Access Assurance Suite (AAS)

December 2020

Version: 9.3.1

Dec 18 2020

Access Assurance Suite Enhancements
  • The Access Assurance Suite includes support for Microsoft Edge browser.
  • The Initial Configuration Manager performs a valid access key check for each workflow.

  • The Initial Configuration Manager handles the Equal To (=) character in the SQL Password.

  • Initial Configuration Manager sets the Access Assurance Portal AD login user value in the database schema corectly.
Access Assurance Portal Enhancements
  • Access Assurance Portal service account specified in the Connection Client Configuration Wizard does not need to belong to the local administrator group. The service account does require Full Control permissions on the WebSocket folder.
  • In the Access Assurance Portal, the menu bar is updated to show a default icon (if not specified) for the new parent menu added.
  • In the Access Assurance Portal, the Parent Menu items in the menu bar can be rearranged as needed by assigning appropriate weights in the menu.xml file.
  • The Admin Manager menu item now opens Administration Manager with the Copy and Paste feature enabled.
  • The Password menu on the menu bar now includes a Profile Management menu item
  • The %Get LoggedInTargetName% and %Get LoggedInUniqueIDMacro% macros are updated to get the TargetID using the %Custom Macro.SQL.GlobalConfigValues.ActiveDirectoryTargetID% macro.
  • The menu bar in the Access Assurance Portal is updated to show the large logo correctly.
  • The menu bar in the Access Assurance Portal correctly shows long menu names.
The Data Management Feature Enhancements
  • Data Management improved the performance of collection rule execution when more than 100k records are collected.

  • The Identity Mapping process is updated to not execute disabled rules.

Enhancements to the Provisioning Platform
  • Custom Macro.JS.DerivedUsername macro in follwoing workflow are updated to get the TargetID using the %Custom Macro.SQL.GlobalConfigValues.ActiveDirectoryTargetID% macro

    • Automate_Add

    • Automate_Change

    • Automate_Conversion

    • Automate_Delete

    • Automate_Rehire

    • Automate_Terminate

    • XMLAOProvisioning

  • Upgraded jQuery Version to 3.5.1 to enhance the security.

  • Identity Map screen in workflow is updated to show Select All/Deselect All buttons, which will allow users to select/deselect all the identities on the visible page.

  • Updated Profile Management workflow summary page to show a correct message when the profile registration fails.

Core Compliance Enhancements
  • Manage Certification review cycle page user interface was updated to be more intuitive perform better.

  • My Certifications list page:
    • Summary bar is improved to present overall certification review cycle information.

    • “% Complete” column is renamed to “Progress” and includes a progress bar as well as the percent complete.

    • More flexible column sorting and filtering.
  • Review Cycle page:
    • A back button added to return to the list of certifications.
    • A new Progress bar is introduced for the end-user to view the status of the review cycle and to filter the current decision status with a single click.
    • More flexible column sorting and filtering.
    • Bulk comment functionality is introduced for any decisions that require a comment.
    • Actions column is replaced with the menu-based selection for per row decision selection.
    • New approach for detail view:
      • Detail view is displayed in a popup window with decision buttons available.
      • Detail view is configurable in the ‘CustomUserControlConfiguration’ column in the CertificationTypeDetailView table.
    • A Preferences button is added to select the columns to hide in the review cycle display.
    • A new macro “Restrictions.Access Certification Reassignee Profile Search” is added to restrict the profile search the reassignee.
    • The functionality supplied by the previous Expand All\Collapse All buttons is now available in a single button that toggles between Expand All and Collapse All.
  • The old interface is accessible if needed, change the global config value for “ShowOldMyCertificationPage” to true in Global Options.
Core Access Enhancements
  • Manage Access improvements include:
    • Available and Current access panels display long entitlement descriptions better.
    • Current Access panel modified to stop showing unnecessary paging.
  • Approve and View Requests improvements include:
    • Search Filters are updated to perform a search as search parameters are entered. There is no need to click on the Search icon..
    • Global Config value "AllowAttributeValueEditingOnApproval" is now being honored. An approver can modify the entitlement's attribute value depends on the setting.

