Release notes

Learn about new features, enhancements, and fixed issues in the most recent 10Duke Enterprise releases.

---

Release 5.3.0

Release date: April 2, 2024

This release provides support for trial abuse prevention, which enables you to prevent a customer from using the same trial license repeatedly on the same device. The feature introduces a new license model constraint and the ability to define a lock scope when provisioning trial licenses. See more about the trial license constraint.

The release includes minor security improvements. We recommend updating to this release.

10Duke Identity Management REST API 2.1.1

Bug fixes:

• Fixed examples in API reference documentation that use the application/x-www-form-urlencoded content type.

10Duke Entitlement Management REST API 3.2.0

Enhancements:

• To support trial abuse prevention, when provisioning organization licenses or personal licenses you can use the new lockScope field to specify a lock scope for a (trial) license.

Bug fixes:

• Fixed an error that could cause retrieving a user’s license usage to fail if the user had old license assignments.

10Duke Login Application

Enhancements:

• Updated UI translations to fully cover all supported languages.

10Duke SysAdmin

Enhancements:

• You can now define a validity end date for an invitation to a user or device client, after which the invitation can no longer be accepted (or declined).

• In the settings of a license provisioning configuration for activation code-based licensing, the field for defining a validity time for the provisioned licenses is now more clearly labeled as License validity period.

Bug fixes:

• When changing the credit of a license (the number of seats, use count, or use time), the credit can no longer be changed to a value lower than zero.

• You can now select multiple users for removing them from a user group.

• Fixed occasional page rendering issues when creating or viewing SAML external identity provider connections.

• In Response attributes of a SAML external identity provider connection, cleaned up unsupported values from the menu for defining the source data for a mapping.

• Other minor fixes.

10Duke OrgAdmin

Enhancements:

• Updated UI translations to fully cover all supported languages.

• Fixed a styling issue caused by long words in Dashboard card titles and sidebar navigation items.

• Fixed a styling issue in notifications when the UI is displayed in dark mode.

Other changes

Enhancements:

• To support trial abuse prevention, a license model supports a new constraint ConsumptionLockConstraint. The constraint can be used for creating a locking that ties a (trial) license to the hardware ID of the device on which the license is first consumed.

• Other minor fixes.

Release 5.2.1

Release date: March 21, 2024

Bug fixes:

• Fixed an error that created extra license leases if the license model’s ConcurrentSessions had an anchor set in sessionAnchors and LeaseTrackingMode was not set. This could result in the user not being allowed to release the consumed license seat.

• Fixed an error where if the license consumption request specified licenseId and the user or device client had access to the specified license, license consumption was allowed even if the license didn’t allow consuming the requested licensed item.

• Fixed an error that could cause the maxConcurrentSessionsExceed error to be returned if the license model had the number of concurrent license sessions allowed set to a value greater than 2.

• Related to the 5.0.0 fix on storing the hardware name in the license consumption request in rare cases where the same hardware ID is used by two different devices, maxConcurrentSessionsExceed errors may occur during the migration period, the length of which depends on the maximum lease time.

• The 10Duke Identity Management REST API now correctly sends events when a user is created, updated, or deleted, a user’s password is created or changed, or two-factor authentication (2FA) is activated or deactivated for a user.

• Performance improvements in the 10Duke License Consumption API.

• Other minor fixes.

---

Release 5.2.0

Release date: March 6, 2024

The release includes minor security improvements. We recommend updating to this release.

10Duke Entitlement Management REST API 3.1.0

Enhancements:

• The License object, returned by API operations such as listing an organization entitlement’s licenses, contains a new properties object that contains any additional license properties defined for the license.

• Added Cache-Control headers for responses that should not be stored by intermediate caches.

10Duke Login Application

Bug fixes:

• A fix in applying only the UI languages allowed by the deployment configuration.

• The Login Application now correctly sends an event when an invitation is accepted or declined.

10Duke SysAdmin

Bug fixes:

• Fixed an error in saving changes to the permissions of a role or an organization role template.

• The creation of product packages is now disabled if no license models have been created.

• Fixed missing labels in the column selection menu in the product package and licensed item tables.

• In Activation code configurations, the button for removing the association to an organization is now labeled Remove organization.

• Other minor fixes.

Other changes

Enhancements:

• When requesting to consume a license or to renew a lease through the 10Duke License Consumption API:

  • The request supports a new ownerUserId parameter for specifying a user ID to only consume that user’s personal licenses, if multiple license options are available for the requested licensed item.

  • When the request only specifies only one licensed item, the request can now specify the ownerOrganizationId parameter at the request level, in the same way as the entitlementId and licenseId parameters.

---

Release 5.1.0

Release date: February 21, 2024

The release includes minor security improvements. We recommend updating to this release.

10Duke Login Application

Enhancements:

• The <locale> in the URL now supports International Components for Unicode (ICU) locales. See more on Login Application localization.

Bug fixes:

• Fixed an issue that caused the registration page to not display the postal code field even if it was enabled.

• Other minor fixes.

10Duke SysAdmin

Bug fixes:

• Performance improvements in page loading when there’s a large number of licenses.

• The External identity providers table is now automatically refreshed after creating a new external identity provider.

• Trying to create a custom license model with incorrect JSON formatting no longer saves the erroneous license model.

• Improvements to error messages.

• Improved error handling in the case of a duplicate value for Identity provider name ID (OIDC) or Identity provider ID (SAML) for external identity providers.

• Other minor fixes.

10Duke OrgAdmin

Enhancements:

• The <locale> in the URL now supports ICU locales. See more on OrgAdmin localization.

• An apostrophe ' and a grave accent (backtick) ` are now allowed characters in email addresses. Single quotation marks ‘ and ’ are not allowed.

• The description of a user group or a device client group is now an optional field.

Bug fixes:

• Clicking a column header no longer prevents clicking links in the column.

• Releasing a license lease in the Usage dialog no longer opens a blank page.

• Other minor fixes.

