Release Notes

As cloud updates become available to all users upon release, the current version is the only version available. Delinea periodically updates Account Lifecycle Manager as we introduce additional features, and provide fixes and improvements. This article tracks those changes.

Account Lifecycle Manager: Change Log

 

Update Notes
May 2024 improvement: Added the ability to update a Managed Account's End Of Life Date if all account owners have been disabled. This setting can be found under the Ownership tab of the Workflow template.
improvement: Added a setting on the ALM AD sync to only update ALM Users on sync. When enabled, this will not create new ALM users on sync. This can't be used in conjunction with JIT user-creation, so users are only created at login.
fix: Fixed account prefixes not being applied to service account names.
February 2024 improvement: The account Description can now be edited when renewing a Managed Account.
improvement: Audit records now display the old and new values for fields in the Audit Details page. The Audit list page now shows a searchable Notes column that lists the fields that were modified.
improvement: Managed Accounts no longer create audit records when checking the Active Directory account status if there are no changes.
improvement: Upgraded the ALM platform to Angular 17 and .NET 8.0
fix: Fixed security vulnerabilities in Docker Compose and the Docker image used by SQL Server.
fix: Deprecated the Engine configuration website.
May 2023 improvement: Submitting a request is more intuitive. Required fields are indicated by an asterisk (*) and draft requests are indicated by "Not started," indicating that approval is not yet pending.
fix: Resolved an issue where the domain sync fails when the ALM Engine does not have permission to access the distinguishedName property of an Organizational Unit.
fix: Fixed an issue with bulk renew. The Account Owner role has access to Start Bulk Renew and can bulk renew service accounts ready to be renewed.
fix: An issue with setting up a Secret Server vault through the ALM engine has been resolved.
September 2022 fix: Resolved an issue that prohibited groups from being added when creating an AWS request with a template.
fix: Delinea branding is now applied in the New Synced User Welcome email template.
fix: Resolved an issue where the Everyone group was being removed from built-in roles.
fix: Resolved an issue that cause a workflow group to be deleted from the previous template when creating a new template.
August 2022 fix: Resolved an issue that inhibited the display of menu items in the left navigation panel for browser language settings other than English. Menu items now correctly display for any language setting.
fix: Fixed an issue preventing the ALM self-hosted version from loading the UI.

fix: Fixed an issue where accounts that have been removed from a LDAP or AzureAD domain were mistakenly included in an email alerting system administrators to accounts created without using ALM after each domain sync.

Going forward, domains must be manually synced if they are not regularly scheduled.

May 2022 improvement: The visual appearance and functionality of the UI has been updated to represent our Delinea company brand.
improvement: For ease of referencing, the user experience for Amazon Web Services (AWS) now combines all AWS resources into a single Resources tab on the Domains page. The new Resources tab includes information for users, groups, and policies.
improvement: To streamline account management, account migration, renewal, and discovery are accessed from the accounts Home page.
improvement: Bulk Renew allows multiple accounts to be selected and renewed in one action.
improvement: Added ability to dynamically add trusted origins for fixing CORS-related issues upon request. Speak with a Delinea support or sales representative and your origin will be added to the list of trusted origins.
fix: Fixed an issue where accounts were being deleted with an AD domain sync.
February 2022 improvement: When there are more than 10 external group completion items in a sync, they are now combined into a single auditing entry into the audit database table.
fix: Resolved the issue with Workflow Template migration not working for discovered ALM accounts.
fix: Resolved the issue of not being able to set the AD attribute msTSExpireDate.
fix: Fixed an issue that required a manual (second) sync after adding a new Secret Server Vault.
fix: Secrets for accounts in an external domain now successfully sync with a ManagedAccountSecret in ALM and create the secrets in the newly managed account.
fix: Worfklow Templates that included more than 15 Secret Server folders will now display all folders on the requests screen.
January 2022 improvement: Overall performance improvements of the application through various back-end enhancement and fixes.
improvement: Usability improvement, providing an increased data range display for managed account history. The data range is configurable to meet individual business needs. Default: 90 days, min/max setting: Today/Show All.
fix: Corrected an issue where the account URL on an email template incorrectly showed all managed accounts.
December 2021 feature: Added the ability to sort and filter Managed Accounts by Workflow Template. Additionally, a Report displaying all Managed accounts is now added.
improvement: Updated the User page to allow unlinking an Active Directory or Azure Active Directory domain from an ALM User.
fix: Validation no longer fails when attributes are defined as read-only on the template.
fix: An issue is resolved for accounts not renewing when the account name is set incorrectly through the API. This affected accounts with an updated name in the format accountname@domain.com.
fix: When defining a Workflow Template for SAP, folders now display correctly.
fix: An issue with the Renew button not being enabled immediately after an end of lifecycle event is addressed.
November 2021 feature: Google Cloud Platform Service Account Provisioning is now available in ALM. This gives ALM the ability to manage the lifecycle around GCP IAM service accounts, as well as assign roles and permissions.
improvement: A Delete button is added that allows the user to delete an existing SIEM configuration.
improvement: The Webhook URL field and Webhook Authorizations URL field no longer require HTTPS validation, however, the URL field cannot be blank.
fix: A nightly automated task is set to find any account that is stuck in the Retrying status and attempt to place it back into the appropriate actionable state. A bug existed in this logic that was accepting "Retrying" as an actionable state. This is fixed.
fix: The Accounts Missing Secrets report now only reports Managed accounts missing secrets.
fix: A bug was introduced that caused the nightly refresh of managed accounts to fail. This refresh updates ALM to match the Enabled/Lockout (where applicable) states, as well as account attributes that are being tracked by ALM to reflect the values present on the domain where the managed account resides. This is resolved with Patch 3.9.1 and the nightly refreshes are now working as expected.
October 2021 improvement: Using the Account Migration Wizard, the ability to update Active directory attributes directly on the accounts in AD is now available. Administrators can also move existing accounts to different workflow templates or between different versions of a template.
improvement: When accounts are added via Discovery, administrators receive email alerts.
improvement: When authenticating to AWS Secrets Manager using an EC2 instance, ALM does not need to store the credentials as Authentication is handled directly in AWS.