  • Some stored procedures are updated to align consistent data sizes with the database schema.

Other Fixes
  • AAS resolved potential vulnerability associated with responses exposing software version numbers.

September 2020

Version: 9.3

Sept 16, 2020

New Features
  • The data collection process is now configurable using a newly designed user interface that enables administrators to control and automate data collection procedures. In addition, the data collection process has also been extended to synchronize the compliance review tables with the newly collected data, such that a compliance review can be initiated any time.

  • The AAS data collection process contains a new high-performance data collector. In addition, new collectors for Office 365, CSV, SQL Exchange 2013, and Workday are integrated into AAS.

  • Improved and automated installation process reduces the time and reduces potential errors associated with manual deployments. All required AAS software components install automatically to enable the first AAS login.

  • A new tool enables administrators to access and update specific sets of database tables with the user interface instead of accessing the database directly. Modifications are tracked with an integrated logging feature.

  • All AAS users are provided with a dashboard landing page. This initial page contains quick links for easy navigation to frequently used sections and performance-indicating charts can be enabled to provide at-a-glance information about the system.

  • Reporting for AAS is enhanced by integration with HelpSystems Insite and Insite Analytics products. A free license for specific use in conjunction with AAS reporting is included.
  • AAS now contains deployment support to private cloud instances within Amazon Web Services (AWS). AAS components must share space along with the target systems in the same environment either together on-premise or in an AWS private cloud environment.

  • The AAS suite supports Microsoft Windows Server 2019 and Microsoft SQL Server 2017 and 2019, enabling administrators to maintain server environments with the latest versions of Microsoft products.
Enhancements
  • New Login page to the Access Assurance Portal.

  • The menu style has been changed to a pop-out style that remains present on the side bar.

  • Access Assurance portal now has a global config: “PortalUserDisplayNameFormat” to configure the format to display names of users.

  • View My Request page provides the Admin and requesting user the ability to cancel request if approval is not processed.

  • Approve Requests and View My Requests have an enhanced filter mechanism to provide better search results.

  • A daily scheduler job added to the suite pushes the compliance data for following review cycle from the production table to the certification table.

  • Access Assurance Portal pages re-written and enhanced for better performance include:

    • ARM Delegate Privileges

    • Manage Identity Map

    • Data Security

    • Email templates

    • Global Options

    • Macros

  • A set of workflow templates are included in the suite to assist admins getting AAS up and running

  • A set of configurable Email templates has been provided and updated for use.

  • Custom Macros have been modified and a new macro VBS.Is AD Portal Admin has been added to AAS 9.3

  • There is a new dynamic community: Portal Admins added in 9.3.

  • Eight new Global Options have been added. For details, see the AAS 9.3 Readme.

