10Duke Enterprise release notes
Learn about new features, enhancements, and fixed issues in the most recent 10Duke Enterprise releases.
Release 5.6.2
Release date: November 8, 2024
10Duke Identity Management REST API 2.2.2
Bug fixes:
- Fixed an issue that could cause the query for a user’s TOTP credentials to fail.
10Duke Entitlement Management REST API 3.5.2
Bug fixes:
- Querying a user’s or device client’s available licenses or licenses in use now correctly returns information also on the total credit amount and the amount consumed also for use count and use time.
10Duke Login Application
Bug fixes:
- Minor fixes.
10Duke My Licenses
Enhancements:
- Minor internal improvements.
10Duke OrgAdmin
Enhancements:
- Updated UI translations to fully cover all supported languages.
Other changes
- Fixed an issue that caused the Graph API request to register a user to fail.
Release 5.6.1
Release date: October 24, 2024
The release includes minor security improvements. We recommend updating to this release.
10Duke Identity Management REST API 2.2.1
Bug fixes:
- Fixed the API reference documentation to remove the incorrect claim that the organization name should be unique.
10Duke Entitlement Management REST API 3.5.1
Bug fixes:
-
Fixed a backward compatibility issue related to license provisioning and updates no longer allowing zero or negative values as
quantity
in a transaction item. Whether this is allowed is now configurable in your deployment.By default, zero and negative values are not allowed. If needed, contact the 10Duke Integration Support team for a configuration change in your deployment.
-
Fixed an issue where retrieving the entitlements to which a group has access only returned a maximum of 10 entitlements. The limit has now been increased to 1000 entitlements.
10Duke Login Application
Bug fixes:
- Minor fixes.
10Duke My Licenses
Bug fixes:
- Minor fixes.
10Duke OrgAdmin
Bug fixes:
-
Fixed a page loading issue related to localized licensed item display names.
-
Other minor fixes.
Other changes
Enhancements:
- Performance improvements in license management and internal event sending.
Bug fixes:
-
Fixed an issue where the system allowed releasing a license reservation even if this was not allowed by the license model.
-
Attempting to release a license lease that has expired or has already been released now correctly returns an error.
If needed, the earlier behavior where this doesn’t result in an error can be restored with a configuration change. If needed, contact the 10Duke Integration Support team for a configuration change in your deployment.
-
Fixed an issue in the prioritization of licenses in license consumption, which could sometimes lead to unnecessarily using a new seat for a user who was already consuming a license.
-
Fixed an issue that caused a seat reservation to fail if the user was already consuming a seat from the license.
Release 5.6.0
Release date: September 25, 2024
The main enhancements introduced in this release:
-
10Duke My Licenses, a new UI tool for end users to view the licenses available to them.
-
Localization support for the display names of your licensed items. You define the translations in SysAdmin, and the translations are used in My Licenses and OrgAdmin, and can also be retrieved through 10Duke Entitlement Management REST API.
-
10Duke Entitlement Management REST API support for managing the activation codes used for license provisioning.
10Duke Identity Management REST API 2.2.1
Enhancements:
-
Clarified the documentation on how the account activation message sending is handled if the query parameter
activationMessage
is left unspecified or null:-
In the operation that only sends an account activation message, the system’s default account activation message is sent.
-
When creating a user, importing users to the system, or importing users to an organization, no account activation message is sent.
-
-
Added information on system limits to user queries. By default, you can retrieve users up to the limit of 5000 users, and you need to use values in the
offset
andlimit
parameters that don’t extend the query past this limit.
Bug fixes:
-
When the system’s default URL to the welcome page is being used in an invitation to a user or a device client (that is,
memberWelcomeUrl
is not provided in the API request), the default URL now automatically includes thenext
parameter containing the URL frominvitationCompletedUrl
if the request provides it. -
The email address provided when creating a user is now validated to remove any leading or trailing whitespace.
-
Fixed an issue where some operations returned a plain text error instead of a documented JSON error if the ID of the item was invalid.
10Duke Entitlement Management REST API 3.5.0
Enhancements:
-
You can now provide a user locale in the HTTP header parameter
locale
in the request, and when the response contains licensed item data,displayName
will contain the translation of the licensed item’s display name based on the given locale. See more information in the developer guide. -
New endpoints for managing activation codes used for provisioning licenses:
-
/organizations/{orgId}/license-activations
and/users/{userId}/license-activations
for retrieving information on license activations done by an organization or a user: the activation codes redeemed, and the license transactions that were created by redeeming the codes. -
/organizations/{orgId}/reseller-license-activations
for retrieving information on license activations done using activation codes associated with a reseller organization (through an activation code configuration in SysAdmin). -
/activation-codes/block
for blocking activation codes from use, and unblocking them. -
/activation-codes/transactions
for retrieving the license transaction that was created by redeeming a specified activation code. -
/activation-codes/status
retrieving the status of an activation code: whether the code has been blocked and whether it has been redeemed.
See the developer guide for more information on the tracking and maintenance related to license provisioning with activation codes.
-
Bug fixes:
-
Fixed the provisioning and updating of licenses for an organization or user to no longer allow setting a transaction item’s
quantity
value to zero or to a negative value. -
Fixed an issue where a user’s attempt to consume use count from a license failed on the second time.
-
Fixed an issue where retrieving the transaction for an organization or a user returned an empty transaction response if the provided external transaction ID was not found. An appropriate error response is now returned.
-
Fixed an issue where some operations returned a plain text error instead of a documented JSON error if the ID of the item was invalid.
10Duke Login Application
Enhancements:
-
An email address that is already being used as a user account’s recovery email address can now be set as the primary email address for a new or existing user account. In addition, recovery email addresses no longer need to be unique across user accounts in the system: the same recovery email address can be used in multiple user accounts.
-
New fields added in events: the
ForgotPasswordEmailSent
,ForgotPasswordReset
,UserMfaActivated
, andUserMfaDeactivate
events now have auserId
field, andForgotPasswordEmailSent
also has avalidFrom
field.
Bug fixes:
-
If the user’s session has been invalidated, the user can now log in again and is correctly redirected to what they were trying to access, instead of always being redirected to the profile page.
-
An error message is now shown if a user tries to activate their user account using an expired account activation code, or tries to reset their password using an expired password reset code.
10Duke My Licenses
10Duke My Licenses is a new web-based UI tool where the end users of your software applications can access information on the licenses available to them. My Licenses is an optional component that is purchased separately.
In My Licenses, an end user (a user in your B2B customer’s organization, or a B2C customer of yours) can view the organization licenses they are authorized to access, as well as their own personal licenses.
My Licenses provides a customizable view to license information such as the license status and validity, seats available and seat reservations, and current license usage. You can also customize the appearance of the UI to match your brand.
My Licenses is fully localizable and provides default UI text translations in 14 languages. My Licenses also supports the new licensed item translation feature introduced in this release.
10Duke SysAdmin
Enhancements:
-
In PRODUCT CONFIGURATION > Licensed items, you can now localize the display names of licensed items.
On a licensed item’s Details tab, there’s a new Manage localization button. This opens a side panel where you can add the display name translations. For each translation, you specify the locale it applies to.
The supported locales are based on your deployment configuration. If you need changes to which locales are supported in your deployment, contact the 10Duke Integration Support team.
-
When downloading an organization license token, providing a hardware ID is now only mandatory if the license’ license model anchors license sessions to the hardware ID (using the
ConcurrentSessions
constraint). -
When viewing the users of an organization’s user group or when adding users there, the user table filter based on the contact email now uses a “starts with” search, instead of a “contains” search.
-
On the Authorize consumers tab of an organization’s entitlement, the Has access column now uses visual indicators to show whether the group has access to the entitlement (a green check mark icon for access, or a red “X” icon for no access).
Bug fixes:
-
Fixed the creating and editing of a transaction item to no longer allow setting Quantity to zero or to a negative value.
-
Fixed an issue where SysAdmin always used the system’s default redirect page for failed logins due to missing access rights, even if a custom redirect page had been defined.
-
Fixed an error in displaying a role’s permissions after edits in the permission side panel were canceled.
-
After downloading an organization license token for a license that has seats, the view for managing seat reservations for the license no longer incorrectly shows the user as having a seat reservation.
-
After downloading an organization license token for a license that has seats, the Seats column on the license list is now refreshed immediately to show an updated count of seats in use.
-
Improved the error message shown when an administrator cannot download a license token because the license model has
ConsumptionLockConstraint
defined, and a locking already exists for another device and prevents the license from being consumed. -
Improved the error messages shown when creating an invitation to a user fails because the given email address is already used in the system by another user account.
-
Fixed a pagination issue on the user list when adding users to a user group.
-
Other minor fixes.
10Duke OrgAdmin
Enhancements:
- Where licensed item’s display names are shown, OrgAdmin now shows the translation of the display name according to the user’s locale. If no translation is available for the user’s locale, the default display name is used as a fallback.
Bug fixes:
-
Fixed an issue that sometimes caused an authentication error to be incorrectly shown to a user when navigating to OrgAdmin.
-
Improved the error message shown when an administrator cannot make a seat reservation from a license because the license model’s limit for seat assignments has been reached.
-
Improved the error message shown when an administrator cannot download a license token because the license model has
ConsumptionLockConstraint
defined, and a locking already exists for another device and prevents the license from being consumed.
Other changes
Enhancements:
- Licenses granted using the Graph API now also follow the seat reservation limit defined in the product package when the license model limits seat reassignments.
Release 5.5.0
Release date: July 5, 2024
The main enhancements introduced by this release:
-
10Duke Entitlement Management REST API support for provisioning licenses directly to a specified entitlement.