Other changes

Bug fixes:

• Fixed support for using LicensedItem as a leaseAnchors value in the license model’s ConcurrentSessions constraint.

• Fixed the handling of license overusage for use count based licenses based on the license model’s UtilizationConstraint.

• The license consumption error unallowedClientVersion now correctly returns also the allowed version range for the license.

• The locale tag “no” is now accepted.

• The Graph API QueryLicenseUsage now correctly returns HTTP error 500 for use time and use count licenses.

• Other minor fixes.

---

Release 5.0.0

Release date: February 6, 2024

10Duke is pleased to announce the new major release 5 for 10Duke Enterprise, which introduces:

• A great collection of new features and improvements in functionality, including:

  • Full support for device licensing in 10Duke Enterprise, including REST API, 10Duke SysAdmin, and 10Duke OrgAdmin features for inviting device clients and authorizing their access to licenses using groups.

  • Support for defining additional license properties during license provisioning and extending the claims in the JWT token to include them.

  • License consumption information included on the license lists in SysAdmin.

• Significant changes that break compatibility with the previous major releases, including changes in API endpoints.

  Please review the release notes marked with the Breaking label.

• A 10Duke SysAdmin version that provides significant improvements to overall consistency in user experience and application stability.

• An 10Duke OrgAdmin version with UI themes updated to Bootstrap 5, offering easier and more extensive possibilities for UI customization.

• Bug fixes and performance related improvements.

Check out the comprehensive list of breaking changes and new features under each solution component below.

10Duke Identity Management REST API 2.1.0

Enhancements:

• New endpoints for managing the association of device clients with device client groups:

  • /clients/{clientId}/client-groups: Retrieve the client groups that a client belongs to, add or remove a client to or from client groups, and replace the client groups that a client belongs to.

  • /clients/{clientId}/client-groups/{groupId}: Retrieve a client group that a client belongs to, and add or remove a client to or from a client group.

• To support use cases where a new user account is created in the system with no password defined, the API provides new features for sending the user an email that requests them to activate their user account by setting a password:

  • New query parameters activationMessage and activationUrl for sending an account activation email when creating a user, importing users to the system, or importing users to an organization

  • A new API operation POST /users/{userId}/send-activation for just sending the account activation email

  When the user clicks the link in the email, this opens the account activation page in 10Duke Enterprise where the user defines a password for themselves. After this, the user is sent a confirmation email about setting the password.

  Two new email templates are available for customizing the content of the emails.

  See example usage of the feature when creating a new consumer customer.

• A new API operation POST /users/byEmail for retrieving a user based on the primary contact email address in their user account. (This email address is typically the same as the email address used as the username, if 10Duke Enterprise is used for user authentication.)

• When updating a user’s details, you can no longer change the user’s email address if it has been validated.

• Breaking: Consolidated the API endpoints for retrieving user invitations based on invitation status.

  • The GET /organization-group-invitations and GET /user-invitations API operations provide a new invitationState query parameter to allow filtering the results based on invitation status.

  • The specific API endpoints for retrieving user invitations by status have been removed:

    • Removed endpoints for invitations to join an organization: /organization-group-invitations/open, /organization-group-invitations/accepted, /organization-group-invitations/declined, /organization-group-invitations/revoked

    • Removed endpoints for invitations to sign up: /user-invitations/open, /user-invitations/accepted, /user-invitations/declined, /user-invitations/revoked

• Breaking: In API operations related to organization and user invitations, the invitationState field includes a new value open that applies to invitations that haven’t been accepted, declined, or revoked.

  The values created, updated, and deliveryRequested have been removed.

• Breaking: The memberStatus field and the deprecated recipientIsNewUser field have been removed from the UserInvitation and OrganizationGroupInvitation resources.

  10Duke Enterprise now resolves internally whether a user is a new or existing user when an invitation is sent, and this information is no longer returned by API operations.

Bug fixes:

• Setting up a new organization now returns the details of the created “employees” group even when createDefaultEntitlement is set to false.

• Retrieving an organization’s client group invitations (list and read) now correctly returns only the specified organization’s invitations.

• Retrieving or replacing user or organization properties now correctly returns only the fields key and value.

• Fixes in the API reference documentation related to inherited permissions in organization roles. Also added information on the possibility to use the organization role designator in place of the ID in certain API operations.

• Other minor fixes.

10Duke Entitlement Management REST API 3.0.0

Enhancements:

• A new endpoint /organizations/{orgId}/entitlements/{entId}/consuming-clients for querying which device clients have access to the licenses in a specific entitlement.

• The license transaction item provides a new licenseProperties object that can contain additional license properties for the licenses in that transaction.

  This allows you to attach your own custom metadata to licenses when provisioning or updating them, and to retrieve the license properties related to licenses in a transaction.

  The properties are defined as name-value pairs. The API client is responsible for defining and managing the property name namespace.

  To enable the license property feature in your deployment configuration, contact the 10Duke Integration Support team.

• Breaking: New API endpoints available for managing a user’s or device client’s assignments for a license:

  • Make a seat reservation:

    PUT /organizations/{orgId}/entitlements/{entId}/licenses/{licenseId}/users/{userId}/reserve

    PUT /organizations/{orgId}/entitlements/{entId}/licenses/{licenseId}/clients/{clientId}/reserve

  • Block the license:

    PUT /organizations/{orgId}/entitlements/{entId}/licenses/{licenseId}/users/{userId}/deny

    PUT /organizations/{orgId}/entitlements/{entId}/licenses/{licenseId}/clients/{clientId}/deny

  • Reset a user’s or device client’s assignments for a license, which removes their seat reservation or blocking:

    PUT /organizations/{orgId}/entitlements/{entId}/licenses/{licenseId}/users/{userId}/reset

    PUT /organizations/{orgId}/entitlements/{entId}/licenses/{licenseId}/clients/{clientId}/reset

  The API no longer supports setting a validity period for a seat reservation or a blocking, nor making multiple seat reservations for the same license for a user or device client.

