Release 21.04.00.00 (Version 1.0)


  • Installation script to be able to provide a customer environment

  • Installation script to install an IAM.cloud gateway

  • Identities Life Cycle (entry/change/department and function change/leaving/reentry)
  • Location, organizational unit and cost centers Life Cycle
  • Creation, modification and deletion of business roles
  • Standard recertification
    • Attestation of business roles
    • Attestation of memberships in business roles
    • Attestation of the assignment of system authorizations to cost centers
    • Attestation of the assignment of system roles to cost centers
    • Attestation of the assignment of system authorizations to departments
    • Attestation of the assignment of system roles to departments
    • Attestation of the assignment of system authorizations to locations
    • Attestation of the assignment of system roles to locations
    • Certification of new users
    • Attestation of secondary cost centers
    • Attestation of secondary departments
    • Attestation of secondary sites
    • Attestation of user accounts
    • Recertification of users
  • Standard IAM.cloud application roles
    • Identity Audit attestor
    • Company policy attestor
    • Identity Audit exception approver
    • Company policy supervisor
    • Company policy administrator
    • Identity Audit administrator
    • Chief approval team member
    • Report subscription administrator
    • Global Target system administrator
    • Company policy exception approver
    • Business role attestor
    • Identity Audit rule supervisor
    • Organization data attestor
    • Source data administrator
    • Organization data administrator
    • Business roles administrator
    • Employee data administrator
    • Compliance & Security Officer
    • Global Target system configurator
    • Auditor
    • Portal request attestor
    • Recertifier of external users
  • Standard password management
    • Authorization via access code or existing password
    • Password reset question and answer management
    • Password change for all connected target systems
  • Standard role classes for the composition of roles for authorization and access assignment
    • cloud account provisioning
    • Projects
    • Birthright rollers
    • Functions
    • Positions
  • Interface: Source data
    • Standardized CSV format for identities, departments, cost centers, locations and functions
    • CSV files can be uploaded individually to the customer environment via PowerShell
    • CSV files can be uploaded manually via the IAM customer portal
  • Interface: Active Directory
    • automatic connection of a OnePrem Active Directory via IAM.cloud Gateway
    • Standard Account Life Cycle
    • Automatic provisioning of Active Directory groups for ordering in the portal
  • Interface: Microsoft Exchange
    • automatic connection of a OnePrem Microsoft Exchange via IAM.cloud Gateway
    • Standard Mailbox Life Cycle
    • Automatic provision of distribution groups for ordering in the portal
  • Interface: Azure Active Directory
    • automatic connection of an Azure Active Directory tenant
    • Standard Account Life Cycle
  • Interface: Microsoft Exchange Online
    • automatic connection of a Microsoft Exchange Online tenant
    • Standard Mailbox Life Cycle
  • ReST Service
    • central ReST service for customer data processing by means of
      • Scripting (Powershell, Bash)
      • custom software development
    • central ReST service as a target for existing solutions at the customer's site
      • IT Service Management (Cherwell, Service Now, Jira)
      • customer relation management
      • Recruiting Systems
      • alternative HCM solutions and in-house developments
  • central adjustment of parameters for configuration
    • Attestation
      • Peer Group Analysis
        • ApprovalThreshold
        • IncludeManager
        • IncludePrimaryDepartment
        • IncludeSecondaryDepartment
      • PersonToAttestNoDecide
    • Audit Trail
      • LifeTime
    • life cycle
      • Department
        • CleanupLifeTime
        • ReceipientAddress
      • Employee
        • ApproveNewExternalUsers
        • BlacklistBlockingDuration
        • CleanupLifeTime
        • GeneralBlockingDuration
        • naming convention
          • Central user account
          • E-mail address
          • Initials
        • ReminderInterval
      • Location
        • CleanupLifeTime
        • ReceipientAddress
      • Request & Fullfillment
        • AutoQualified
        • GapDefinition
        • GapFitting
        • Peer Group Analysis
          • ApprovalThreshold
          • CheckCrossfunctionalAssignment
          • IncludeManager
          • IncludePrimaryDepartment
          • IncludeSecondaryDepartment
        • PersonInsertedNoDecide
        • PersonInsertedNoDecideCompliance
        • PersonOrderedNoDecide
        • PersonOrderedNoDecideCompliance
        • ReuseDecision
        • ShoppingCartPattern
        • ValidityWarning
      • System Configuration
        • DefaultCulture
        • DefaultMailDomain
        • IgnoreHoliday
        • IgnoreWeekend
        • QueryAnswerDefinitions
        • QueryAnswerRequests
        • Schedules
      • Target System
        • DefaultAddress
        • PersonExcludeList
      • Central configuration of the connected and connected target systems
      • Central overview and administration of source system information
      • Uniform IAM.cloud design
      • Standard portal for end users
      • Standard portal for password management

Release 21.04.00.01 (Version 1.0 - Hotfix 1)


  • Activation of the Patch Management Module in the installation script
  • Security updates in the IAM.cloud Gateway installation script
    • Encryption of dedicated values
    • Use of IAM.cloud application roles for authentication
  • Update of infrastructure components
    • Ingress Nginx: 0.44.0 -> 0.45.0
    • SQL Server 2019: CU9 -> CU10
    • Ingress CertManager: 1.2.0 -> 1.3.1
  • OneIdentity Hotfix 34183 - "Upgrade of swagger-ui-dist breaks compilation".
  • Standard IAM.cloud application roles
    • cloud administrator
  • Standard roles for authorization and access assignment
    • Birthright rollers
      • all internal
      • all external
      • all administrators
  • Interface: Source data
    • Enhancement of the output of warnings for unresolvable references
    • Support of hierarchical location data via location types
  • Central overview and administration of source system information
    • Additional output of details in case of error


Release 21.04.00.02 (Version 1.0 - Hotfix 2)


  • Fixed an issue that the IPG specific Ingress configuration is overwritten with the Ingress Nginx update 0.44.0 -> 0.45. This did not affect new environments but only existing environments which were patched.
  • no changes
  • no changes
  • no changes

Release 21.04.00.03 (Version 1.0 - Hotfix 3)


  • Fixed the problem that the configuration parameter PasswordResetToken is replaced by plain text in the update.
  • DB Backup filename additionally contains the whole timestamp, so that several backups per day are possible.
  • cloud modules are only updated if a new version is available.
  • Infrastructure update is now also performed at parameter "-update
  • the unique customer instance ID is now stored as Kubernetes Secret
  • various optimizations of the IPG patch module
  • Config file is now stored as multi-line JSON instead of PSObject in Azure Key Vault
  • improved output of error messages during infrastructure update
  • Troubleshooting when configuring the AKS Maintenance Plan
  • Troubleshooting if /tmp/oneim is not present on the InstallPod (e.g. after container reboot or cluster upgrade)
  • Patch to add the value "GATEWAY_SERVERNAME" to the OneIM Secret to start the new OneIM Jobserver Windows Container
  • Upgrade to AKS Version 1.19.11
  • Performance optimizations of various SQL configuration parameters
  • Deployment of the new OneIM Jobserver Windows Container to enable Exchange Online synchronization
  • no changes