-
10Duke SysAdmin support for transactions in provisioning and maintaining licenses, which brings it in sync with the Entitlement Management REST API. The legacy UI that doesn’t use transactions is available through a configuration option.
10Duke Identity Management REST API 2.2.0
Enhancements:
- To enable localization of the account activation email, you can now provide the user’s locale using the new
messageLocale
parameter, available in the operations for sending an account activation email, creating a user, importing users to the system, and importing users to an organization.
Bug fixes:
-
POST and PUT requests to the
/clients
and/organizations/{organizationId}/clients
endpoints now correctly require the mandatoryclientId
to be provided. -
A minor fix in the OpenAPI document structure.
10Duke Entitlement Management REST API 3.4.0
Enhancements:
-
When provisioning licenses to an organization or user, a transaction item has a new
entitlementId
parameter for specifying where to store the created licenses. If no entitlement is specified, the licenses are stored in the default entitlement.The same parameter is available when updating a transaction’s licenses for an organization or user, where it can be used to specify where any new licenses created by the update operation are stored. The parameter doesn’t affect existing licenses: they’re not moved from their current entitlement.
-
In the license provisioning operations to retrieve a transaction and to suspend or resume a transaction, the
transactionId
path parameter has been renamed astransactionExternalId
to more clearly indicate that it specifies the external ID of the transaction. -
The
EffectiveLicenseModel
object, which is returned, for example, when retrieving a user’s available licenses, now includes information onConsumptionLockConstraint
if defined in the license model.
Bug fixes:
-
Fixed a bug that allowed duplicate default entitlements to be created for an organization.
-
Fixed the API reference documentation to provide the missing
date-time
format specifier for theCreated
andModified
fields.
10Duke Login Application
Enhancements:
-
It’s now possible to configure redirect URLs for invitations sent from 10Duke SysAdmin and 10Duke OrgAdmin: the URL where the user is redirected after completing the invitation process. A redirect URL is configured separately for invitations to an organization (group) and for invitations to sign up as a user.
-
In the password reset URL included in the email template for “password reset completed” emails, you can now use format arguments for inserting the base URL and the user’s email address.
An example message in the template where the base URL will be inserted in
{20}
and the user’s email address in{11}
:You can now continue using your 10Duke account normally with your new password.\n\nIf you did not request password change, reset your password here: {20}/user/forgot/password?email={11}
Bug fixes:
- A minor fix in the German translations.
10Duke SysAdmin
Enhancements:
-
SysAdmin provides a new UI for granting and maintaining licenses using transactions, a concept that is also used by the Entitlement Management REST API provisioning operations.
In the left sidebar in SysAdmin, you now navigate to licenses from under LICENSES, where you first select either Organization or Personal and then select an organization or user.
The LICENSES view provides two tabs, which work the same way with both organization and personal licenses.
-
A new Transactions tab, where you find all the features related to granting, updating, and suspending licenses for the selected organization or user.
You grant licenses by creating a transaction that consists of one or more transaction items. Each transaction item specifies the information needed for granting licenses with one product package into a selected entitlement. Any later changes to the licenses are also done through the transaction and the applicable transaction item.
-
The Entitlements tab, which provides the same features as before except for those related to granting and making changes to licenses.
Here you create and manage entitlements for the organization or user in the same way as before, manage group access and seat reservations for organization licenses, and so on.
The new transaction-based UI moves your control over licenses to the transaction item level, and makes the product package the core source for license information. Note the following changes:
-
You no longer manually define what type of credit (seats, use count, or use time) to grant in a license: this is now directly determined by the credit type in the licensed item’s settings in the product package. You only define how many product packages are used to grant licenses. This product package quantity acts as a multiplier against the credit amount in the licensed item’s settings to calculate the final license credit.
-
All changes to licenses are now done through a transaction item in a transaction. The changes always apply to all the licenses associated with the transaction item. The old features for editing licenses individually are only available in the legacy UI, such as updating the validity or credit of an individual license, or suspending a license.
-
Licenses can no longer be deleted individually. You can delete a transaction item to delete all the licenses in it. A whole transaction cannot be deleted, but you can suspend a transaction to suspend all the licenses.
Other things to note:
-
Updating the allowed versions in existing licenses is no longer possible. If needed, you can delete the transaction item from the transaction to delete the old licenses, and add a new transaction item to grant new licenses with the latest information from the product package.
-
You can only update a transaction if all product packages used in it are active and valid.
-
The feature for releasing licenses currently in use (that is, ending the lease) is no longer available from the license list. You can still release a particular user’s leases from their user account, but it’s no longer possible to release all seats being consumed from an organization license in one go, nor to release seats being consumed by device clients.
-
A product package cannot be deleted if it’s associated with a transaction item. You need to first delete any transaction items where it’s used, which in practice means deleting all the licenses granted using the product package.
See how to manage licenses and entitlements in the new transaction-based UI.
Taking the new transaction-based UI into use:
-
To switch to using the new transaction-based UI features, contact the 10Duke Integration Support team for a configuration change. If your deployment has licenses created without a transaction, a migration is required to create transactions for them.
-
If needed, you can continue to use the legacy UI features that don’t use transactions for granting licenses. This doesn’t require any actions from you.
Note: License provisioning integrations that don’t create transactions (such as the Graph API and the event-based integrations) cannot be used side by side with the new transaction-based UI in SysAdmin.
-
-
SysAdmin now supports defining a lock scope for licenses (or disabling it) when required by the license model. The lock scope is defined in the transaction item (see above) and applies to all licenses granted with the transaction item.
Setting a lock scope is only supported by the new transaction-based UI features. If the legacy UI is in use, the lock scope can only be set through the Entitlement Management REST API.
See more about the use of lock scopes for preventing the abuse of trial licenses and the license model’s
ConsumptionLockConstraint
rule. -
Deleting a licensed item is no longer allowed if it’s used in a product package or if it’s associated with active licenses. (Earlier deleting a licensed item also deleted all associated licenses.)
-
Fixed editing a custom license model so that an error in the JSON can no longer cause the whole license model to be wiped clean.
-
In a product package, the table on the Licensed items tab now also displays the settings defined for each licensed item in the product package.
-
Fixed minor issues related to making license model changes in the product package.
-
To reduce database load, filtering by a table column in user tables is now applied after pressing Enter instead of immediately after typing.
-
In invitation tables with a State filter, selecting a state now updates the table, and there’s no Apply button anymore.
-
URL fields in OAuth and SAML identity provider connections now also allow local URLs.
-
Added the missing
@internal/organizationGroup
and@internal/organizationRole
local claims to the menus when defining the response attributes for an OAuth or SAML identity provider connection. -
The “not authorized” page now also shows an option to log out.
Bug fixes:
-
Fixed filtering of groups when adding a user to groups, and filtering of activation code configurations by name.
-
Fixed an issue related to how SysAdmin checked permissions when a user with a custom internal role attempted to view roles in SysAdmin.
If you’re using custom internal roles with a custom
Grants
permission, the fix also requires replacing that permission. Contact the 10Duke Integration Support team for support. -
Other minor fixes.
10Duke OrgAdmin
Enhancements:
- The license usage dialog now also shows the client application version on which the license is being consumed.
Bug fixes:
-
Blocking a license is now correctly enforced also when the license model contains
AssignedLicenseConstraint
withallowLazyReservation
set totrue
. -
Other minor fixes.
Other changes
Bug fixes:
- A lease refresh can no longer shorten the lease.
Release 5.4.0
Release date: May 27, 2024
10Duke Identity Management REST API 2.1.1
Enhancements:
-
The default welcome URLs are now configured separately for user and device client invitations.
If you need a different default welcome URL defined for device client invitations in your deployment, contact the 10Duke Integration Support team for a configuration change.
Bug fixes:
-
Fixes in the API reference documentation:
-
Added the previously undocumented 409 error response for the operation for adding an inherited client role for an organization role.
-
Fixed the documentation on the uniqueness requirement for
key
in user and organization properties, and forname
in client roles.
-
10Duke Entitlement Management REST API 3.3.1
Enhancements:
-
When provisioning licenses to an organization or user, the new
productName
parameter enables identifying the product package to be used by the product package’s name instead of the unique ID.Provide either
productId
orproductName
to identify the product package, but not both. -
License provisioning operations now send events.
Bug fixes:
-
Fixed an error that caused retrieving the license usage for a user or a device client to fail if the license model’s
ConcurrentSessions
constraint uses any other anchor type thanHardware
insessionAnchors
orleaseAnchors
. -
Fixed the response to moving a license to another entitlement, which was missing the license properties.
-
Fixed the documentation on how licenses can be deleted when updating the licenses for an organization or a user. The operations never delete licenses if license items have been removed from the product package, and if a transaction item is not included in the request and
allowDeleteLicenses
isfalse
, the operation fails.
10Duke Login Application
Enhancements:
-
To reduce the risk that a user enters their email address wrong when registering, the registration page can now be configured to display a second email address input field so that the email address must be entered twice.
To enable the second field in your deployment configuration, contact the 10Duke Integration Support team.
-
When the user has clicked a link to send an email to validate their email address, the notification text displayed on the page now shows the email address where the email was sent.
-
To support the need to use a shorter than standard key length when verifying ID token signatures with the JWT bearer token authorization grant flow, it’s now possible to disable the key length check in the configuration.
Contact the 10Duke Integration Support team for a configuration change if needed.
-
When a client application connects to 10Duke Enterprise using the authorization code grant flow with PKCE, and its SysAdmin configuration specifies a client secret, it’s now configurable whether the secret is required also when requesting an access token, instead of only when requesting the refresh token.
