4.1.5 July 17 2014 1. Adds debug information regarding the multiplexer certificate and chain validation. 4.1.6 1. Empty custom fields will now sync to onelogin. 2. Changes to custom fields no longer require restarting the ADC 4.2.0 July 29 2014 1. ADC will not require a restart to apply sync disabled users flag 2. ADC will sync the Manager, Title, ManagerGuid , Company, Department 3. Install informs user that localsystem account is not advisable for a multi-domain environment. 4.2.1 Aug 7 2914 1. user hash now uses ManagerGuid instead of manager dn 4.2.2 Aug 8 2014 1. user hash now uses title, department and company 4.2.3 Aug 29 2014 1. ping response contains current ADC profile ( active | passive) 2. after restart an event is posted to onelogin with debug informatino regarding the start process. ( which domains are loaded, workers, schema info, ip addresses) 3. support for a self restart added. 4. bypass ipv6 defaults. 4.2.4 Sep 9 2014 1. logs, and appdomain now setup in the programsdata folder instead of install folder 2. ADC can now change logging level remotly ( acceptable values are all, debug, info, warn, Error) 4.2.5 Sep 16 2014 1. Better response for check permissions. 2. account lockouttime count is reset on account unlock to accomidate a lower lockout threashold at the onelogin side. 4.2.6 Oct 15 2014 1 Memory consumption addressed. 4.2.7 Nov 6 2014 1 Prevent sync of users who have a manager dn but NO managerguid was populated 4.2.8 Nov 12 2014 1. To prevent partial memberof values being synced on user update, users will not be synced to onelogin until the group list have been retrieved from AD. 2. AD change notification will now include the computed user access value to prevent user status flip flop 4.2.9 Nov 25 2014 1. fixed a bug causing a 400 error while attempting to update the user schema. 2. install now versions the config files to avoid malformed xml 4.2.10 Dec 9 2014 1. digest now lowers email, samaccount and userprincipal name for comparison. 2. no longer listening to AD changes until we complete digest download. 4.2.11 Dec 17 2014 1. You can now configure which domains the ADC will sync during the install ( a new config wizard was added to the end of the install, and a user may launch it from the install folder ) 2. You can now configure weather or not the ADC will use the computed UserAccessControl attribute when assessing user status. 3. You can now configure weather or not to force a full sync even when there are users in the queue to be processed. 4. You can now configure the ratio of OL repo size and current queue size in determining if we should skip the full sync this cycle. 4.2.12 Feb 5 2015 1. ADC will not sync users who do not have the authenticating property populated. 2. ADC will now attempt to reestablish a connection to the DC when server is either busy or not available. 3. ADCConfig wizard a. now also explores domain level relationships instead of just forest. b. indicate exploration progress in the status bar c. checks file access rights to the config file. 4. installer auto populates adc token update 4.2.13 Feb 27 2015 1. Passive ADC which was flip flopped will no longer use memory for AD changes. 4.2.14 Mar 2 2015 1. Reset password should now return a more appropriate message for the failure when win32 reason exception is available 4.2.15 1. SSO Endpoint now supports the OPTIONS method ( enable client side sso endpoint fail-over feature) 2. Install should now remember the SSO endpoint port when using the MSI to upgrade. 4.2.16 7/1/2015 1. Fixed "port in use" error durring upgrade of an SSO enabled ADC 4.2.17 7/15/2015 1. synced users who encounter a 422 error will be added to an internal "do not sync" cache ( per hash ). users will be removed from that list when they sucsefully get saved to onelogin or when an admin clicks sync users from the admin ui. 4.2.18 7/20/2015 1. (stop gap ) common events will now only be sent to one login once per hour instead of on every event. ( PROV-675 ) 2. tpken and version in every api call 4.3.0 1. security group filter support added ( AND condition with OUS ) 2. kerberos support as sso node 3. installer will update config file listen url protocol to https when 443 is set to be the port. 4. 