use of HTML reserved characters like “<”, “>” in the password field.
- The menu bar of Access Assurance Portal now remains expanded as default behavior.
- New menu “Reports” with sub menu item “Connect to Insite” is added to the Menu Bar.
Core Compliance Enhancements
- Scheduled activation of the certification review cycle is fixed to trigger at 00:00 AM.
Core Access Enhancements
- Approval process handles “Profile Request” correctly.
- XMLAO Provisioning for Access Requests honors the Automated / Close Loop for the requested entitlement.
- Approve Request page is corrected to handle the delegated approval requests.
- Performance Improvements – Manage Access and Manage Access Catalog page is improved to handle large amount of data in-terms of User Profile, Entitlements and Roles.
- Custom image added in the Menu bar displays correctly in the chrome browser.
- Pagination on Manage Access is improved.
- Manage Access – Users Panel shows vertical scroll bar to accommodate user selection beyond the panel display limit.
- Manage Access page is modified to visible correctly on Google Chrome Update 76 browser.
- Approval request is showing clear differentiation in access Add / Remove requests, added indication tag which helps approvers to differentiate between Add / Remove requests.
- Admin Delegation functionality is fixed, an ARM Admin can delegate privileges and approvals on behalf of any user.
- Users who are designated as approvers can see Approval page and perform approval process correctly.
- Manage Access page is modified to show Entitlement description.
- Approval request is modified to show the Entitlement count correctly for the Role Definition request.
- Intelligent Modelling feature is modified to not show disabled users.
- Showing Role Shared Count on Manage Access page is now configurable, new global config value named “ManageAccess.Display.RoleShare.Count” is added in Global Configuration. By default, the config value is set to “false” (do not show count).
- Showing Role Shared Count on Manage Access page is now configurable, new global config value named “ManageAccess.Display.RoleShare.Count” is added in Global Configuration. By default, the config value is set to “false” (do not show count).
- Search boxes on Manage Access page are fixed to trim leading and trailing spaces in search string.
- Access request submission is fixed to populate the UserName into SubRequestItem table.
- Request Approval process is fixed to accept Approval Comments.
- Manage Access page is modified to show Available Access panel and Current Access panel correctly.
- Search functionality on Manage Access – Select Filters panel is improved, now user can search for any filter string and filtered result is available to apply filter. To clear the filter, Cross button is provided which will clear the search string and refresh the filter list.
- Tags functionality is improved to show Tags associated with the Available Accesses after selection of user from Intelligent Modelling.
- For delegated approvals Core Access tracks the name of the Acting Approver and this helps the auditing process.
- Category filter selection is modified and now users can select only one Category at a time to filter out the data.
- Paging is improved on Manage Access page to show exact count of accesses present in the grid.
- Loading icon is added on Manage Access page for adding / removing user to request.
- Notification Service is improved to not send multiple emails in case of failed delivery of the email.
Fixes
- The SQL.ApprovalsCheck.Logged In User, SQL.AccessApprovers.ApprovalsCount.Logged In User, IsApproveAsManagerDelegationAvailable, IsManagerRequestDelegationAvailable, Has Access Find Access By Intelligent Modeling, and Has Access Find Access By Entilements macros have been updated for this release.