  The following API operations have also been deprecated:

  • PUT /organizations/{orgId}/entitlements/{entId}/licenses/{licenseId}/users/{userId}/assignments

  • PUT /organizations/{orgId}/entitlements/{entId}/licenses/{licenseId}/clients/{clientId}/assignments

• The License object, returned by API operations such as listing an organization entitlement’s licenses, contains new credit-related fields:

  • useCountConsumed and useCountTotal that specify the use count consumed from the license and the total use count granted in the license.

  • useTimeConsumed and useTimeTotal that specify the use time consumed from the license and the total use time granted in the license.

• Breaking: In the queries for available licenses for a user or device client, the product parameter has been renamed as licensedItemName to clarify that it specifies a licensed item.

• Breaking: Queries for available licenses for a user or device client now by default ignore licenses that have expired over one year ago (365 days).

  If you wish to change the threshold in your deployment, contact the 10Duke Integration Support team.

• Breaking: The TechnicalActor object is no longer available in the API.

• Breaking: The includeCredits parameter has been removed from API operations that list an entitlement’s licenses, move a license to another entitlement, and query available licenses for a user or a device client. The operations now always return all license credit information.

• Operations that return license owner or license consumer data include a new objectType field that defines the type of the license owner or license consumer.

• Breaking: The objectType field that specifies the type of credit has been removed from license credit resources.

• Breaking: Unified operation IDs related to license provisioning API operations:

  • New operations IDs for the API operations for suspending and resuming licenses: suspendOrganizationLicenses, resumeOrganizationLicenses, suspendUserLicenses, and resumeUserLicenses.

  • New operation IDs for the API operations for provisioning, updating, and retrieving organization licenses: processOrganizationLicenseTransaction, updateOrganizationLicenseTransaction, and getOrganizationLicenseTransaction.

• Documentation improvements in the API reference.

Bug fixes:

• Fixed an issue that prevented creating a seat reservation to a license that has a version constraint.

• Other minor fixes.

10Duke Login Application

Enhancements:

• The link in a device client invitation now opens a browser page that provides instructions for the invitation recipient on how to proceed and connect the device.

  This helps to avoid situations where an email client doesn’t allow opening a link that would use a custom URL scheme for opening the welcome page in your client application. Now the email link opens the redirect page, which displays a link that uses a custom URL scheme defined in your deployment configuration to open the welcome page.

  To customize the page content and configure the custom URL scheme used, contact the 10Duke Integration Support team. See also more information on how to invite device clients.

• Support added for the new user account activation page where a new user can activate their user account by setting a password. See more information on the new account activation features in the Identity Management REST API section above.

• Support added for OAuth token introspection (see RFC 7662) to allow the client application to request additional information on an access token or refresh token granted by 10Duke Enterprise.

• Breaking: When 10Duke Enterprise returns an access token to your client application after authentication, the new refresh_token_expires_in response field contains the amount of time until the OAuth session expires.

  The refreshable_until field that contained the OAuth session expiry has been deprecated. If this legacy field still needs to be returned, contact the 10Duke Integration Support team for a configuration change.

• For added security, the system now informs a user by email about a password change and about two-factor authentication (2FA) being activated for their user account.

  Two new email templates are available for customizing the content of the emails. If you want customizations or wish to disable the emails in your deployment, contact the 10Duke Integration Support team.

• Breaking: The same additional authentication methods are now by default used with the legacy OAuth password grant flow (resource owner password credentials grant) as with other OAuth authentication flows.

  • If a user has two-factor authentication (2FA) enabled (or if 2FA is globally enforced), 2FA is now enforced also when the user is being authenticated with the password grant flow. Because the flow doesn’t support 2FA, authentication will fail in this case.

  • If email verification is enforced in the system, it is now enforced also with this flow, so authentication will fail for users who haven’t verified their email address.

  You can override the additional authentication method configuration for the password grant flow, for example, if 2FA authentication should not be enforced with this flow. For a configuration change, contact the 10Duke Integration Support team.

• The name field is now included in the ID token and the OIDC userinfo response even if the user’s display name is not available. In that case, the field contains the user’s first and last name.

• The ID token header now also includes the typ field that specifies the token type JWT.

• The timestamp of the user’s last login is now updated every time the user receives an access token, instead of only when they have logged in to the Login Application UI.

  This improves, for example, the accuracy in OrgAdmin for showing which users have been active within the past 30 days.

• When a new user has accepted an invitation and registered as a user, the email address they used for the registration is now automatically marked as validated, instead of the user having to take an extra step to validate it.

• Support added for a redirect through 10Duke Enterprise before initiating authentication in order to provide 10Duke Enterprise with the user’s email address and the ID for an external identity provider’s SysAdmin configuration.

Bug fixes:

• Breaking: When a client application connects using the authorization code grant flow with PKCE, if its SysAdmin configuration specifies a client secret, the secret is now correctly required already when requesting an access token, instead of only when requesting the refresh token.

  In most cases, a client secret is not used together with the authorization code grant flow with PKCE. If your client application is using this flow, we recommend that you confirm that you have defined the client secret setting in its SysAdmin configuration correctly for your use case.

• The user’s “remember me” selection now works correctly in redirects.

• Fixed an issue that caused email sending to sometimes fail.

10Duke SysAdmin

Enhancements:

• SysAdmin provides new features to support device-based licensing:

  • You can create and manage device client groups for an organization, and authorize the groups to access the organization’s licenses.

  • You can invite device clients to an organization’s device client groups, and view and manage the device clients.

  • You can reserve and release seats from an organization license also for device clients.

    Releasing all the seats being consumed from an organization license now also releases the seats being consumed by device clients.

• Even if the license model doesn’t allow releasing seat reservations, you can override this restriction and release a seat reservation in SysAdmin if needed, for example, to support a customer who made a wrong seat reservation in OrgAdmin.