This is related to an enhancement in release 5.0.0, which changed the behavior with this authentication flow so that the secret is always required also when requesting an access token. In most cases, a client secret is not used together with this flow.
If the client secret must not be required when requesting an access token in your deployment, contact the 10Duke Integration Support team for a configuration change.
Bug fixes:
- A minor fix in drop-down menu behavior.
10Duke SysAdmin
Enhancements:
-
Changes to the default JSON when you’re creating a custom license model:
-
Behaviors now includes the
allowLeaseExtension
andallowLeaseRelease
rules, both set totrue
, and thelicenseLockingBehavior
rule withlockMode
set toLOCK_LICENSE
. -
Constraints now includes
ConsumptionLockConstraint
that can be used for trial abuse prevention, withconsumptionLockAnchor
set toHardware
.IpAddressConstraint
has been removed.
-
-
To improve page loading, the SysAdmin home page no longer displays by default the summary cards on users, invitations, organizations, and sessions. They continue to be displayed on the Identity Dashboard.
To display the cards in your deployment, contact the 10Duke Integration Support team for a configuration change.
-
The top toolbar now provides a link to the documentation site.
Bug fixes:
-
Fixed an error that caused creating an OAuth identity provider to fail.
-
Fixed errors in granting or viewing licenses when the license model uses
LicensedItem
insessionAnchors
in theConcurrentSessions
constraint. -
Defining Token signature public key is no longer erroneously mandatory when creating an OAuth identity provider.
-
The Valid until field is also now shown in the invitation summary when creating a new invitation to user group.
-
Other minor fixes.
10Duke OrgAdmin
Enhancements:
-
Support for adding custom links in OrgAdmin:
-
As options in the user menu in the top toolbar
-
As action buttons above a table (like the existing Create button above the user group table)
-
As options in the Tools menu on table rows
To add custom links, contact the 10Duke Integration Support team.
-
Bug fixes:
-
Fixed the Expired status label in the invitation table.
-
Other minor fixes.
Other changes
Enhancements:
-
Changes in the license model’s
ConcurrentSessions
constraint:-
A new
Version
option is available for use as either a session anchor or a lease anchor. If used, the software version must be provided in theversion
parameter in the license consumption request. -
The
Hardware
andLicensedResource
options can now also be used as lease anchors.
-
-
A license consumption request for a user now returns HTTP 401 Unauthorized if the user account has been deactivated.
Bug fixes:
-
The
LicensedProcess
option is again supported as a session anchor in theConcurrentSessions
constraint in the license model.The option was removed in release 5.0.0.
-
Added missing fields to events.
-
Other minor fixes.
Release 5.3.0
Release date: April 2, 2024
This release provides support for trial abuse prevention, which enables you to prevent a customer from using the same trial license repeatedly on the same device. The feature introduces a new license model constraint and the ability to define a lock scope when provisioning trial licenses. See more about the trial license constraint.
The release includes minor security improvements. We recommend updating to this release.
10Duke Identity Management REST API 2.1.1
Bug fixes:
- Fixed examples in API reference documentation that use the
application/x-www-form-urlencoded
content type.
10Duke Entitlement Management REST API 3.2.0
Enhancements:
- To support trial abuse prevention, when provisioning organization licenses or personal licenses you can use the new
lockScope
field to specify a lock scope for a (trial) license.
Bug fixes:
- Fixed an error that could cause retrieving a user’s license usage to fail if the user had old license assignments.
10Duke Login Application
Enhancements:
- Updated UI translations to fully cover all supported languages.
10Duke SysAdmin
Enhancements:
-
You can now define a validity end date for an invitation to a user or device client, after which the invitation can no longer be accepted (or declined).
-
In the settings of a license provisioning configuration for activation code-based licensing, the field for defining a validity time for the provisioned licenses is now more clearly labeled as License validity period.
Bug fixes:
-
When changing the credit of a license (the number of seats, use count, or use time), the credit can no longer be changed to a value lower than zero.
-
You can now select multiple users for removing them from a user group.
-
Fixed occasional page rendering issues when creating or viewing SAML external identity provider connections.
-
In Response attributes of a SAML external identity provider connection, cleaned up unsupported values from the menu for defining the source data for a mapping.
-
Other minor fixes.
10Duke OrgAdmin
Enhancements:
-
Updated UI translations to fully cover all supported languages.
-
Fixed a styling issue caused by long words in Dashboard card titles and sidebar navigation items.
-
Fixed a styling issue in notifications when the UI is displayed in dark mode.
Other changes
Enhancements:
-
To support trial abuse prevention, a license model supports a new constraint
ConsumptionLockConstraint
. The constraint can be used for creating a locking that ties a (trial) license to the hardware ID of the device on which the license is first consumed. -
Other minor fixes.
Release 5.2.1
Release date: March 21, 2024
Bug fixes:
-
Fixed an error that created extra license leases if the license model’s
ConcurrentSessions
had an anchor set insessionAnchors
andLeaseTrackingMode
was not set. This could result in the user not being allowed to release the consumed license seat. -
Fixed an error where if the license consumption request specified
licenseId
and the user or device client had access to the specified license, license consumption was allowed even if the license didn’t allow consuming the requested licensed item. -
Fixed an error that could cause the
maxConcurrentSessionsExceed
error to be returned if the license model had the number of concurrent license sessions allowed set to a value greater than 2. -
Related to the 5.0.0 fix on storing the hardware name in the license consumption request in rare cases where the same hardware ID is used by two different devices,
maxConcurrentSessionsExceed
errors may occur during the migration period, the length of which depends on the maximum lease time. -
The 10Duke Identity Management REST API now correctly sends events when a user is created, updated, or deleted, a user’s password is created or changed, or two-factor authentication (2FA) is activated or deactivated for a user.
-
Performance improvements in the 10Duke License Consumption API.
-
Other minor fixes.
Release 5.2.0
Release date: March 6, 2024
The release includes minor security improvements. We recommend updating to this release.
10Duke Entitlement Management REST API 3.1.0
Enhancements:
-
The
License
object, returned by API operations such as listing an organization entitlement’s licenses, contains a newproperties
object that contains any additional license properties defined for the license. -
Added
Cache-Control
headers for responses that should not be stored by intermediate caches.
10Duke Login Application
Bug fixes:
-
A fix in applying only the UI languages allowed by the deployment configuration.
-
The Login Application now correctly sends an event when an invitation is accepted or declined.
10Duke SysAdmin
Bug fixes:
-
Fixed an error in saving changes to the permissions of a role or an organization role template.
-
The creation of product packages is now disabled if no license models have been created.
-
Fixed missing labels in the column selection menu in the product package and licensed item tables.
-
In Activation code configurations, the button for removing the association to an organization is now labeled Remove organization.
-
Other minor fixes.
Other changes
Enhancements:
-
When requesting to consume a license or to renew a lease through the 10Duke License Consumption API:
-
The request supports a new
ownerUserId
parameter for specifying a user ID to only consume that user’s personal licenses, if multiple license options are available for the requested licensed item. -
When the request only specifies only one licensed item, the request can now specify the
ownerOrganizationId
parameter at the request level, in the same way as theentitlementId
andlicenseId
parameters.
-
Release 5.1.0
Release date: February 21, 2024
The release includes minor security improvements. We recommend updating to this release.
10Duke Login Application
Enhancements:
- The
<locale>
in the URL now supports International Components for Unicode (ICU) locales. See more on Login Application localization.
Bug fixes:
-
Fixed an issue that caused the registration page to not display the postal code field even if it was enabled.
-
Other minor fixes.
10Duke SysAdmin
Bug fixes:
-
Performance improvements in page loading when there’s a large number of licenses.
-
The External identity providers table is now automatically refreshed after creating a new external identity provider.
-
Trying to create a custom license model with incorrect JSON formatting no longer saves the erroneous license model.
-
Improvements to error messages.
-
Improved error handling in the case of a duplicate value for Identity provider name ID (OIDC) or Identity provider ID (SAML) for external identity providers.
-
Other minor fixes.
10Duke OrgAdmin
Enhancements:
-
The
<locale>
in the URL now supports ICU locales. See more on OrgAdmin localization. -
An apostrophe
'
and a grave accent (backtick)`
are now allowed characters in email addresses. Single quotation marks‘
and’
are not allowed. -
The description of a user group or a device client group is now an optional field.
Bug fixes:
-
Clicking a column header no longer prevents clicking links in the column.
-
Releasing a license lease in the Usage dialog no longer opens a blank page.
-
Other minor fixes.
Other changes
Bug fixes:
-
Fixed support for using
LicensedItem
as aleaseAnchors
value in the license model’sConcurrentSessions
constraint. -
Fixed the handling of license overusage for use count based licenses based on the license model’s
UtilizationConstraint
. -
The license consumption error
unallowedClientVersion
now correctly returns also the allowed version range for the license. -
The locale tag “no” is now accepted.
-
The Graph API
QueryLicenseUsage
now correctly returns HTTP error 500 for use time and use count licenses. -
Other minor fixes.
Release 5.0.0
Release date: February 6, 2024
10Duke is pleased to announce the new major release 5 for 10Duke Enterprise, which introduces:
-
A great collection of new features and improvements in functionality, including:
-
Full support for device licensing in 10Duke Enterprise, including REST API, 10Duke SysAdmin, and 10Duke OrgAdmin features for inviting device clients and authorizing their access to licenses using groups.
-
Support for defining additional license properties during license provisioning and extending the claims in the JWT token to include them.
-
License consumption information included on the license lists in SysAdmin.
-
-
Significant changes that break compatibility with the previous major releases, including changes in API endpoints.
Please review the release notes marked with the Breaking label.
