IDM

What’s new

Maintenance releases

ForgeRock maintenance releases contain a collection of fixes and minor RFEs grouped together and released as part of our commitment to support our customers.

IDM 7.4.2 is the latest release targeted for IDM 7.4 deployments and can be downloaded from the Backstage Download Center.

You can deploy the release as an initial deployment or as an update from an existing 7.4.x deployment. Learn more about updating from 7.4.x in Update to a maintenance release.

IDM 7.4.2 features

Secure RCS access

You can create stricter RCS authorization and access rules. To enable authorization for RCS, add an appropriate role to the static-user mapping used for the RCS subject and write the appropriate access rules to permit this role to be granted access to the openicf servlet on the path (pattern) corresponding to the RCS name used in the RCS configuration.

Learn more in Secure RCS access.

Array comparison

You can choose how synchronization detects managed object array changes using unordered or ordered comparison using the configuration property comparison in the schema. Unordered JSON array comparison ignores the order of elements and can negate the need for certain custom scripts within mappings.

Learn more about managed object schema properties and array comparison.

_api parameter requires authorization

Requests passing the _api parameter now require authorization. Learn more in Common REST.

Jetty 12 support

The embedded Jetty web server supports Jetty 12.

Java 17 support

This IDM release requires Java 17. Learn more in Embedded Jetty configuration.

IDM 7.4.1 features

  • The Flowable embedded workflow engine has been upgraded to version 6.8.0.

  • End user UI supports array properties.

  • SalesForce connector supports client_credentials and refresh_token grant types.

IDM 7.4.0 features

Filesystem secret stores

You can now configure secret stores to use filesystem secret stores. Filesystem secret stores use a directory containing many files, each storing a single secret. For more information, refer to Filesystem secret stores.

Microsoft Graph API email client

In addition to the SMTP client, you can now configure the outbound email service to use the new MS Graph API Client.

Use of the new email client requires a properly configured Microsoft Azure tenant.

For more information, refer to Outbound email.

Additional metrics

New metrics are available for livesync and scheduler functions. For example requests, refer to Scheduler metrics.

Script support for countOnly queries

Queries within scripts now support the _countOnly parameter.

mTLS for authentication to DS

If you’re using IDM with a DS repository, ForgeRock recommends using mTLS to authenticate to DS to better facilitate credential rotation. Refer to Configure mTLS.

Security advisories

ForgeRock issues security advisories in collaboration with our customers and the open source community to address any security vulnerabilities transparently and rapidly. ForgeRock’s security advisory policy governs the process on how security issues are submitted, received, and evaluated as well as the timeline for the issuance of security advisories and patches.

For details of all the security advisories across ForgeRock products, refer to Security Advisories in the Knowledge Base library.