  When you’re about to release seat reservations for an organization license, the SysAdmin side panel now shows a notification text if the license model has this restriction, and provides a toggle for overriding it.

• In the organization and personal license tables:

  • The table now also shows either the number of seats in use (seats being consumed and reserved seats) or the use count or use time that has been consumed, depending on the type of credit available in a license.

  • You can view any custom properties that have been created for the licenses through the Entitlement Management REST API.

  • Improvements to viewing the status of the license: The Status icon now indicates if a license is about to expire, its validity start date is in the future, or there is an error in the license’s configuration, and the Active column that indicates if the license is active is now shown right next to Status.

• There’s a new optional Designator field available for organization role templates, which allows you to define a unique identifier for each template, for example, for integration purposes.

• The organization and product package tables now show the unique ID of an organization or a product package and provide a button for copying it. You can also filter and sort each table based on the ID.

• An organization’s device client group table and the details tab now show the unique group ID and provide a button for copying it. You can also now filter and sort the table based on all the column values.

• In the product package table, the Type column is now hidden by default. You can show and hide it from the Columns menu like before.

• The client role table now also displays the OAuth client application, if a client role is set to only apply to that application.

• In the settings of an OAuth external identity provider connection, the Identity provider details tab has a new field OAuth endpoint ID that shows the ID of the identity provider’s configuration in SysAdmin.

• In the settings of both OAuth and SAML external identity provider connections, Assertion consumption mode is now correctly marked as a mandatory field.

• Updated JSON samples available when creating a new custom license model.

• Usability improvements:

  • When you navigate to organization entitlements or to organization roles, the organization selection dialog now opens automatically.

  • You can adjust the column width in tables.

  • When you change how many rows are displayed in a table view, that change also applies in other table views that you navigate to.

  • A confirmation dialog has been added to some actions, such as deactivating or deleting a license, revoking credit from a license, and deleting a role or an organization role template.

  • Label clarifications in the UI.

    Note especially in the left-hand navigation:

    • In IDENTITY, the Single sign-in menu option is now Client applications, and the Federation menu option is now External identity providers.

    • In PRODUCT CONFIGURATION, the License provisioning menu option is now Activation codes.

  • Page titles are now available on all UI pages.

  • Various improvements have been made to input validation and warning messages when creating and editing items in the UI.

• Breaking: In a SAML external identity provider connection, the deprecated Signatures and Encryption sections have been removed.

  The Client identifier field has also been removed from the connection’s client details. The entity ID of 10Duke Enterprise is read from the SAML Service Provider metadata document of your 10Duke Enterprise deployment like before.

Bug fixes:

• Fixed an issue where the dialog for adding licensed items to a product package had items selected based on the previous operation.

• Fixed a pagination issue on the Users page.

  Due to performance reasons, if you have a large number of users and if pagination on the Users page is enabled, the pagination options may now indicate a lower page count than what your actual total number of users is.

• Trying to grant a license without any kind of credit now shows an error message instead of failing with an exception.

• Fixed missing labels in the column selection menu in several UI tables.

• Other minor fixes.

10Duke OrgAdmin

Enhancements:

• Features to support device-based licensing. Now the OrgAdmin user can:

  • Create and manage device client groups for their organization, and authorize the groups to access the organization’s licenses.

  • Invite device clients to their organization’s device client groups, and view and manage the device clients.

  • Reserve, block, and release seats from their organization licenses also for device clients.

• Updated UI themes to Bootstrap 5.

  This also provides easier and more extensive possibilities for UI customization based on Bootstrap 5 themes.

  Note: If you have existing OrgAdmin customizations, these may no longer work after this update.

  Contact the 10Duke Integration Support team if you have existing customizations to be updated or if you want customizations to the new themes provided by this OrgAdmin version.

Bug fixes:

• The license usage dialog no longer shows the features for handling seat reservations when the license has only use count or use time.

• On the license list, the Use time: consumed column now correctly displays the consumed use time.

• The entitlement details dialog now displays correctly all the groups that have access to the entitlement.

• Other minor fixes.

Other changes

Enhancements:

• Changes in license model behaviors and constraints:

  • Breaking: A license model can now restrict license consumption only based on one type of credit, using either SeatCountConstraint, UseCountConstraint, or AggregateUseConstraint.

    If the license model contains a restriction for more than one type of credit, the license consumption request fails with HTTP error 500.

  • Breaking: The AggregateUseConstraint in the license model has a new trackingMode field for enabling or disabling the tracking of license consumption based on use time. The earlier incrementModel field has been removed.

    When tracking is enabled with the TRACK_BY_LEASE value, the aggregation of the use time consumed works in the same way as with the earlier “fair” model that incrementModel provided. The “append” model is no longer available.

    The incrementModel field has also been removed from the LeaseTimeBehavior rule.

  • Breaking: In the ConcurrentSessions constraint in the license model, the name of the additionalAnchors field has been changed to leaseAnchors.

  • License locking is now used by default unless the license model contains the LicenseLockingBehavior rule to disable it.

• Changes in license consumption:

  • The license consumption response now includes a new licenseProperties claim, which returns the license properties defined for the license as custom name-value pairs.

    To enable the license property feature in your deployment configuration, contact the 10Duke Integration Support team.

  • Breaking: License consumption requests now by default ignore licenses that have expired over one year ago (365 days).

    If you wish to change the threshold in your deployment, contact the 10Duke Integration Support team.

• The consumed use count and use time are now included in the license consumption event from the 10Duke License Consumption API.

Security:

• Breaking: When accessing 10Duke Enterprise APIs, the legacy option of providing an OAuth access token as a parameter is no longer supported. See how to provide the access token in a Bearer token authorization header.

Bug fixes:

• A fix in event sending for the 10Duke License Consumption API and Graph API.

• Fixed an issue where all anchors in the license consumption request affected how lease consumption was counted, instead of only using the ones defined in the license model used by the license.

• Fixed a permission issue that could cause a license consumption request for a use count-based license to fail.