improvement: The Description field on Account Requests has been renamed to Account Description and is now required. The Justification/Reason field is no longer displayed for a Managed Account.

fix: Request rejected for accounts with longer than 20 characters in the name. This issue is resolved.
fix: Managed accounts now allow editing the secret after account creation.
September 2021 improvement: AWS IAM Account Provisioning adds the ability to provision and manage AWS Identity and Access Management (IAM) accounts and groups in ALM. Additionally, the ability to sync Users, Groups and Policies is available.
fix: Users are now able delete a managed account when they have the sys admin role directly or via group membership.
fix: When working with Managed Accounts, users no longer remain in the Retrying Status.
fix: The Audits page no longer generates an API error.
August 2021 improvement: Workflow Groups can now be assigned from the Groups page.
improvement: Added the ability to customize recipients for email templates.
improvement: Domains can now be permanently deleted.

fix: When saving a domain/vault sync, the time will now save correctly as UTC.

fix: A rare bug preventing LDAP synced accounts from being deleted or disabled is resolved.
fix: RegEx validation now prevents space characters from being added to the end of account names.
July 2021 improvement: Account Request forms now show the email addresses associated with the requester's ALM account.
improvement: On the Workflow Templates page, deprecated templates are now filtered by default.
improvement: On the users page, the role tab editing workflow is updated.
fix: On requests, a default secret folder is no longer selected in the case of folder override or multiple selected folders.
fix: Approvals now function as intended with ServiceNow authentication.
fix: A rare bug causing an "Access Denied" pop-up on the Approvals page has been resolved.
June 2021 Release 2 improvement: ALM now supports the latest version of SNOW (Paris).
fix: Fixed small, non-critical bugs for enhanced performance and user experience.
June 2021 Release 1 improvement: Updated Account Lifecycle Managers UI framework for an improved look and feel in the application.
feature: ALM now supports Azure AD role sync.
May 2021 feature: ALM now integrates with HashiCorp Vault.
April 2021 improvement: Minor enhancements and improvements.
March 2021 feature: ALM now integrates with Azure Key Vault and AWS Secrets Manager.
improvement: UI updates throughout ALM.
February 2021 feature: The Account Migration page allows administrators to change the workflow template, review interval, lifecycle end date, and owners of an existing service account.
improvement: Workflow templates include the option to hide the names of approvers from requesters.
improvement: Workflow templates include the option to allow a requester to choose sub-organization units within a designated folder.
improvement: Webhooks can now be tested from the Webhook Management page.
January 2021 feature: The SIEM integrations page allows administrators to integrate ALM with SIEM applications.
improvement: Updated UI for webhook authorization, workflow templates, account discovery, and custom HTTP headers.
improvement: Administrators can specify the maximum number of service account owners when creating a template.
December 2020 feature: The webhook authorization page allows administrators and users with webhook permissions to add authentication to webhooks.
improvement: Administrators and users with webhook permissions can add custom HTTP headers to webhooks.
improvement: When creating or editing an Active Directory template, administrators can restrict users from changing passwords.
improvement: When creating a workflow template, administrators can define a regex check on Service Account names.
improvement: When a Secret Server vault sync is run, ALM will search for managed accounts without a SecretID.
November 2020 improvement: Updated UI for managing Roles in ALM.
improvement: Account rejection explanation appears on the Request details page.
improvement: Requestors can specify a reason for requesting an account renewal.
fix: The configuration tab on a Managed Account now updates and reloads automatically after updating a SecretID.
October 2020

First general availability release of ALM Self-Hosted.

September 2020

feature: ServiceNow Requests - ALM’s ServiceNow integration will now support submitting ALM Requests via ServiceNow. This update presents the opportunity for users of ALM and ServiceNow to handle both the Requests and Approval process directly within ServiceNow. Requests can be made for Active Directory and AzureAD accounts.

