Base Engine Enhancements and Dependency Management
The Identity Manager 10 LTS update introduces critical improvements to handle dependency conflicts that arise from faster software development cycles. A new isolation type in the PowerShell component NAT4 allows external executables to run with their own dependencies without conflicting with Identity Manager's core dependencies. This addresses situations where applications called from PowerShell or other components require different dependency versions. Additionally, AWS Secrets Manager support has been implemented, enabling configuration options to be loaded from AWS secrets with configurable reload intervals. The system uses standard AWS SDK chain resolution when no region is specified, providing flexible credential management for cloud-integrated deployments.
Audit Architecture and SIEM Integration
Login and logout auditing has been completely re-architected, moving from a single table to separate storage locations in the new QBM login audit table. All audit messages can now be sent to syslog servers, with configurable retention periods for successful logins, failed logins, and logouts via the common journal login audit parameters. The SIEM integration has been significantly expanded with an increased number of predefined messages that are fully syslog-compatible. New triggers generate messages for DBQ operations, job queue operations, user account creation, and permission grants, all stored in the renamed QBM CEF message table with automated cleanup processes to prevent table bloat.
Developer Tools and Script Enhancements
Script development capabilities have been enhanced with the new hash A tag for referencing standalone assemblies with dependencies directly in scripts, complementing the existing hash R tag for NuGet packages. The database compiler now supports specifying solution folders for build operations and includes a cleanup after build parameter to automatically clear the assembly cache directory post-compilation. The system debugger has been upgraded to support testing and debugging of parameter sets, a capability previously unavailable. The object layer now supports multi-step resolving of foreign keys for display values, allowing traversal across multiple tables to build comprehensive display names, though this comes with potential performance implications for loading times.
Configuration Improvements and Security Features
Several ease-of-configuration enhancements have been introduced, including the ability to define value ranges with minimum and maximum values for numbered fields in custom properties. When values outside the defined range are entered, the system automatically limits them to the nearest boundary without generating error messages, which is particularly beneficial for automated processes. The customizer now prevents conflicting settings between log changes and no log flags on attributes. Multiline content fields support enforced carriage return and line feed formatting for Windows compatibility. Database connections in app settings.json can now be encrypted via an option in the app server installer. A significant usability improvement allows creating new related objects directly from parent object forms through configuration rather than requiring custom forms or hardcoded implementations.