• In rare cases where the same hardware ID is used by two different devices, the hardware name provided in the license consumption request is now stored separately for the users, when earlier the same hardware name was stored for both.

• Other minor fixes.

Open issues

• Breaking: In the ConcurrentSessions constraint in the license model, support for the LicensedProcess option was dropped from sessionAnchors.

---

Release 4.0.0 (LTS)

Release date: October 25, 2023

This is the first 10Duke Enterprise release labeled LTS, which stands for Long Term Support. Releases labeled LTS will be supported and maintained with security updates and bug fixes over an extended period over regular releases. This release will be supported until October 2026.

See patch release notes for release 4 on that release’s documentation site.

10Duke Identity Management REST API v1.10.0

Enhancements:

• API definition migrated to OpenAPI 3.

10Duke Entitlement Management REST API v2.9.2

Enhancements:

• A new endpoint /organizations/{orgId}/entitlements/{entId}/consuming-users for querying which users have access to the licenses in a specific entitlement.

• Documentation improvements in API reference.

Bug fixes:

• Deleting an organization now correctly deletes also all the information on the license transactions related to the organization’s licenses.

• When provisioning a new license, the id value for the transaction or a transaction item wasn’t stored if it was provided in the API request, and the system generated an ID instead.

• In provisioning operations, the processed timestamp was not generated for a license transaction even if it was not provided in the API request.

10Duke Login Application

Security:

• The version includes minor security improvements. We recommend updating to this version.

10Duke SysAdmin

Enhancements:

• In the user’s account details, the Active license leases tab has a new column that shows the name of the hardware that the lease applies to.

Security:

• The version includes minor security improvements. We recommend updating to this version.

Bug fixes:

• An organization’s “employees” user group is no longer automatically granted access to a new entitlement.

• The Release seat feature for an organization license only released one seat reservation if the user had multiple ones.

• An entitlement’s license list didn’t show allowed versions for a license with use count that had been granted using SysAdmin.

10Duke OrgAdmin

Bug fixes:

• Minor fixes.

Other changes

Bug fixes:

• Breaking: The 10Duke License Consumption API and Graph API operations now correctly return HTTP error 401 Unauthorized when the request is unauthorized, instead of a successful response 200.

  If needed, the earlier behavior can be restored by a configuration change in your 10Duke Enterprise deployment. Contact the 10Duke Integration Support team.

---

Release 3.30.1

Release date: April 8, 2024

The release includes minor security improvements. We recommend updating to this release.

---

Release 3.30.0

Release date: October 9, 2023

10Duke Login Application

Enhancements:

• 100% localization in all supported languages.

• The base font has been updated to Source Sans 3 (sans-serif).

10Duke OrgAdmin

Enhancements:

• 100% localization in all supported languages.

• The base font has been updated to Source Sans 3 (sans-serif).

---

Release 3.29.1

Release date: September 29, 2023

This release provides backend fixes:

• A fix in event sending: read events were sent even when not enabled in the deployment configuration.

• Releasing a seat reservation now correctly releases also a blocking made for the seat.

---

Release 3.29.0

Release date: September 15, 2023

10Duke Identity Management REST API v1.8.1

Enhancements:

• New configurations to control how user data can be queried from the system:

  • The maximum number of users who can be retrieved with a single query is now configurable. The default limit is 250.

    If the API request’s limit header parameter exceeds the configured value, an error is returned.

  • There is also a configurable maximum user count up to which users can be queried. The default limit is 5000.

    For example, if the API request’s limit header parameter is set to 250 and offset to 4750, the request is allowed, because the last returned user is the 5000th in the sorting order. If you increase the offset value, the last returned user goes past the 5000 limit and an error is returned.

  If you need configuration changes, contact the 10Duke Integration Support team.

• Improvement in the event sending configuration. If event sending is currently enabled in your 10Duke Enterprise deployment, now events will be sent also from the Identity Management REST API.

• API reference documentation improvements

10Duke Entitlement Management REST API v2.8.0

Enhancements:

• A new endpoint /organizations/{orgId}/entitlements/{entId}/licenses/{licenseId}/clients/{clientId}/assignments for managing seat assignments for a device client (assign or release a seat reservation, or block or unblock a license) and for retrieving a device client’s assignments.

  This enables the use of license models with named seats for device clients.

• A new endpoint /clients/{clientId}/available-licenses for retrieving the organization licenses that a device client is authorized to use.

• A new endpoint /clients/{clientId}/license-usage for retrieving the licenses that a device client is currently consuming or has a seat reservation to.

• The following keywords are now supported in path parameters when making API requests for the current user or device client:

  • me in place of a user ID, as in /users/me/available-licenses

  • this in place of a client ID, as in /clients/this/license-usage

• When retrieving the license usage of a user or a device client, the response now also contains the client application version of the license lease.

• Improvement in the event sending configuration. If event sending is currently enabled in your 10Duke Enterprise deployment, now events will be sent also from the Entitlement Management REST API.

10Duke SysAdmin

Enhancements:

• Backend support for device licensing in SysAdmin.

• The users table now also displays the unique ID of the user, which is needed in the API path when calling some of the 10Duke API endpoints. You can show and hide the column from the Columns list, and filter the table based on the ID.

• Improvement in the event sending configuration. If event sending is currently enabled in your 10Duke Enterprise deployment, now events will be sent also from SysAdmin.

10Duke OrgAdmin

Enhancements:

• The OrgAdmin user can now release a user’s license leases for licenses they are currently consuming. If they’re removing a user from the organization using the Remove from organization feature, they can also select whether to release that user’s license leases to the organization’s licenses.

  Releasing a license lease may be useful with seat-based licenses, for example, if there’s a need to make a seat available to other users. With licenses that have either use count or use time credit, releasing an active license lease doesn’t impact the license availability, and no credit is returned.

  In the same way as when releasing a license lease using SysAdmin, the client application is able to continue using the license token until it expires or the client application tries to refresh it. This means another user is able to start consuming the same license seat at the same time.