2 status methods 5. status debug data 6. installer will offer to create service account 7. installer will prompt for 8. adc can now autoupload logs to s3 when regex matches are met. 9. when provisioning memberof can now contains several groups ( separated by ; ) 10 missing security groups in memberof property while provisioning will be created in AD 4.3.1 1. removed kerberos support as sso node. 5.0.0 3/9/2016 1. Installer should now correctly assign connection urls (us/eu//v4/v5) 2. SSO endpoint now defaults to ntlm, a configuration entry can be made to have it respond with negotiate in which case the ADC will attempt to automatically add the SPN. 3. Fixed issue that happens if the user manually stops the ADC, the stop event is not generated 5.0.2 1. ADC now keeps an internal timestamp for each user in the sync process to prevent stale data making it to OL 2. User update logging should now contain an origin for the change causing this update ( objectchanged | full sync) 3. Syncing unsupported datatypes of custom attributes would cause the adc to error and not send the user over - ONPREM-2 4. Changes to the security groups in the wizard will now prompt to restart the ADC service if changes are made. ONPREM-138 5. Primary groups will now get synced to OL ONLY if a IncludePrimaryGroup config entry is supplied in the config OR sent via rails configuration#show. ONPREM-229 6. auth request , password change , password reset and set user status requests will not log the request data - ONPREM-228 5.0.4 12/19/2016 1. fixed config settings application on first run 2. attributes are now case aware ( ONPREM-303 ) 3. Machine name value included in the status and health reports 4. project files now pull aws dlls from nuget 5.0.5 1/8/2017 1. Added DE shard to the installer 5.0.6 1/30/2017 1. delete and delete candidate will now contain a reason for the deletion ( user out of US scope, user out of Security group scope) 5.0.8 4/20/2017 1. Auth, reset password and change password commands now identify the user by DN rather than the OL auth attribute (DIRECTORY-1474) 5.0.9 4/25/2017 1. ADC now sets default tls to 1.2 on start 2. Support for Edge with Desktop SSO (PORTAL-812) 5.0.10 10/18/17 1. Advanced Directory Attribute and Decorating Directory support added (DIRECTORY-2298) 5.0.11 11/9/17 1. Build is now targeting 64bit 2. Fixed null reference error 3. Configutation tool now updates both the service config and the console config 5.0.12 12/17/17 1. Fixing missing external id error when user is added to interal user repository 5.0.13 12/18/17 1. Adding setting to disable the process of finding a user's manager 5.0.14 12/19/17 1. Adding diagnostic data to directory request timeouts 5.0.15 1/19/18 1. Fixed issue with supermux connection disconnecting and not recovering - leading to authentication request to fail over and "Disconnected" to appear in web interface 2. Added setting to put users on the queue during a full directory sync (QueueSyncUsers) 3. Added logging around how much time it takes to retrieve data from active directory 4. Added additional properties to handle directory query timeouts (SyncMaxRetries, SyncRetryDelay) 5.0.16 3/19/18 1. Added logging around failed command processing 2. Changed the way version details are stored 5.0.17 4/4/2018 1. Added fallback logic for searching for users by authentication attribute if DN search fails (DIRECTORY-2087) 2. Fixed race condition with reconnection logic (DIRECTORY-2774) 5.0.18 4/23/2018 1. Changed the way we download remote upgrade packages 2. Fixed issue if directory change notifications had been disabled, they would become reenabled the next configuration reload 3. Searching for Security Groups required a minimum of 3 characters to start the search, there is no longer a minimum. 5.0.19 4/29/2018 1. Fix to allow sync accross external to child domain two way trust without access to parent domain in the forest. 5.0.20 5/17/2018 1. Adding Windows Server 2008 R2 Support (Requires .Net 4.5.1) 2. Adding Remote upgrade from ADC verison 4 to 5 (Requires .Net 4.5.1) 3. Fix remote upgrade error introduced after 5.0.15 5.0.21 5/31/2018 1. Adding a new setting called "PinnedCertificateHash" which allows administrators to pin to specific certificate. The specficed hash should be the Thumbprint value shown in the Windows certificate tool. 2. Adding support for SHA1 hashes when creating user digests 3. Added better management of Active Directory LDAP connections 5.0.22 8/16/2018 1. Improving memory management for LDAP connection manager 5.0.25 9/7/2018 1. Improving user synchronization between OneLogin and AD 2. Fixing an isssue with LDAP connection manager when unable to obtain DNS host name of DC with NTDS 5.0.26 10/11/2018 1. Fixing an issue with the location of setspn.exe 2. Password Does Not Expire flag is not removed during AD provisioning updates 3. Fixing a issue with connection manager when there is an invalid domain or DC in a forest or cache files 4. Upgrading AWS SDK 5. Reducing log size when there are many disabled users in AD 6. Introducing Smart Log 5.0.27 11/12/2018 1. Fixing an issue with deleting a user from AD which was not reflected in OneLogin 5.0.28 12/5/2018 1. Forcing ADC to refetch user information from AD whenever ADC recieves a change notification in order to improve the synchronization process 2. Adding distinguished name to disassociated user events 3. Fixing an issue with the domain discovery operation in ADC 4. Fixing an issue with reset password flow when the new password is simple. 