Version 6.1 Release Notes

Highlighted Features

NOTE: We've updated our hardware and software requirements. Refer to the hardware and software requirements section of this user's guide for the latest information and ensure your servers are set up properly.

Satisfy Audit and Regulatory Requirements with Filtered Reviews

If you haven't already been advised by auditors and examiners to do more frequent reviews of service accounts, vendor accounts, and admin accounts, you may be hearing those suggestions in the near future. Whether you receive those suggestions or not, we believe it's good practice to monitor higher-risk accounts more frequently to minimize potential risk.

With the new review filtering options, you can now filter your review to specific types of identity or user accounts. For instance, if you want to review admin users in Active Directory, you can create an Active Directory review and filter it to view only admin accounts.

The new filtering options allow you to filter by either matched Identity type or application user type (see picture below; click on the picture to enlarge it).

To create a review using the new filter options, refer to the Create a New Review section.

NOTE: Creating a filtered review based on application user type or Identity type is different than doing a review of users that have permissions associated with those types. For example, if you create a filtered review to include only users with a type of "Administrator," you might be missing people with an "Employee" type that also have administrative access based on their permissions. Filtered reviews are great for reviewing known accounts on a more frequent basis, but they may not catch situations where users have permissions they wouldn't normally have. For catching those types of situations, we recommend creating reviews based on permissions that are high risk.

All Features

Aside from the continual performance improvements and minor bug fixes provided with each release, the following features have been included with version 6.0:

Feature	Description
New keyboard navigation	Shout out to those who love keyboard navigation - this one's for you. You can now use your arrow keys to move up and down the list of Identities when reassigning an Identity.
Add notes to an application user	You can now add comments to an application user using the new "notes" feature. This feature lets you add brief descriptions or explanations that are specific to an application user. For example, if you have service accounts that reviewers aren't familiar with, you can add a description to clarify what the account is for and why it requires access to the application. During a review, the note is displayed directly below the user's name in the detail panel (see example below). For more information refer to Add a Note to an Application User
Customize your audit package report	When generating the Complete Audit Package, you now have the ability to select which reports are included in the audit package (see picture below).
New quick filter options	New quick filter options have been added to the following areas. Reviews List (Manage > Reviews) These new options now allow you to filter the list to show reviews in Draft, Open, Completed, Archived, or all statuses (see picture below). Managers List (Manage > Managers) Setting up and organizing defined managers is now easier with a new quick filter (see picture below). With the new quick filter, you can select the specific organizational units you'd like to see within the list. Change Management Taskboard (My Taskboards > Access Requests) New quick filters allow you to more easily find the access requests you want to work on. Filters allow for sorting by status, application, and more.
Creating filtered reviews	See a description in the Highlighted Features section above for more information.
Include the application user type in reports	The application user type has been added to several reports, including the Review Items flat file.
Print application instructions	If you have application owners or others generate your application reports, it's now much easier to send them instructions by email. To generate instructions, refer to the Print Application Instructions section for more information.
Caution when completing reviews with review items and access requests that haven't been completed	To prevent accidental completion of reviews, we've added a caution message to warn of outstanding review items or access requests that haven't been completed. If you try to complete a review that has outstanding review items or access requests, you'll now see an "Are you sure?" message to confirm (see picture below).
More detailed application user information	More detailed information such as job title, user principle name, distinguished name, token information, and more is now available within the application user's Info tab (see example below). The information displayed within this section varies depending on the application.
Enhanced application user to identity matching	Identity matching criteria has been enhanced to help in situations where application user names begin with numbers. If you have an application with user names such as 123ASmith, Permission Assist can now match those user names to an Identity more often.
Customize the number of import failures required before sending a notification	If you are signed up for application notifications, you'll receive an email when an application import fails. By default, the email is sent after 3 failed attempts. You can now customize the number of times an application import must fail before an email notification is sent. To change this setting, go the System Configuration > Applications area. For more information about application notifications refer to the Set up Application Alerts section.
Enhanced Premier provisioning instructions	Who enjoys looking up function numbers in the SCM manual? Seriously, who knows what CIS Function 09 Value B means? Modifying permissions within Fiserv Premier/Navigator can be complex, and even with a change that seems like it should be simple, it's easy to give unintended access. We make it easier with our new enhanced Premier provisioning instructions. The new provisioning instructions are available within the Provisioning tab of an access request (see picture below). The instructions within the Provisioning tab will walk you through the process of making the changes requested within the access request, warn you of unintended consequences of permission changes, and make possible suggestions for resolving those conflicts.

Important Plugin Updates

Plugin	Description
Microsoft	Several updates have been made to multiple Microsoft plugins, in order to better support a smooth and easy connection. These changes aren't visual changes, but they will help you import successfully. When updating this plugin, please restart the Sycorr Permission Assist Jobs Runner service on the Permission Assist server.