Customers that already have the ALM ServiceNow application installed in ServiceNow must update to latest version.

feature: AzureAD Group Synchronization - ALM now has the ability select AzureAD Groups from a connected Azure Domain and have them synchronized with ALM. This allows the users to leverage existing AzureAD accounts for establishing the userbase for ALM. Any changes made in AzureAD for Groups enabled in the synchronization will automatically updated in ALM, upon the completion of the determined synchronization schedule.
August 2020 feature: Inbox - Provides in-app notifications within ALM. Inbox is comprised of three categories of notifications which allows a user to see notifications relevant to their Role and Accounts within ALM.
feature: ALM Engine Local Account Support - Support for the ALM Engine to allow for a local machine account to run the service.
feature: Orphaned Accounts - Set of controls to prevent accounts going without at least one active User or Group assigned as Account Owner.
July 2020 feature: Managed Account Dependencies - Ability for ALM to display the dependencies associated with managed accounts. This is pulled from the Secret Server secret into ALM during the Vault sync.
feature: Vault Sync - : Sync functionality updated to allow ad-hoc sync of the vault, as well as enable dependency synchronization.
improvement: Tool tips and assisting text added to UI to support aspects of gMSA Workflow Template configuration in ALM.
improvement: Dashboard page updated to provide more room for widgets.
June 2020 feature: Group Managed Service Accounts (gMSA) Support - A group Managed Service Account (gMSA) provides the same functionality within the domain but also extends that functionality over multiple servers. ALM adds support in the form of the ability to control the lifecycle of gMSA’s.
improvement: Reason Column on Approvals Table - Approvers are provided the account request reason directly in the Approvals table, for easier access and expedited review.
improvement: Renewal Status in Managed detail screen - To make it easier for Account Owners to view renewal request status, a link is added in the Account Status row for the ability to navigate from the Managed Account detail page to the request for further detail.
May 2020 beta feature: ServiceNow Integration - Ability to reject an ALM Request in ServiceNow. Note: New version of ServiceNow ALM app must be installed.
improvement: Added the ability to select rows to be displayed in any table in ALM.
April 2020

beta feature: ServiceNow Integration - Provides a integration to from ALM, to ServiceNow, for reviewing and approving requests made in ALM.

feature: EOL OU Retirement - For the use case of keeping Organization Units (OUs) organized and manageable, this feature offers the option to select which OU an account is sent to when ALM disables the account at the end of its determined lifecycle.
improvement: Webhook History - A tab in UI of the Webhooks pages allows Administrators and Users with the necessary permissions to view the activity history of a given webhook.
March 2020 feature: Azure Active Directory Support - ALM extends its directory service support to include Azure AD. This allows ALM to manage accounts located in Azure AD
feature: Onboarding Assistance - Users that are synced into ALM from Active Directory will receive an automated email to assist with onboarding the user to ALM.
February 2020

improvement: Left navigation menu styling update.

improvement: Update to the design and layout of the Group detail pages.

fix: ALM Engine UI configurator tool now launches after the ALM Engine installer finishes.

January 2020 feature: ALM Engine Configuration launches a local web page upon completion of the ALM Engine installer. The tool assists with testing the setup.
improvement: General application performance enhancements. Enhancements to the Audit log load time.
improvement: Update to the Managed Account feature which allows a permission set to allow Users with an assigned Custom Role to see all Managed Accounts in ALM.
December 2019 improvement: increased Secret Server support with DSV is now a vault option for managed accounts
improvement: syncing features improved via consolidation of formerly separate syncs to run as a single operation
improvement: new tool allows selection of a specific AD Group for its AD Accounts to be imported and then synced on a schedule
improvement: new built-in ALM Group “Everyone” includes all ALM Users; applies new built-in Role of “Account Owner” that lets users see their assigned accounts
improvement: the Remote Worker renamed ALM Engine for clarity; beta features previewed in November continue to be available in December as they mature
improvement: new UI detailing on Left Panel Wizards and certain detail pages creates more context and helps customers navigate
November 2019 improvement: the Active Directory Account Discovery tool now supports New Account Notification to help ensure all AD accounts benefit from ALM governance tools
improvement: new ALM Engine Calibration feature automates the determination of what ALM Engines have access to what Vaults and AD farms
improvement: tabbed interface for Vault Details page brings improved usability
a beta tool: a new tool for ALM Engine Configuration, intended to streamline the processes related to setting up ALM Engines, is accessible in this update
October 2019 improvement: new Active Directory Account Discovery tool supports bringing any or all service accounts under the management of ALM
improvement: System Administrators can select the frequency at which domains automatically sync with ALM, plus commit on-demand sync
improvement: Workflow Templates let System Administrators define account name prefixes to conform accounts provisioned by ALM to naming conventions
improvement: better audit logging performance helps organizations with high audit log volumes
improvement: enhanced external AD sync performance benefits organizations with larger AD installations
improvement: improved table designs: new row hover highlighting, more obvious labeling when column sorting is available, and stationary header row during scrolling
improvement: the design of ALM modules appears more uniform across the application
improvement: icons used within ALM feature more effective designs
improvement: the Workflow Template Wizard has an improved visual design
August 2019 first General Availability release