-
A 10Duke SysAdmin version that provides significant improvements to overall consistency in user experience and application stability.
-
A 10Duke OrgAdmin version with UI themes updated to Bootstrap 5, offering easier and more extensive possibilities for UI customization.
-
Bug fixes and performance related improvements.
Check out the comprehensive list of breaking changes and new features under each solution component below.
10Duke Identity Management REST API 2.1.0
Enhancements:
-
New endpoints for managing the association of device clients with device client groups:
-
/clients/{clientId}/client-groups
: Retrieve the client groups that a client belongs to, add or remove a client to or from client groups, and replace the client groups that a client belongs to. -
/clients/{clientId}/client-groups/{groupId}
: Retrieve a client group that a client belongs to, and add or remove a client to or from a client group.
-
-
To support use cases where a new user account is created in the system with no password defined, the API provides new features for sending the user an email that requests them to activate their user account by setting a password:
-
New query parameters
activationMessage
andactivationUrl
for sending an account activation email when creating a user, importing users to the system, or importing users to an organization -
A new API operation POST
/users/{userId}/send-activation
for just sending the account activation email
When the user clicks the link in the email, this opens the account activation page in 10Duke Enterprise where the user defines a password for themselves. After this, the user is sent a confirmation email about setting the password.
Two new email templates are available for customizing the content of the emails.
See example usage of the feature when creating a new consumer customer.
-
-
A new API operation POST
/users/byEmail
for retrieving a user based on the primary contact email address in their user account. (This email address is typically the same as the email address used as the username, if 10Duke Enterprise is used for user authentication.) -
When updating a user’s details, you can no longer change the user’s email address if it has been validated.
-
Breaking: Consolidated the API endpoints for retrieving user invitations based on invitation status.
-
The GET
/organization-group-invitations
and GET/user-invitations
API operations provide a newinvitationState
query parameter to allow filtering the results based on invitation status. -
The specific API endpoints for retrieving user invitations by status have been removed:
-
Removed endpoints for invitations to join an organization:
/organization-group-invitations/open
,/organization-group-invitations/accepted
,/organization-group-invitations/declined
,/organization-group-invitations/revoked
-
Removed endpoints for invitations to sign up:
/user-invitations/open
,/user-invitations/accepted
,/user-invitations/declined
,/user-invitations/revoked
-
-
-
Breaking: In API operations related to organization and user invitations, the
invitationState
field includes a new valueopen
that applies to invitations that haven’t been accepted, declined, or revoked.The values
created
,updated
, anddeliveryRequested
have been removed. -
Breaking: The
memberStatus
field and the deprecatedrecipientIsNewUser
field have been removed from theUserInvitation
andOrganizationGroupInvitation
resources.10Duke Enterprise now resolves internally whether a user is a new or existing user when an invitation is sent, and this information is no longer returned by API operations.
Bug fixes:
-
Setting up a new organization now returns the details of the created “employees” group even when
createDefaultEntitlement
is set tofalse
. -
Retrieving an organization’s client group invitations (list and read) now correctly returns only the specified organization’s invitations.
-
Retrieving or replacing user or organization properties now correctly returns only the fields
key
andvalue
. -
Fixes in the API reference documentation related to inherited permissions in organization roles. Also added information on the possibility to use the organization role designator in place of the ID in certain API operations.
-
Other minor fixes.
10Duke Entitlement Management REST API 3.0.0
Enhancements:
-
A new endpoint
/organizations/{orgId}/entitlements/{entId}/consuming-clients
for querying which device clients have access to the licenses in a specific entitlement. -
The license transaction item provides a new
licenseProperties
object that can contain additional license properties for the licenses in that transaction.This allows you to attach your own custom metadata to licenses when provisioning or updating them, and to retrieve the license properties related to licenses in a transaction.
The properties are defined as name-value pairs. The API client is responsible for defining and managing the property name namespace.
To enable the license property feature in your deployment configuration, contact the 10Duke Integration Support team.
-
Breaking: New API endpoints available for managing a user’s or device client’s assignments for a license:
-
Make a seat reservation:
PUT
/organizations/{orgId}/entitlements/{entId}/licenses/{licenseId}/users/{userId}/reserve
PUT
/organizations/{orgId}/entitlements/{entId}/licenses/{licenseId}/clients/{clientId}/reserve
-
Block the license:
PUT
/organizations/{orgId}/entitlements/{entId}/licenses/{licenseId}/users/{userId}/deny
PUT
/organizations/{orgId}/entitlements/{entId}/licenses/{licenseId}/clients/{clientId}/deny
-
Reset a user’s or device client’s assignments for a license, which removes their seat reservation or blocking:
PUT
/organizations/{orgId}/entitlements/{entId}/licenses/{licenseId}/users/{userId}/reset
PUT
/organizations/{orgId}/entitlements/{entId}/licenses/{licenseId}/clients/{clientId}/reset
The API no longer supports setting a validity period for a seat reservation or a blocking, nor making multiple seat reservations for the same license for a user or device client.
The following API operations have also been deprecated:
-
PUT
/organizations/{orgId}/entitlements/{entId}/licenses/{licenseId}/users/{userId}/assignments
-
PUT
/organizations/{orgId}/entitlements/{entId}/licenses/{licenseId}/clients/{clientId}/assignments
-
-
The
License
object, returned by API operations such as listing an organization entitlement’s licenses, contains new credit-related fields:-
useCountConsumed
anduseCountTotal
that specify the use count consumed from the license and the total use count granted in the license. -
useTimeConsumed
anduseTimeTotal
that specify the use time consumed from the license and the total use time granted in the license.
-
-
Breaking: In the queries for available licenses for a user or device client, the
product
parameter has been renamed aslicensedItemName
to clarify that it specifies a licensed item. -
Breaking: Queries for available licenses for a user or device client now by default ignore licenses that have expired over one year ago (365 days).
If you wish to change the threshold in your deployment, contact the 10Duke Integration Support team.
-
Breaking: The
TechnicalActor
object is no longer available in the API. -
Breaking: The
includeCredits
parameter has been removed from API operations that list an entitlement’s licenses, move a license to another entitlement, and query available licenses for a user or a device client. The operations now always return all license credit information. -
Operations that return license owner or license consumer data include a new
objectType
field that defines the type of the license owner or license consumer. -
Breaking: The
objectType
field that specifies the type of credit has been removed from license credit resources. -
Breaking: Unified operation IDs related to license provisioning API operations:
-
New operations IDs for the API operations for suspending and resuming licenses:
suspendOrganizationLicenses
,resumeOrganizationLicenses
,suspendUserLicenses
, andresumeUserLicenses
. -
New operation IDs for the API operations for provisioning, updating, and retrieving organization licenses:
processOrganizationLicenseTransaction
,updateOrganizationLicenseTransaction
, andgetOrganizationLicenseTransaction
.
-
-
Documentation improvements in the API reference.
Bug fixes:
-
Fixed an issue that prevented creating a seat reservation to a license that has a version constraint.
-
Other minor fixes.
10Duke Login Application
Enhancements:
-
The link in a device client invitation now opens a browser page that provides instructions for the invitation recipient on how to proceed and connect the device.
This helps to avoid situations where an email client doesn’t allow opening a link that would use a custom URL scheme for opening the welcome page in your client application. Now the email link opens the redirect page, which displays a link that uses a custom URL scheme defined in your deployment configuration to open the welcome page.
To customize the page content and configure the custom URL scheme used, contact the 10Duke Integration Support team. See also more information on how to invite device clients.
-
Support added for the new user account activation page where a new user can activate their user account by setting a password. See more information on the new account activation features in the Identity Management REST API section above.
-
Support added for OAuth token introspection (see RFC 7662) to allow the client application to request additional information on an access token or refresh token granted by 10Duke Enterprise.
-
Breaking: When 10Duke Enterprise returns an access token to your client application after authentication, the new
refresh_token_expires_in
response field contains the amount of time until the OAuth session expires.The
refreshable_until
field that contained the OAuth session expiry has been deprecated. If this legacy field still needs to be returned, contact the 10Duke Integration Support team for a configuration change. -
For added security, the system now informs a user by email about a password change and about two-factor authentication (2FA) being activated for their user account.
Two new email templates are available for customizing the content of the emails. If you want customizations or wish to disable the emails in your deployment, contact the 10Duke Integration Support team.
-
Breaking: The same additional authentication methods are now by default used with the legacy OAuth password grant flow (resource owner password credentials grant) as with other OAuth authentication flows.
-
If a user has two-factor authentication (2FA) enabled (or if 2FA is globally enforced), 2FA is now enforced also when the user is being authenticated with the password grant flow. Because the flow doesn’t support 2FA, authentication will fail in this case.
-
If email verification is enforced in the system, it is now enforced also with this flow, so authentication will fail for users who haven’t verified their email address.
You can override the additional authentication method configuration for the password grant flow, for example, if 2FA authentication should not be enforced with this flow. For a configuration change, contact the 10Duke Integration Support team.
-
-
The
name
field is now included in the ID token and the OIDC userinfo response even if the user’s display name is not available. In that case, the field contains the user’s first and last name. -
The ID token header now also includes the
typ
field that specifies the token typeJWT
. -
The timestamp of the user’s last login is now updated every time the user receives an access token, instead of only when they have logged in to the Login Application UI.
This improves, for example, the accuracy in OrgAdmin for showing which users have been active within the past 30 days.
-
When a new user has accepted an invitation and registered as a user, the email address they used for the registration is now automatically marked as validated, instead of the user having to take an extra step to validate it.