  The feature requires extra permissions to be defined for the OrgAdmin user.

  The license lease release feature in OrgAdmin is by default disabled in the 10Duke Enterprise configuration. If you want this feature enabled, contact the 10Duke Integration Support team.

Bug fixes:

• A fix in the Remove from organization feature that failed in some cases (depending on the license model), for example, if the user had an active license lease but no seat reservation.

10Duke Login Application

Enhancements:

• You can now request for the authenticated user’s permissions using the new custom scope https://apis.10duke.com/auth/openidconnect/client_permissions, which returns the client_permissions claim in the ID token and the UserInfo response.

• It’s now configurable whether someone is allowed to register as a user in 10Duke Enterprise if their email address belongs to a domain that has been delegated to an external identity provider (with the Assigned Email Domains setting defined for the OIDC or SAML connection). By default, registration is not allowed.

• Optimization in user data queries.

---

Release 3.28.1

Release date: July 7, 2023

This release fixes an issue that prevented configuring permissions for device licensing in organization scope.

---

Release 3.28.0

Release date: July 6, 2023

This release introduces API support for device licensing.

With device licensing, you can allow end users to access your licensed software application without having to register. The license is consumed by the device (a machine or PC) on which the software is running, and the end users using the software don’t need user accounts in the system.

In practice, each device is defined in the system as an OAuth client that belongs to a specific organization and has authentication credentials specific to the device hardware. The device client authenticates itself to 10Duke Enterprise using the OAuth client credentials grant flow to get an access token for authorizing API access.

Device clients are created in 10Duke Enterprise by invitation, and you authorize them to consume licenses using device client groups, in the same way as users are authorized using user groups.

The release also includes minor security improvements addressing false positives. We recommend updating to this release.

10Duke Identity Management REST API v1.8.0

Enhancements:

• New endpoints for managing clients associated with an organization (device clients):

  • /organizations/{organizationId}/clients: Create a new device client and associate it with an organization, retrieve information on device clients, and replace the details of a device client.

  • /organizations/{organizationId}/clients/{clientId}: Retrieve a device client and delete a device client.

  • /organizations/{organizationId}/clients/{clientId}/set-secret: Define the client secret for a device client.

• New endpoints for managing clients not associated with an organization (which you can also manage in SysAdmin), such as client applications and third-party systems:

  • /clients: Create a new client, retrieve clients, and replace the details of a client.

  • /clients/{clientId}: Retrieve a client and delete a client.

  • /clients/{clientId}/set-secret: Define the client secret for a client.

• New endpoints for managing device client groups:

  • /organizations/{organizationId}/client-groups: Create a new device client group for an organization, retrieve an organization’s device client groups, and replace a device client group’s details.

  • /organizations/{organizationId}/client-groups/{groupId}: Retrieve an organization’s device client group and delete one.

  • /organizations/{organizationId}/client-groups/{groupId}/clients: Add and remove device clients to and from a device client group, retrieve device clients that belong to a device client group, and replace the device clients that belong to a device client group.

  • /organizations/{organizationId}/client-groups/{groupId}/clients/{clientId}: Add and remove a device client to and from a device client group, and retrieve a device client that belongs to a device client group.

• New endpoints for managing invitations to device client groups:

  • /organizations/{organizationId}/client-group-invitations: Create a new invitation for a device client to join a device client group, and retrieve invitations to an organization’s device client groups.

  • /organizations/{organizationId}/client-group-invitations/{invitationId}/send: Send an existing invitation to a device client group.

  • /organizations/{organizationId}/client-group-invitations/send: Create and send a new invitation to a device client group.

  • /organizations/{organizationId}/client-group-invitations/{invitationId}/create-token: Create a new token for an invitation to a device client group.

  • /organizations/{organizationId}/client-group-invitations/{invitationId}/revoke: Revoke an invitation to a device client group.

  • /organizations/{organizationId}/client-group-invitations/{invitationId}: Retrieve an invitation to a device client group and delete an invitation.

• New endpoints for accepting and declining invitations to device client groups:

  • /client-group-invitations/accept: Accept an invitation to a device client group.

  • /client-group-invitations/decline: Decline an invitation to a device client group.

10Duke Entitlement Management REST API v2.5.0

Enhancements:

• New endpoints for managing the authorization of device client groups to access licenses in an organization’s entitlements:

  • /organizations/{orgId}/entitlements/{entId}/consuming-client-groups/: Retrieve device client groups that are authorized to access the licenses in an entitlement, and replace the authorized device client groups of an entitlement.

  • /organizations/{orgId}/entitlements/{entId}/consuming-client-groups/{groupId}: Authorize a device client group to access the licenses in an entitlement, and remove a device client group’s authorization to an entitlement.

  • /organizations/{orgId}/client-groups/{groupId}/consumed-entitlements: Retrieve entitlements that a device client group is authorized to access licenses from, and replace the entitlements that a device client group is authorized to access.

  • /organizations/{orgId}/client-groups/{groupId}/consumed-entitlements/{entId}: Add authorization to an entitlement for a device client group, and remove the authorization to an entitlement from a device client group.

• Additions and changes related to deactivating (suspending) and activating licenses:

  • For organization licenses:

    • The /organizations/{orgId}/license-transactions/{transactionId}/cancel endpoint has been replaced with /organizations/{orgId}/license-transactions/{transactionId}/suspend-licenses, which deactivates the organization licenses that were created with a specific transaction.

    • A new endpoint /organizations/{orgId}/license-transactions/{transactionId}/resume-licenses is available for for activating the suspended organization licenses related to a specific transaction.

  • For personal licenses:

    • The /users/{userId}/license-transactions/{transactionId}/cancel endpoint has been replaced with /users/{userId}/license-transactions/{transactionId}/suspend-licenses, which deactivates the personal licenses that were created with a specific transaction.