Other Fixes
  • AAS branding has been updated to reflect Core Security as a HelpSystems company.
Version: 9.2.2
Access Assurance Portal Enhancements
  • The login process is updated to work correctly when the Forget Password link is configured on the login page.
  • User Display name format - The access Assurance portal now has a global config “PortalUserDisplayNameFormat” which is used to configures the format to display names of users.
  • The Access Assurance Portal menu is enhanced to show menu in the pop-out menu style.
  • The Default Menu Items examples text file is updated with correct URLs.
Identity Mapping Solution Enhancements
  • If the staging table does not have a TargetID column, choose any column name and mapping will use that column as TargetID.
Enhancements to the Provisioning Platform
  • Administration Manager:
    • Updated to display correct Help Text icons.
    • Shows the Search field box for macro selection popup on the Google Chrome browser.
    • Password dictionary check now supports additional symbols replacement:
      @=a, !=l, 8=b, !=i, (=c, 6=d, #=f, 9=g, #=h, <=k, 9=q, 5=s, +=t, >=v, <=v, %=x, ?=y
  • Custom Macro.JS.IdentityMap.Restriction macro in XMLAOProvisioning workflow is updated to pick the user account correctly if multiple accounts exist on the same target for a profile.
  • Workflows now handle the attributes of NVARCHAR(max) and allow users to modify the value.
  • The client IP address is logged correctly when a load balancer is used.
Core Compliance Enhancements
  • The user interface was updated to be more intuitive and better performing.
  • My Certifications list page:
    • Summary bar is improved to present overall certification review cycle information.
    • “% Complete” column is renamed to “Progress” and includes a progress bar as well as the percent complete.
    • More flexible column sorting and filtering.
  • Review Cycle page:
    • A back button added to return to the list of certifications.
    • A new Progress bar is introduced for the end-user to view the status of the review cycle and to filter the current decision status with a single click.
    • More flexible column sorting and filtering.
    • Bulk comment functionality is introduced for any decisions that require a comment.
    • Actions column is replaced with the menu-based selection for per row decision selection.
    • New approach for detail view:
      • Detail view is displayed in a popup window with decision buttons available.
      • Detail view is configurable in the ‘CustomUserControlConfiguration’ column in the CertificationTypeDetailView table.
    • A Preferences button is added to select the columns to hide in the review cycle display.
    • A new macro “Restrictions.Access Certification Reassignee Profile Search” is added to restrict the profile search the reassignee.
    • The functionality supplied by the previous Expand All\Collapse All buttons is now available in a single button that toggles between Expand All and Collapse All.
  • The old interface is accessible if needed, change the global config value for “ShowOldMyCertificationPage” to true in Global Options.
Core Access Enhancements
  • Manage Access improvements:
    • Users search panel shows vertical scroll bar works correctly on Microsoft Internet Explorer 11 browser.
    • Selected access panels minimize automatically upon request submission.
    • Advanced search functionality is updated to support CustomAttrStr and other attributes from vw_Profile sql view.
    • The dropdown entitlements are parsed correctly when there is a space in the value.
    • Tag, Intelligent Modelling, and Categories list on Select Filters panel font size is increased for better user experience.
    • The request creation process is updated to not create a duplicate request of the roles\entitlements which are already assigned.
    • Categories and Tags are filtered based on the access present in the Available Access panel.
    • Manage Access page is modified to show Available Access panel and Current Access panel correctly on Microsoft Internet Explorer 11 and Google Chrome browser.
  • Approve and View Requests improvements:
    • Shows RequestID and Requester attribute for each request.
    • By default, shows the list of entitlements without the user having to click on show button.
    • A new option of “View all requests as administrator” is added on the View Request page to show all the requests. This option is only available for admin users who are part of ARM Admins community.
    • An admin and a requester can cancel a request if the approval is not processed on view request page.
    • When there is no request to approve or deny, the Approve All & Deny All buttons are disabled on approve request page.
    • Enhanced with a new filter mechanism to narrow down the search.
  • Courion Request Service:
    • The Courion Request service is updated to pick the request as per the “SleepTime.InSeconds” configuration.

 

December 2019

Version: 9.2.1
Access Assurance Suite Enhancements
  • Access Assurance Suite uses JQuery 3.3.1 and Bootstrap 4.3.1 to minimize the risk of several vulnerabilities. Security fixes added to minimize the risk of web server vulnerabilities like cross-site scripting, content sniffing and external service interactions.

  • The size of SourceIPAddress and workflow columns in the Ticketing table schema is increased.

  • New column ‘RetryCount’ added in Notification Table.

  • Microsoft SQL Server 2017 and 2019 support.

  • Microsoft Windows Server edition 2019 support.

  • Support for the Transparent Synchronization Listener for Windows and the Password Management Module and Connector for Microsoft Active Directory when using Windows Server 2019 Domain Controllers.