-
Support added for a redirect through 10Duke Enterprise before initiating authentication in order to provide 10Duke Enterprise with the user’s email address and the ID for an external identity provider’s SysAdmin configuration.
Bug fixes:
-
Breaking: When a client application connects using the authorization code grant flow with PKCE, if its SysAdmin configuration specifies a client secret, the secret is now correctly required already when requesting an access token, instead of only when requesting the refresh token.
In most cases, a client secret is not used together with the authorization code grant flow with PKCE. If your client application is using this flow, we recommend that you confirm that you have defined the client secret setting in its SysAdmin configuration correctly for your use case.
-
The user’s “remember me” selection now works correctly in redirects.
-
Fixed an issue that caused email sending to sometimes fail.
10Duke SysAdmin
Enhancements:
-
SysAdmin provides new features to support device-based licensing:
-
You can create and manage device client groups for an organization, and authorize the groups to access the organization’s licenses.
-
You can invite device clients to an organization’s device client groups, and view and manage the device clients.
-
You can reserve and release seats from an organization license also for device clients.
Releasing all the seats being consumed from an organization license now also releases the seats being consumed by device clients.
-
-
Even if the license model doesn’t allow releasing seat reservations, you can override this restriction and release a seat reservation in SysAdmin if needed, for example, to support a customer who made a wrong seat reservation in OrgAdmin.
When you’re about to release seat reservations for an organization license, the SysAdmin side panel now shows a notification text if the license model has this restriction, and provides a toggle for overriding it.
-
In the organization and personal license tables:
-
The table now also shows either the number of seats in use (seats being consumed and reserved seats) or the use count or use time that has been consumed, depending on the type of credit available in a license.
-
You can view any custom properties that have been created for the licenses through the Entitlement Management REST API.
-
Improvements to viewing the status of the license: The Status icon now indicates if a license is about to expire, its validity start date is in the future, or there is an error in the license’s configuration, and the Active column that indicates if the license is active is now shown right next to Status.
-
-
There’s a new optional Designator field available for organization role templates, which allows you to define a unique identifier for each template, for example, for integration purposes.
-
The organization and product package tables now show the unique ID of an organization or a product package and provide a button for copying it. You can also filter and sort each table based on the ID.
-
An organization’s device client group table and the details tab now show the unique group ID and provide a button for copying it. You can also now filter and sort the table based on all the column values.
-
In the product package table, the Type column is now hidden by default. You can show and hide it from the Columns menu like before.
-
The client role table now also displays the OAuth client application, if a client role is set to only apply to that application.
-
In the settings of an OAuth external identity provider connection, the Identity provider details tab has a new field OAuth endpoint ID that shows the ID of the identity provider’s configuration in SysAdmin.
-
In the settings of both OAuth and SAML external identity provider connections, Assertion consumption mode is now correctly marked as a mandatory field.
-
Updated JSON samples available when creating a new custom license model.
-
Usability improvements:
-
When you navigate to organization entitlements or to organization roles, the organization selection dialog now opens automatically.
-
You can adjust the column width in tables.
-
When you change how many rows are displayed in a table view, that change also applies in other table views that you navigate to.
-
A confirmation dialog has been added to some actions, such as deactivating or deleting a license, revoking credit from a license, and deleting a role or an organization role template.
-
Label clarifications in the UI.
Note especially in the left-hand navigation:
-
In IDENTITY, the Single sign-in menu option is now Client applications, and the Federation menu option is now External identity providers.
-
The configurations for provisioning licenses with activation codes are now in ACTIVATION CODES > Configurations.
-
-
Page titles are now available on all UI pages.
-
Various improvements have been made to input validation and warning messages when creating and editing items in the UI.
-
-
Breaking: In a SAML external identity provider connection, the deprecated Signatures and Encryption sections have been removed.
The Client identifier field has also been removed from the connection’s client details. The entity ID of 10Duke Enterprise is read from the SAML Service Provider metadata document of your 10Duke Enterprise deployment like before.
Bug fixes:
-
Fixed an issue where the dialog for adding licensed items to a product package had items selected based on the previous operation.
-
Fixed a pagination issue on the Users page.
Due to performance reasons, if you have a large number of users and if pagination on the Users page is enabled, the pagination options may now indicate a lower page count than what your actual total number of users is.
-
Trying to grant a license without any kind of credit now shows an error message instead of failing with an exception.
-
Fixed missing labels in the column selection menu in several UI tables.
-
Other minor fixes.
10Duke OrgAdmin
Enhancements:
-
Features to support device-based licensing. Now the OrgAdmin user can:
-
Create and manage device client groups for their organization, and authorize the groups to access the organization’s licenses.
-
Invite device clients to their organization’s device client groups, and view and manage the device clients.
-
Reserve, block, and release seats from their organization licenses also for device clients.
-
-
Updated UI themes to Bootstrap 5.
This also provides easier and more extensive possibilities for UI customization based on Bootstrap 5 themes.
Note: If you have existing OrgAdmin customizations, these may no longer work after this update.
Contact the 10Duke Integration Support team if you have existing customizations to be updated or if you want customizations to the new themes provided by this OrgAdmin version.
Bug fixes:
-
The license usage dialog no longer shows the features for handling seat reservations when the license has only use count or use time.
-
On the license list, the Use time: consumed column now correctly displays the consumed use time.
-
The entitlement details dialog now displays correctly all the groups that have access to the entitlement.
-
Other minor fixes.
Other changes
Enhancements:
-
Changes in license model behaviors and constraints:
-
Breaking: A license model can now restrict license consumption only based on one type of credit, using either
SeatCountConstraint
,UseCountConstraint
, orAggregateUseConstraint
.If the license model contains a restriction for more than one type of credit, the license consumption request fails with HTTP error 500.
-
Breaking: The
AggregateUseConstraint
in the license model has a newtrackingMode
field for enabling or disabling the tracking of license consumption based on use time. The earlierincrementModel
field has been removed.When tracking is enabled with the
TRACK_BY_LEASE
value, the aggregation of the use time consumed works in the same way as with the earlier “fair” model thatincrementModel
provided. The “append” model is no longer available.The
incrementModel
field has also been removed from theLeaseTimeBehavior
rule. -
Breaking: In the
ConcurrentSessions
constraint in the license model, the name of theadditionalAnchors
field has been changed toleaseAnchors
. -
License locking is now used by default unless the license model contains the
LicenseLockingBehavior
rule to disable it.
-
-
Changes in license consumption:
-
The license consumption response now includes a new
licenseProperties
claim, which returns the license properties defined for the license as custom name-value pairs.To enable the license property feature in your deployment configuration, contact the 10Duke Integration Support team.
-
Breaking: License consumption requests now by default ignore licenses that have expired over one year ago (365 days).
If you wish to change the threshold in your deployment, contact the 10Duke Integration Support team.
-
-
The consumed use count and use time are now included in the license consumption event from the 10Duke License Consumption API.
Security:
- Breaking: When accessing 10Duke Enterprise APIs, the legacy option of providing an OAuth access token as a parameter is no longer supported. See how to provide the access token in a Bearer token authorization header.
Bug fixes:
-
A fix in event sending for the 10Duke License Consumption API and Graph API.
-
Fixed an issue where all anchors in the license consumption request affected how lease consumption was counted, instead of only using the ones defined in the license model used by the license.
-
Fixed a permission issue that could cause a license consumption request for a use count-based license to fail.
-
In rare cases where the same hardware ID is used by two different devices, the hardware name provided in the license consumption request is now stored separately for the users, when earlier the same hardware name was stored for both.
-
Other minor fixes.
Open issues
-
Breaking: In the
ConcurrentSessions
constraint in the license model, support for theLicensedProcess
option was dropped fromsessionAnchors
.Fixed in release 5.4.0.
Release 4.0.0 (LTS)
Release date: October 25, 2023
This is the first 10Duke Enterprise release labeled LTS, which stands for Long Term Support. Releases labeled LTS will be supported and maintained with security updates and bug fixes over an extended period over regular releases. This release will be supported until October 2026.
See patch release notes for release 4 on that release’s documentation site.
10Duke Identity Management REST API v1.10.0
Enhancements:
- API definition migrated to OpenAPI 3.
10Duke Entitlement Management REST API v2.9.2
Enhancements:
-
A new endpoint
/organizations/{orgId}/entitlements/{entId}/consuming-users
for querying which users have access to the licenses in a specific entitlement. -
Documentation improvements in API reference.
Bug fixes:
-
Deleting an organization now correctly deletes also all the information on the license transactions related to the organization’s licenses.
-
When provisioning a new license, the
id
value for the transaction or a transaction item wasn’t stored if it was provided in the API request, and the system generated an ID instead. -
In provisioning operations, the
processed
timestamp was not generated for a license transaction even if it was not provided in the API request.
10Duke Login Application
Security:
- The version includes minor security improvements. We recommend updating to this version.
10Duke SysAdmin
Enhancements:
- In the user’s account details, the Active license leases tab has a new column that shows the name of the hardware that the lease applies to.
Security:
- The version includes minor security improvements. We recommend updating to this version.
Bug fixes:
-
An organization’s “employees” user group is no longer automatically granted access to a new entitlement.
-
The Release seat feature for an organization license only released one seat reservation if the user had multiple ones.
-
An entitlement’s license list didn’t show allowed versions for a license with use count that had been granted using SysAdmin.
10Duke OrgAdmin
Bug fixes:
- Minor fixes.
Other changes
Bug fixes:
-
Breaking: The 10Duke License Consumption API and Graph API operations now correctly return HTTP error 401 Unauthorized when the request is unauthorized, instead of a successful response 200.
If needed, the earlier behavior can be restored by a configuration change in your 10Duke Enterprise deployment. Contact the 10Duke Integration Support team.