    • A new endpoint /users/{userId}/license-transactions/{transactionId}/resume-licenses is available for for activating the suspended personal licenses related to a specific transaction.

Bug fixes:

• User profile data has new validFrom and validUntil fields that indicate the validity of a user profile.

• Querying the user’s license usage now correctly returns also the user’s email address.

Other:

• The version query parameter has been removed from the /users/{userId}/available-licenses endpoint for querying a user’s available licenses, because it is not yet fully supported.

10Duke SysAdmin

Enhancements:

Bug fixes:

• Creating a new client role no longer fails with an error.

• Other minor fixes.

10Duke OrgAdmin

Enhancements:

• There’s a new configurable filter options menu available in the user, invitation, and license tables for filtering items by status. All the filters can be configured to be on or off by default, or filters can be disabled to remove them from the view.

• The invitation table has new columns that display the start and end dates of the invitation validity. Like other columns, they can be configured to be shown or hidden by default, or disabled to remove them from the view.

• A new status “Expired” is now used for invitations that are no longer valid and haven’t been accepted, declined, or revoked.

Bug fixes:

• The license table now correctly shows the total number of seats as unlimited when applicable, instead of showing an empty value.

• Fixed resolving the license model as floating or named.

• Improved the data loading of licenses.

• Minor fixes.

10Duke Login Application

Bug fixes:

• Overriding flow default setting for grant refresh token allowed confidential clients to refresh token without providing the client secret.

---

Release 3.27.2

Release date: June 27, 2023

10Duke Login Application

Bug fixes:

• User agreement acceptance bug fixes.

• Other minor fixes.

---

Release 3.27.1

Release date: June 9, 2023

The release includes minor security improvements. We recommend updating to this release.

10Duke Entitlement Management REST API v2.3.0

Bug fixes:

• License seat assignments are now correctly returned when retrieving a user’s available licenses (GET /users/{userId}/available-licenses).

10Duke OrgAdmin

Bug fixes:

• Minor fixes.

10Duke Login Application

Bug fixes:

• Changing the language no longer requires the user to accept user agreements again.

---

Release 3.27.0

Release date: June 5, 2023

10Duke Identity Management REST API v1.7.0

Enhancements:

• When retrieving a user’s user groups (GET /users/{userId}/organization-groups), you can use the new query parameter organizationId to limit the query to a specified organization’s user groups.

• The API operation for retrieving permissions (GET /permissions) provides a new query parameter domain. By specifying domain=organization, you can limit the query to permissions that are used in the organization domain and can be managed by 10Duke OrgAdmin users.

• API reference documentation improvements

Bug fixes:

• Minor fixes.

10Duke Entitlement Management REST API v2.2.0

Enhancements:

• New API operations for retrieving information on product packages:

  • GET /products for retrieving product packages. You can filter the query based on the full or partial name of the product package.

  • GET /products/{productId} for retrieving a product package based on the product package ID.

• Retrieving the licensed items in a product package (GET /products/{productId}/product-items) now also returns the names of the licensed items. The fields that contain information on the allowed versions of the client application have also been renamed as allowedVersions and allowedVersionsDescription.

• A new operation GET /users/{userId}/license-usage/ is available for querying the license usage of a specific user. The response contains information on the licenses that the user is currently consuming or has a seat reservation for.

Bug fixes:

• When retrieving a user’s available licenses (GET /users/{userId}/available-licenses), the onlyValidLicenses query parameter now correctly filters out also invalid licenses.

• Updated permissions required for calling GET /users/{userId}/available-licenses/ to query a user’s available licenses.

• Session anchors are now correctly returned in the response when retrieving the current usage of a license (GET /organizations/{orgId}/entitlements/{entId}/licenses/{licenseId}/usage).

10Duke SysAdmin

Enhancements:

• You can now define a connection to a client application using the OAuth client credentials grant flow with the new Client Credentials Grant option in Allowed OAuth 2.0 flow.

  See how to define a connection in SysAdmin and how to implement the connection in your client application using this flow.

  For background, see information on the supported authentication flows.

• When you add licensed items to a product package, they are now by default set to use the same license model as the product package. Like before, you can select a different license model per licensed item in their advanced settings.

  Editing the product package also provides a new feature where changing the license model at the product package level prompts you to choose whether to apply the same license model change to all the licensed items as well.

• The Entitlement dashboard has a new look and feel and the displayed data has been updated.

• In IDENTITY > Organizations, you can now search an organization’s invitations by the recipient email.

• In IDENTITY > Organizations, the obsolete Settings tab for an organization has been removed.

Security:

• The version includes minor security improvements. We recommend updating to this version.

Bug fixes:

• When you’re granting use time for a license in seconds, the granted time is now calculated correctly in seconds instead of milliseconds.

• In ROLES AND PERMISSIONS > Organization roles, the search now works correctly when using uppercase letters.

• In IDENTITY > Federation, the client key in the table now has the correct label Client key.

• Other minor fixes.

10Duke OrgAdmin

Enhancements:

• The OrgAdmin user can now hide inactive and invalid licenses in views that list licenses.

• The OrgAdmin user can now also specify the allowed software version when they download a license token. If you want this feature enabled, contact the 10Duke Integration Support team.

• The license management view now shows a license with status “Scheduled” if the validity start date is in the future.

• OrgAdmin now autodetects the user’s language based on the browser settings, if the language isn’t requested as part of the URL and the user hasn’t selected a preferred language in OrgAdmin. The autodetection is by default enabled in your 10Duke Enterprise configuration. Contact the 10Duke Integration Support team if needed.

  OrgAdmin also now stores the user’s selection of the preferred language in the browser and remembers the selection for future sessions.

• Improved the error message when the OrgAdmin user tries to release a seat reservation and the license model doesn’t allow it.

Security:

• Breaking: The OAuth flow used for OrgAdmin access has been changed from the implicit grant flow to the authorization code grant flow with Proof Key for Code Exchange (PKCE).