5.0.32 02/20/2019 1. Rewording ADC setup messages and prompts 2. Improving user synchronization process by checking missing manager GUIDs and digest changes before enqueuing 3. Fixing an issue with calculating digests for users with null custom attribute values in AD 4. Fixing a problem with creating a valid LDAP connection when DC is not available and .Net DC cache is invalid 5. Re-adding support for DCIP (a comma separated list of DC IPs with no space) 6. Fixing an issue with configuration security groups in ADC Wizard 7. Setting text encoding to unicode when generating digests for user synchronization 5.0.36 04/16/2019 1. Forcing ADC to reload configuration if there is any change for the login username attribute in OL 2. Fixed an issue with change notification module to resubscribe in unstable networks 3. Automatically granting of access to Deleted Objects Container to the current domain that the customer is logged in to install ADC. For other domains, it should be done manually. 4. Improved the performance of user synchronization process 5.0.41 07/25/2019 1. Implemented directory sync cookie for polling incremental changes 2. Added the calculation of user digests to the change notification module 3. Fixed an issue with the domain discovery module that causing a memory problem when there was any invalid domain in the domain cache files 4. Added batch processing for user synchronization 5.0.42 10/21/2019 1. Control the generation of disassociation events when required or correlation attributes are missing or removed. This only applies to advanced mappings. This feature is disabled by default. 2. We fixed an issue with nested cross domain universal groups. Now, when a change is made to a user, both the child and parent group are synced. 3. We added a virtual attribute that exposes the domain name and populates populates first and last names with default values, if no values are present. This feature is disabled by default. To enable this, add the following configuration variables to the configuration file. UserSyncDomainNameAsAttr: this specifies the domain name attribute. The default value is blank,so the domain name is not exposed. UserSyncDefaultFirstName: this specifies the default first name for missing first names. If we specify values, the ADC syncs users with missing first names. UserSyncDefaultLastName: same as above. UserSyncNetBiosNameAsAttr: this is attribute name for NT Domain name or the NetBiosName. 4. We now provide the appropriate error when a late bind object is null. 5. We added telemetry information to the ADC log. We also provide sync and health information in new separate log files (sync.log and healthreport.log). 6. We now support pinned certificate hash validation for ADC auto update. 5.0.44 02/20/2020 1. ADC can now resolve Distinguished Name (DN) from Windows user name, using User Principal Name, if it can't be resolved from Windows User Name directly. 2. When a user is synched and updated in quick succession, the ADC no longer leaks throttle, which resulted in failures. 3. The ADC worker now correctly initializes in large forests with large user bases. 5.0.45 05/26/2020 1. You can now import attributes with hexadecimal values into ADC. Previously, string and integer formats were the available options. 2. If the ADC is triggered to failover to another instance, it no longer leaks throttle. This fix prevents ADC failure during failover. The throttle is reset when you restart the ADC service. 3. TLS versions 1.1 and below are no longer supported by the ADC. 4. We improved the new user sync performance. User updates are now quickly synced between AD and OneLogin. 5.1.0 08/20/2020 1. You can import Groups from Workday into OneLogin, then export the same groups to Active Directory. This feature works alongside the existing Workday & Active Directory import mechanisms. It supports multiple values (Ex. Division, Office Address, Department), each as its own unique external group. Multiple external groups can be exported to one/multiple locations in the AD group hierarchy. Note: This feature is Early Preview, contact your account manager if you are interested in enabling this. 2. You can now import attributes with hexadecimal values into OneLogin using specific formats like GUID, Base64 and Hex by providing the specific format in a config variable. The config variable is now parsed for errors and retained during upgrades. 3. We removed the DE shard from the ADC installation flow. 4. You now see the complete ADC version in ADC logs. 5. We improved Health Report logging.