Release 3.30.1
Release date: April 8, 2024
The release includes minor security improvements. We recommend updating to this release.
Release 3.30.0
Release date: October 9, 2023
10Duke Login Application
Enhancements:
-
100% localization in all supported languages.
-
The base font has been updated to Source Sans 3 (sans-serif).
10Duke OrgAdmin
Enhancements:
-
100% localization in all supported languages.
-
The base font has been updated to Source Sans 3 (sans-serif).
Release 3.29.1
Release date: September 29, 2023
This release provides backend fixes:
-
A fix in event sending: read events were sent even when not enabled in the deployment configuration.
-
Releasing a seat reservation now correctly releases also a blocking made for the seat.
Release 3.29.0
Release date: September 15, 2023
10Duke Identity Management REST API v1.8.1
Enhancements:
-
New configurations to control how user data can be queried from the system:
-
The maximum number of users who can be retrieved with a single query is now configurable. The default limit is 250.
If the API request’s
limit
header parameter exceeds the configured value, an error is returned. -
There is also a configurable maximum user count up to which users can be queried. The default limit is 5000.
For example, if the API request’s
limit
header parameter is set to 250 andoffset
to 4750, the request is allowed, because the last returned user is the 5000th in the sorting order. If you increase theoffset
value, the last returned user goes past the 5000 limit and an error is returned.
If you need configuration changes, contact the 10Duke Integration Support team.
-
-
Improvement in the event sending configuration. If event sending is currently enabled in your 10Duke Enterprise deployment, now events will be sent also from the Identity Management REST API.
-
API reference documentation improvements.
10Duke Entitlement Management REST API v2.8.0
Enhancements:
-
A new endpoint
/organizations/{orgId}/entitlements/{entId}/licenses/{licenseId}/clients/{clientId}/assignments
for managing seat assignments for a device client (assign or release a seat reservation, or block or unblock a license) and for retrieving a device client’s assignments.This enables the use of license models with named seats for device clients.
-
A new endpoint
/clients/{clientId}/available-licenses
for retrieving the organization licenses that a device client is authorized to use. -
A new endpoint
/clients/{clientId}/license-usage
for retrieving the licenses that a device client is currently consuming or has a seat reservation to. -
The following keywords are now supported in path parameters when making API requests for the current user or device client:
-
me
in place of a user ID, as in/users/me/available-licenses
-
this
in place of a client ID, as in/clients/this/license-usage
-
-
When retrieving the license usage of a user or a device client, the response now also contains the client application version of the license lease.
-
Improvement in the event sending configuration. If event sending is currently enabled in your 10Duke Enterprise deployment, now events will be sent also from the Entitlement Management REST API.
10Duke SysAdmin
Enhancements:
-
Backend support for device licensing in SysAdmin.
-
The users table now also displays the unique ID of the user, which is needed in the API path when calling some of the 10Duke API endpoints. You can show and hide the column from the Columns list, and filter the table based on the ID.
-
Improvement in the event sending configuration. If event sending is currently enabled in your 10Duke Enterprise deployment, now events will be sent also from SysAdmin.
10Duke OrgAdmin
Enhancements:
-
The OrgAdmin user can now release a user’s license leases for licenses they are currently consuming. If they’re removing a user from the organization using the Remove from organization feature, they can also select whether to release that user’s license leases to the organization’s licenses.
Releasing a license lease may be useful with seat-based licenses, for example, if there’s a need to make a seat available to other users. With licenses that have either use count or use time credit, releasing an active license lease doesn’t impact the license availability, and no credit is returned.
In the same way as when releasing a license lease using SysAdmin, the client application is able to continue using the license token until it expires or the client application tries to refresh it. This means another user is able to start consuming the same license seat at the same time.
The feature requires extra permissions to be defined for the OrgAdmin user.
The license lease release feature in OrgAdmin is by default disabled in the 10Duke Enterprise configuration. If you want this feature enabled, contact the 10Duke Integration Support team.
Bug fixes:
- A fix in the Remove from organization feature that failed in some cases (depending on the license model), for example, if the user had an active license lease but no seat reservation.
10Duke Login Application
Enhancements:
-
You can now request for the authenticated user’s permissions using the new custom scope
https://apis.10duke.com/auth/openidconnect/client_permissions
, which returns theclient_permissions
claim in the ID token and the UserInfo response. -
It’s now configurable whether someone is allowed to register as a user in 10Duke Enterprise if their email address belongs to a domain that has been delegated to an external identity provider (with the Assigned Email Domains setting defined for the OIDC or SAML connection). By default, registration is not allowed.
-
Optimization in user data queries.
Release 3.28.1
Release date: July 7, 2023
This release fixes an issue that prevented configuring permissions for device licensing in organization scope.
Release 3.28.0
Release date: July 6, 2023
This release introduces API support for device licensing.
With device licensing, you can allow end users to access your licensed software application without having to register. The license is consumed by the device (a machine or PC) on which the software is running, and the end users using the software don’t need user accounts in the system.
In practice, each device is defined in the system as an OAuth client that belongs to a specific organization and has authentication credentials specific to the device hardware. The device client authenticates itself to 10Duke Enterprise using the OAuth client credentials grant flow to get an access token for authorizing API access.
Device clients are created in 10Duke Enterprise by invitation, and you authorize them to consume licenses using device client groups, in the same way as users are authorized using user groups.
The release also includes minor security improvements addressing false positives. We recommend updating to this release.
10Duke Identity Management REST API v1.8.0
Enhancements:
-
New endpoints for managing clients associated with an organization (device clients):
-
/organizations/{organizationId}/clients
: Create a new device client and associate it with an organization, retrieve information on device clients, and replace the details of a device client. -
/organizations/{organizationId}/clients/{clientId}
: Retrieve a device client and delete a device client. -
/organizations/{organizationId}/clients/{clientId}/set-secret
: Define the client secret for a device client.
-
-
New endpoints for managing clients not associated with an organization (which you can also manage in SysAdmin), such as client applications and third-party systems:
-
/clients
: Create a new client, retrieve clients, and replace the details of a client. -
/clients/{clientId}
: Retrieve a client and delete a client. -
/clients/{clientId}/set-secret
: Define the client secret for a client.
-
-
New endpoints for managing device client groups:
-
/organizations/{organizationId}/client-groups
: Create a new device client group for an organization, retrieve an organization’s device client groups, and replace a device client group’s details. -
/organizations/{organizationId}/client-groups/{groupId}
: Retrieve an organization’s device client group and delete one. -
/organizations/{organizationId}/client-groups/{groupId}/clients
: Add and remove device clients to and from a device client group, retrieve device clients that belong to a device client group, and replace the device clients that belong to a device client group. -
/organizations/{organizationId}/client-groups/{groupId}/clients/{clientId}
: Add and remove a device client to and from a device client group, and retrieve a device client that belongs to a device client group.
-
-
New endpoints for managing invitations to device client groups:
-
/organizations/{organizationId}/client-group-invitations
: Create a new invitation for a device client to join a device client group, and retrieve invitations to an organization’s device client groups. -
/organizations/{organizationId}/client-group-invitations/{invitationId}/send
: Send an existing invitation to a device client group. -
/organizations/{organizationId}/client-group-invitations/send
: Create and send a new invitation to a device client group. -
/organizations/{organizationId}/client-group-invitations/{invitationId}/create-token
: Create a new token for an invitation to a device client group. -
/organizations/{organizationId}/client-group-invitations/{invitationId}/revoke
: Revoke an invitation to a device client group. -
/organizations/{organizationId}/client-group-invitations/{invitationId}
: Retrieve an invitation to a device client group and delete an invitation.
-
-
New endpoints for accepting and declining invitations to device client groups:
-
/client-group-invitations/accept
: Accept an invitation to a device client group. -
/client-group-invitations/decline
: Decline an invitation to a device client group.
-
10Duke Entitlement Management REST API v2.5.0
Enhancements:
-
New endpoints for managing the authorization of device client groups to access licenses in an organization’s entitlements:
-
/organizations/{orgId}/entitlements/{entId}/consuming-client-groups/
: Retrieve device client groups that are authorized to access the licenses in an entitlement, and replace the authorized device client groups of an entitlement. -
/organizations/{orgId}/entitlements/{entId}/consuming-client-groups/{groupId}
: Authorize a device client group to access the licenses in an entitlement, and remove a device client group’s authorization to an entitlement. -
/organizations/{orgId}/client-groups/{groupId}/consumed-entitlements
: Retrieve entitlements that a device client group is authorized to access licenses from, and replace the entitlements that a device client group is authorized to access. -
/organizations/{orgId}/client-groups/{groupId}/consumed-entitlements/{entId}
: Add authorization to an entitlement for a device client group, and remove the authorization to an entitlement from a device client group.
-
-
Additions and changes related to deactivating (suspending) and activating licenses:
-
For organization licenses:
-
The
/organizations/{orgId}/license-transactions/{transactionId}/cancel
endpoint has been replaced with/organizations/{orgId}/license-transactions/{transactionId}/suspend-licenses
, which deactivates the organization licenses that were created with a specific transaction. -
A new endpoint
/organizations/{orgId}/license-transactions/{transactionId}/resume-licenses
is available for for activating the suspended organization licenses related to a specific transaction.
-
-
For personal licenses:
-
The
/users/{userId}/license-transactions/{transactionId}/cancel
endpoint has been replaced with/users/{userId}/license-transactions/{transactionId}/suspend-licenses
, which deactivates the personal licenses that were created with a specific transaction. -
A new endpoint
/users/{userId}/license-transactions/{transactionId}/resume-licenses
is available for for activating the suspended personal licenses related to a specific transaction.