Enhancements to the Provisioning Platform
  • Hide Auth Step 1 functionality works correctly when workflow is launched from a web server that is on a different server than application server.
  • Courion-ADAttributeTrigger-1.0 connector is enhanced to include Domain Controller in the target configuration.
  • Enable User Utility is modified to get and display the correct list of disabled users after clicking on Get List button.
  • Workflow page header bar now displays consistently.
  • Branding changes – All workflows show the product name as “Core Access Assurance Suite” on the User Authentication screen.
  • Configuration of Transaction Repository in Microsoft-ADO-3.0 connector is fixed to not show “The provider you chose was not 'Microsoft OLEDB Provider for SQL Server.' Return to the Data Link page and choose the proper provider.” warning message.
  • Password Reset workflow shows space between word name as ‘Verify’ and label ‘Password’.
  • ENABLE ENHANCED LOGGING configuration option on PMM for Microsoft Active Directory Target configuration screen now honors the setting and logs detail logging statements in log file.
  • Workflow Auth Step 1 page is updated to display correct Help Text icons for modern interface.
  • All Baseline workflows are modified to cache the static macros to improve performance.
Access Assurance Portal Enhancements
  • The Windows Authentication feature works correctly and no longer shows the message “Your Username or password is incorrect”.
  • Portal authentication supports use of HTML reserved characters like “<”, “>” in the password field.
  • The menu bar of Access Assurance Portal now remains expanded as default behavior.
  • New menu “Reports” with sub menu item “Connect to Insite” is added to the Menu Bar.
Core Compliance Enhancements
  • Scheduled activation of the certification review cycle is fixed to trigger at 00:00 AM.
Core Access Enhancements
  • Approval process handles “Profile Request” correctly.
  • XMLAO Provisioning for Access Requests honors the Automated / Close Loop for the requested entitlement.
  • Approve Request page is corrected to handle the delegated approval requests.
  • Performance Improvements – Manage Access and Manage Access Catalog page is improved to handle large amount of data in-terms of User Profile, Entitlements and Roles.
  • Custom image added in the Menu bar displays correctly in the chrome browser.
  • Pagination on Manage Access is improved.
  • Manage Access – Users Panel shows vertical scroll bar to accommodate user selection beyond the panel display limit.
  • Manage Access page is modified to visible correctly on Google Chrome Update 76 browser.
  • Approval request is showing clear differentiation in access Add / Remove requests, added indication tag which helps approvers to differentiate between Add / Remove requests.
  • Admin Delegation functionality is fixed, an ARM Admin can delegate privileges and approvals on behalf of any user.
  • Users who are designated as approvers can see Approval page and perform approval process correctly.
  • Manage Access page is modified to show Entitlement description.
  • Approval request is modified to show the Entitlement count correctly for the Role Definition request.
  • Intelligent Modelling feature is modified to not show disabled users.
  • Showing Role Shared Count on Manage Access page is now configurable, new global config value named “ManageAccess.Display.RoleShare.Count” is added in Global Configuration. By default, the config value is set to “false” (do not show count).
  • Showing Role Shared Count on Manage Access page is now configurable, new global config value named “ManageAccess.Display.RoleShare.Count” is added in Global Configuration. By default, the config value is set to “false” (do not show count).
  • Search boxes on Manage Access page are fixed to trim leading and trailing spaces in search string.
  • Access request submission is fixed to populate the UserName into SubRequestItem table.
  • Request Approval process is fixed to accept Approval Comments.
  • Manage Access page is modified to show Available Access panel and Current Access panel correctly.
  • Search functionality on Manage Access – Select Filters panel is improved, now user can search for any filter string and filtered result is available to apply filter. To clear the filter, Cross button is provided which will clear the search string and refresh the filter list.
  • Tags functionality is improved to show Tags associated with the Available Accesses after selection of user from Intelligent Modelling.
  • For delegated approvals Core Access tracks the name of the Acting Approver and this helps the auditing process.
  • Category filter selection is modified and now users can select only one Category at a time to filter out the data.
  • Paging is improved on Manage Access page to show exact count of accesses present in the grid.
  • Loading icon is added on Manage Access page for adding / removing user to request.
  • Notification Service is improved to not send multiple emails in case of failed delivery of the email.
Other Fixes
  • The SQL.ApprovalsCheck.Logged In User, SQL.AccessApprovers.ApprovalsCount.Logged In User, IsApproveAsManagerDelegationAvailable, IsManagerRequestDelegationAvailable, Has Access Find Access By Intelligent Modeling, and Has Access Find Access By Entilements macros have been updated for this release.

 

Back to Core Security Products