-
-
Bug fixes:
-
User profile data has new
validFrom
andvalidUntil
fields that indicate the validity of a user profile. -
Querying the user’s license usage now correctly returns also the user’s email address.
Other:
- The
version
query parameter has been removed from the/users/{userId}/available-licenses
endpoint for querying a user’s available licenses, because it is not yet fully supported.
10Duke SysAdmin
Enhancements:
Bug fixes:
-
Creating a new client role no longer fails with an error.
-
Other minor fixes.
10Duke OrgAdmin
Enhancements:
-
There’s a new configurable filter options menu available in the user, invitation, and license tables for filtering items by status. All the filters can be configured to be on or off by default, or filters can be disabled to remove them from the view.
-
The invitation table has new columns that display the start and end dates of the invitation validity. Like other columns, they can be configured to be shown or hidden by default, or disabled to remove them from the view.
-
A new status “Expired” is now used for invitations that are no longer valid and haven’t been accepted, declined, or revoked.
Bug fixes:
-
The license table now correctly shows the total number of seats as unlimited when applicable, instead of showing an empty value.
-
Fixed resolving the license model as floating or named.
-
Improved the data loading of licenses.
-
Minor fixes.
10Duke Login Application
Bug fixes:
- Overriding flow default setting for grant refresh token allowed confidential clients to refresh token without providing the client secret.
Release 3.27.2
Release date: June 27, 2023
10Duke Login Application
Bug fixes:
-
User agreement acceptance bug fixes.
-
Other minor fixes.
Release 3.27.1
Release date: June 9, 2023
The release includes minor security improvements. We recommend updating to this release.
10Duke Entitlement Management REST API v2.3.0
Bug fixes:
- License seat assignments are now correctly returned when retrieving a user’s available licenses (GET
/users/{userId}/available-licenses
).
10Duke OrgAdmin
Bug fixes:
- Minor fixes.
10Duke Login Application
Bug fixes:
- Changing the language no longer requires the user to accept user agreements again.
Release 3.27.0
Release date: June 5, 2023
10Duke Identity Management REST API v1.7.0
Enhancements:
-
When retrieving a user’s user groups (GET
/users/{userId}/organization-groups
), you can use the new query parameterorganizationId
to limit the query to a specified organization’s user groups. -
The API operation for retrieving permissions (GET
/permissions
) provides a new query parameterdomain
. By specifyingdomain=organization
, you can limit the query to permissions that are used in the organization domain and can be managed by 10Duke OrgAdmin users. -
API reference documentation improvements
Bug fixes:
- Minor fixes.
10Duke Entitlement Management REST API v2.2.0
Enhancements:
-
New API operations for retrieving information on product packages:
-
GET
/products
for retrieving product packages. You can filter the query based on the full or partial name of the product package. -
GET
/products/{productId}
for retrieving a product package based on the product package ID.
-
-
Retrieving the licensed items in a product package (GET
/products/{productId}/product-items
) now also returns the names of the licensed items. The fields that contain information on the allowed versions of the client application have also been renamed asallowedVersions
andallowedVersionsDescription
. -
A new operation GET
/users/{userId}/license-usage/
is available for querying the license usage of a specific user. The response contains information on the licenses that the user is currently consuming or has a seat reservation for.
Bug fixes:
-
When retrieving a user’s available licenses (GET
/users/{userId}/available-licenses
), theonlyValidLicenses
query parameter now correctly filters out also invalid licenses. -
Updated permissions required for calling GET
/users/{userId}/available-licenses/
to query a user’s available licenses. -
Session anchors are now correctly returned in the response when retrieving the current usage of a license (GET
/organizations/{orgId}/entitlements/{entId}/licenses/{licenseId}/usage
).
10Duke SysAdmin
Enhancements:
-
You can now define a connection to a client application using the OAuth client credentials grant flow with the new Client Credentials Grant option in Allowed OAuth 2.0 flow.
See how to define a connection in SysAdmin and how to implement the connection in your client application using this flow.
For background, see information on the supported authentication flows.
-
When you add licensed items to a product package, they are now by default set to use the same license model as the product package. Like before, you can select a different license model per licensed item in their settings.
Editing the product package also provides a new feature where changing the license model at the product package level prompts you to choose whether to apply the same license model change to all the licensed items as well.
-
The Entitlement dashboard has a new look and feel and the displayed data has been updated.
-
In IDENTITY > Organizations, you can now search an organization’s invitations by the recipient email.
-
In IDENTITY > Organizations, the obsolete Settings tab for an organization has been removed.
Security:
- The version includes minor security improvements. We recommend updating to this version.
Bug fixes:
-
When you’re granting use time for a license in seconds, the granted time is now calculated correctly in seconds instead of milliseconds.
-
In ROLES AND PERMISSIONS > Organization roles, the search now works correctly when using uppercase letters.
-
In IDENTITY > Federation, the client key in the table now has the correct label Client key.
-
Other minor fixes.
10Duke OrgAdmin
Enhancements:
-
The OrgAdmin user can now hide inactive and invalid licenses in views that list licenses.
-
The OrgAdmin user can now also specify the allowed software version when they download a license token. If you want this feature enabled, contact the 10Duke Integration Support team.
-
The license management view now shows a license with status “Scheduled” if the validity start date is in the future.
-
OrgAdmin now autodetects the user’s language based on the browser settings, if the language isn’t requested as part of the URL and the user hasn’t selected a preferred language in OrgAdmin. The autodetection is by default enabled in your 10Duke Enterprise configuration. Contact the 10Duke Integration Support team if needed.
OrgAdmin also now stores the user’s selection of the preferred language in the browser and remembers the selection for future sessions.
-
Improved the error message when the OrgAdmin user tries to release a seat reservation and the license model doesn’t allow it.
Security:
-
Breaking: The OAuth flow used for OrgAdmin access has been changed from the implicit grant flow to the authorization code grant flow with Proof Key for Code Exchange (PKCE).
Note: Make sure to update the authentication flow of your OrgAdmin client application in SysAdmin: if Allowed OAuth 2.0 flow is set to Implicit Grant, change the value to Authorization Code Grant with PKCE.
Bug fixes:
-
Consumption data is now correctly displayed for licenses that are being consumed.
-
Other minor fixes.
10Duke Login Application
Enhancements:
-
Support added for using the OAuth client credentials grant flow when connecting to client applications. You can use this flow when your client application doesn’t involve any user, for example, with integrations or device-based licensing.
See how to define a connection to a client application on the SysAdmin side and how to implement the connection in your client application using this flow.
For background, see information on the supported authentication flows.
-
Support added for sending events to AWS Kinesis Firehose.
Bug fixes:
- Minor fixes.
Release 3.26.0
Release date: May 2, 2023
10Duke Login Application
Enhancements:
-
Support added for the OIDC
login_hint
parameter for client applications and external identity provider redirects.This allows the party requesting authentication to provide the user’s email address in the
login_hint
parameter, and the system providing the authentication service can use it to automatically populate the email address field so the user doesn’t have to fill it in again.The parameter is not available for JWT bearer token authorization grant and password grant flows. The parameter can also be used by client applications authenticating using SAML.
-
Support added for a
flow
parameter for client applications requesting authentication using OIDC and SAML. (Not available for the JWT bearer token authorization grant and password grant flows.)This allows the client application to request whether to open the login or registration page for the user. If not specified, the login page is opened.
Bug fixes:
-
Fixed a client login redirect loop when the client application’s OIDC connection in SysAdmin has an incorrectly configured login callback URL.
-
If the user has logged in with SAML using an external identity provider, and they are then logged out from the identity provider as part of a single logout (SLO) process started from the client application, the user is now correctly redirected back to the client after the logout instead of the 10Duke Enterprise login page.
-
Fixed the performance of agreement handling in larger user databases.
Release 3.25.1
Release date: April 19, 2023
10Duke Login Application
Bug fixes:
- A fix related to the login session not being cleared correctly when removing authentication by an external identity provider.
Release 3.25.0
Release date: April 14, 2023
10Duke Identity Management REST API v1.6.3
Enhancements:
- The
recipientIsNewUser
field in user invitations has been deprecated. ThememberStatus
field is used instead to indicate if the user is a new user.
10Duke Entitlement Management REST API v2.0.0
Enhancements:
-
Breaking: The schema of effectiveLicenseModel has changed. If the
includeEffectiveModel
parameter is included on the client side, the schema must be regenerated for client-side validation. -
The
includeEffectiveModel
query parameter can be used to include license model details in the response for the following operations that return licenses:-
Get the licenses available to a user (GET
/users/{userId}/available-licenses
) -
Get the current usage of a license (GET
/organizations/{orgId}/entitlements/{entId}/licenses/{licenseId}/usage
) -
List the licenses in an entitlement (GET
/organizations/{orgId}/entitlements/{entId}/licenses
) -
Move a license to another entitlement (PUT
/organizations/{orgId}/entitlements/{entId}/licenses/{licenseId}/move/{destEntId}
)
-
-
GET
/users/{userId}/available-licenses
also provides a newonlyValidLicenses
query parameter for filtering out expired and invalid licenses.
Security:
- The version includes minor security improvements. We recommend updating to this version.
Bug fixes:
- Minor fixes.
10Duke SysAdmin
Enhancements:
- The Identity dashboard has a new look and feel and the displayed data has been updated.
Bug fixes:
- Minor fixes.
10Duke OrgAdmin
Enhancements:
- Updated to take into use the Entitlement Management REST API v2.0.0.
10Duke Login Application
Enhancements:
-
The user cannot skip optional agreements anymore, they have to either accept or decline them.
-
If you have implemented your own custom Login Application, you can now request data from 10Duke Enterprise on how the user has handled the user agreements. For information on custom implementations, contact the 10Duke Integration Support team.
-
When external identity providers are used for user authentication, your client application is now able to request which specific external identity provider the authentication request should be redirected to. This requires an update in your system configuration. Contact the 10Duke Integration Support team for more information.
Security:
- The version includes minor security improvements. We recommend updating to this version.
Bug fixes:
-
The JWT bearer token authorization grant flow didn’t allow multiple values in the ID token’s
aud
claim. -
Fixes related to user agreements.
Release 3.24.4
Release date: March 21, 2023
10Duke Login Application
Enhancements:
-
Support added for prompting the user to accept required and optional agreements (for example, terms and conditions, or a newsletter preference) as part of the registration flow.
-
Support added for prompting the user to accept new, updated, or pending agreements as part of the login flow.
-
Support added for end users to view and manage their consent to agreements in the User Profile views.
-
Added an I have already validated my email button to enable the user to continue from the the email validation screen. This is to better support use cases where the user validates their email address, for example, using a different browser from the one where they started the registration and email validation process.
-
When customizing the Login Application UI, you can now enable or disable all animations.
-
The user can now toggle the visibility of their password input in different views, for example, during registration or when resetting their password.
Bug fixes:
- Minor fixes
Release 3.24.3
Release date: March 9, 2023
The release includes minor security improvements. We recommend updating to this version.
10Duke Identity Management REST API v1.6.2
Enhancements:
- If you create a new organization role using the createOrganizationRole operation (POST
/organizations/{organizationId}/organization-roles
) and useimpliedOrganizationRoleId
to grant permissions based on an implied role, you can now also specify an organization role ID, and not only a template ID.
10Duke SysAdmin
Enhancements:
-
You can now also include the software version information before downloading a license token.
-
When changing the allowed versions for an organization’s license, the dialog also now allows editing the display name for the versions.
Bug fixes:
-
You can no longer create a product package with a name or display name that only contains whitespaces. Any leading and trailing whitespaces are also now removed from the values.
-
Other minor fixes
Release 3.24.2
Release date: February 28, 2023
10Duke Login Application
Enhancements:
-
When the user logs out in one browser window, they’re now automatically logged out also in the other windows they have open.
-
Updated UI translations to fully cover all supported languages.
10Duke OrgAdmin
Enhancements:
-
When the user logs out in one browser window, they’re now automatically logged out also in the other windows they have open.
-
The option to download a license token is now enabled for all valid licenses and users. Earlier the logic that determined when a license token download can be attempted was linked to license seat availability, which includes seat reservations. This meant that when no seats were available, you were unable to download a license token for a user who had a seat reservation.
-
If a user group is deleted, a user’s seat reservations are now released for the licenses they lose access to.
-
Updated UI translations to fully cover all supported languages.
Bug fixes:
-
Fixed issues with updating user listings after a user has been removed from an organization as a result of an API call.
-
Small bug fixes, and some updates related to deprecated dependencies.
Release 3.24.1
Release date: February 3, 2023
10Duke SysAdmin
Bug fixes:
- This release fixes a number of small bugs
Release 3.24.0
Release date: January 26, 2023
10Duke Identity Management REST API v1.6.1
Enhancements:
- Extended the
/organizations/organization-setup
operation to support the creation of a default Entitlement and related LicenseConsumerRelations.
Bug fixes:
-
A success response not specified for the
getOtpCredential
operation. -
QR code expansion fails with the
createOtpCredential
operation. -
Updating the email value of an existing user using the
/users/import
operation with the parameter"allowUpdateExisting": "true"
returns"error": "resource_already_exists"
. The error response has been updated to"error": "invalid_argument"
with"error_description": "Cannot change email address using this API"
, because this operation doesn’t allow updating the user’s email. Use the user operation/user/changeEmail
instead.
10Duke Entitlement Management REST API v1.3.0
Security:
- The release includes minor security improvements. We recommend updating to this version.
10Duke SysAdmin
Bug fixes:
- Editing the name of an organization group on the entitlements page cause the group to be deleted.
Release 3.23.4
Release date: January 18, 2023
10Duke SysAdmin
Bug fixes:
- Fixed a multiselect error on the organization licenses page.
Release 3.23.3
Release date: January 11, 2023
10Duke Login Application
Bug fixes:
- Fixed an issue with an unconfigured redirect URI error handling for the PKCE flow.
Release 3.23.2
Release date: January 4, 2023
10Duke SysAdmin
Bug fixes:
- Fixed how the partial search works on the users page.
Release 3.23.1
Release date: January 2, 2023
10Duke Login Application
Enhancements:
-
Updated the build target from Java 8 to Java 11.
-
The
insufficient_authentications
error allows continuing the user login after authentication has been completed. -
Added OpenAPI info.
-
Disabling the access token request rate limiter doesn’t work. Improved the parsing of invalid redirect URIs when using wildcards for the port number.
-
Update
json-path
to version 2.7.0. -
Added support for alternative emails and changing the login email.
-
Added version information to build output.
-
Added a runtime API version compatibility check.
-
Added a spinner for external redirects.
-
Added error handling to login.
-
Added configurable auto logout for idle users.
-
Blocked external redirects for login processes where the browser is switched mid-process.
-
Improved the usability in email validation.
-
Updated the configuration version and added configuration version migration.
-
Updated the German translation.
-
Moved the monospace font to the branding CSS.
Security:
- The release includes minor security improvements. We recommend updating to this version.
Bug fixes:
-
Logout from the profile page with a federated login if no single sign-out URL has been configured.
-
A GET request to resource owner password grant exposes the stack trace.
-
NPE with invalid
device_code
when accessing the OAuth 2.0 token endpoint. -
Fixed the UI for resetting the password when already logged in.
-
Fixed an issue with a page not found route.
-
Fixed issues with sourcemaps.
-
Fixed page transition animations.
-
Fixed issues with invitations.
Release 3.23.0
Release date: January 2, 2023
10Duke Identity Management REST API
Enhancements:
-
Support for reservation cleanup when deleting organization groups.
-
jaxb-api
dependency convergence (Java 11 update). -
Updated the build target from Java 8 to Java 11.
-
Updated the user-group connection deleting operations to return a flag if no more groups within the organization are left.
-
Invitations were unusable if
validFrom
was left out of invitations.
Security:
- The release includes minor security improvements. We recommend updating to this version.
Bug fixes:
-
Empty sections by tag in the OpenAPI spec.
-
Updating the user’s phone number with
/organizations/{organizationId}/users/import
failed.
10Duke Entitlement Management REST API
Enhancements:
-
jaxb-api dependency convergence (Java 11 update).
-
Updated the build target from Java 8 to Java 11.
Security:
- The release includes minor security improvements. We recommend updating to this version.
Bug fixes:
-
DELETE
/api/entitlement/v1/management/permission-cache
was broken. -
Updating the user’s phone number with
/organizations/{organizationId}/users/import
failed.
10Duke SysAdmin
Enhancements:
-
Updated the build target from Java 8 to Java 11.
-
Updated the Personal Entitlements label to singular form.
-
Changed the applicable dialogs to modal.
-
Fixed inconsistencies in error messages and certain UI items.
-
Added a warning message when changing Name of a licensed item.
-
Renamed the internal role GinOverGin to Super Admin in the SysAdmin configuration setup.
Bug fixes:
-
The organization invitation dialog doesn’t shown a confirmation after saving.
-
Fixed the select all text alignment in the invite member dialog.
-
Incorrect character in the select internal roles dialog.
-
The code dialog shakes on error.
-
A duplicate error on the licensed items page.
-
The organization group create dialog doesn’t show an error inside the dialog.
-
Multiple error messages were shown when editing OIDC provider.
-
A floating license model opens on the last page when creating a model for the second time.
-
The create organization role dialog closes on error.
-
The organization role template dialog closes on error.
-
The organization entitlements/set allowed versions dialog doesn’t work.
-
Corrected the dialog title when adding use count to a license.
-
A duplicate error message when adding an organization role template with an empty name.
-
Clear selection count is not cleared after removing licensed items.
-
Exception when trying to create a licensed item with an already existing name under a product package.
-
The Title field is empty for other OIDC/SAML providers if emptying the field and changing the provider.
-
Activation Code Configuration - Assign Organization dialog sizing enhanced.
-
The Name field is empty for other packages if emptying the field and changing the package.
-
Error when changing an internal role’s name to an already existing name.
-
Error when changing a product package name to an already existing name.
-
Error when changing a licensed item’s name to an already existing name.
-
Error when adding an internal role with an already existing name.
-
Error when trying to create a product package with an already existing name.
-
Error when adding an organization custom property twice with the same key.
-
Error when adding a user custom property twice with the same key.
-
Error when trying to add a client role that already has been added.
-
Enforce product package validity when it comes to granting licenses.
-
Don’t allow only whitespace in the licensed item name and display name.
-
Deleting all organization user groups fails.
-
The organization name link in organization_manage_groups view not working as expected.
-
The product packages/change license model doesn’t clear references.
-
The Product Configuration > License Models > Create/edit license model dialog doesn’t scroll.
-
The organization creation should use a different service.
-
A seat remains reserved when an organization group is removed.
-
Organization Role details - Organization field should be read-only.
-
The details view not closed when saving an edited licensed item.
-
An organization cannot be deleted if it has at least one device group.
-
Cannot filter or sort client app roles in the User > Client App Roles > Add view.
-
The date picker widget moves down from the input field when navigating from one month to another.
-
Switch to use allowedVersions defined in license credit.