  Note: Make sure to update the authentication flow of your OrgAdmin client application in SysAdmin: if Allowed OAuth 2.0 flow is set to Implicit Grant, change the value to Authorization Code Grant with PKCE.

Bug fixes:

• Consumption data is now correctly displayed for licenses that are being consumed.

• Other minor fixes.

10Duke Login Application

Enhancements:

• Support added for using the OAuth client credentials grant flow when connecting to client applications. You can use this flow when your client application doesn’t involve any user, for example, with integrations or device-based licensing.

  See how to define a connection to a client application on the SysAdmin side and how to implement the connection in your client application using this flow.

  For background, see information on the supported authentication flows.

• Support added for sending events to AWS Kinesis Firehose.

Bug fixes:

• Minor fixes.

---

Release 3.26.0

Release date: May 2, 2023

10Duke Login Application

Enhancements:

• Support added for the OIDC login_hint parameter for client applications and external identity provider redirects.

  This allows the party requesting authentication to provide the user’s email address in the login_hint parameter, and the system providing the authentication service can use it to automatically populate the email address field so the user doesn’t have to fill it in again.

  The parameter is not available for JWT bearer token authorization grant and password grant flows. The parameter can also be used by client applications authenticating using SAML.

• Support added for a flow parameter for client applications requesting authentication using OIDC and SAML. (Not available for the JWT bearer token authorization grant and password grant flows.)

  This allows the client application to request whether to open the login or registration page for the user. If not specified, the login page is opened.

Bug fixes:

• Fixed a client login redirect loop when the client application’s OIDC connection in SysAdmin has an incorrectly configured login callback URL.

• If the user has logged in with SAML using an external identity provider, and they are then logged out from the identity provider as part of a single logout (SLO) process started from the client application, the user is now correctly redirected back to the client after the logout instead of the 10Duke Enterprise login page.

• Fixed the performance of agreement handling in larger user databases.

---

Release 3.25.1

Release date: April 19, 2023

10Duke Login Application

Bug fixes:

• A fix related to the login session not being cleared correctly when removing authentication by an external identity provider.

---

Release 3.25.0

Release date: April 14, 2023

10Duke Identity Management REST API v1.6.3

Enhancements:

• The recipientIsNewUser field in user invitations has been deprecated. The memberStatus field is used instead to indicate if the user is a new user.

10Duke Entitlement Management REST API v2.0.0

Enhancements:

• Breaking: The schema of effectiveLicenseModel has changed. If the includeEffectiveModel parameter is included on the client side, the schema must be regenerated for client-side validation.

• The includeEffectiveModel query parameter can be used to include license model details in the response for the following operations that return licenses:

  • Get the licenses available to a user (GET /users/{userId}/available-licenses)

  • Get the current usage of a license (GET /organizations/{orgId}/entitlements/{entId}/licenses/{licenseId}/usage)

  • List the licenses in an entitlement (GET /organizations/{orgId}/entitlements/{entId}/licenses)

  • Move a license to another entitlement (PUT /organizations/{orgId}/entitlements/{entId}/licenses/{licenseId}/move/{destEntId})

• GET /users/{userId}/available-licenses also provides a new onlyValidLicenses query parameter for filtering out expired and invalid licenses.

Security:

• The version includes minor security improvements. We recommend updating to this version.

Bug fixes:

• Minor fixes.

10Duke SysAdmin

Enhancements:

• The Identity dashboard has a new look and feel and the displayed data has been updated.

Bug fixes:

• Minor fixes.

10Duke OrgAdmin

Enhancements:

• Updated to take into use the Entitlement Management REST API v2.0.0.

10Duke Login Application

Enhancements:

• The user cannot skip optional agreements anymore, they have to either accept or decline them.

• If you have implemented your own custom Login Application, you can now request data from 10Duke Enterprise on how the user has handled the user agreements. For information on custom implementations, contact the 10Duke Integration Support team.

• When external identity providers are used for user authentication, your client application is now able to request which specific external identity provider the authentication request should be redirected to. This requires an update in your system configuration. Contact the 10Duke Integration Support team for more information.

Security:

• The version includes minor security improvements. We recommend updating to this version.

Bug fixes:

• The JWT bearer token authorization grant flow didn’t allow multiple values in the ID token’s aud claim.

• Fixes related to user agreements.

---

Release 3.24.4

Release date: March 21, 2023

10Duke Login Application

Enhancements:

• Support added for prompting the user to accept required and optional agreements (for example, terms and conditions, or a newsletter preference) as part of the registration flow.

• Support added for prompting the user to accept new, updated, or pending agreements as part of the login flow.

• Support added for end users to view and manage their consent to agreements in the User Profile views.

• Added an I have already validated my email button to enable the user to continue from the the email validation screen. This is to better support use cases where the user validates their email address, for example, using a different browser from the one where they started the registration and email validation process.

• When customizing the Login Application UI, you can now enable or disable all animations.

• The user can now toggle the visibility of their password input in different views, for example, during registration or when resetting their password.

Bug fixes:

• Minor fixes

---

Release 3.24.3

Release date: March 9, 2023

The release includes minor security improvements. We recommend updating to this version.

10Duke Identity Management REST API v1.6.2

Enhancements:

• If you create a new organization role using the createOrganizationRole operation (POST /organizations/{organizationId}/organization-roles) and use impliedOrganizationRoleId to grant permissions based on an implied role, you can now also specify an organization role ID, and not only a template ID.

10Duke SysAdmin

Enhancements:

• You can now also include the software version information before downloading a license token.

• When changing the allowed versions for an organization’s license, the dialog also now allows editing the display name for the versions.

Bug fixes:

• You can no longer create a product package with a name or display name that only contains whitespaces. Any leading and trailing whitespaces are also now removed from the values.

• Other minor fixes

---

Release 3.24.2

Release date: February 28, 2023

10Duke Login Application

Enhancements:

• When the user logs out in one browser window, they’re now automatically logged out also in the other windows they have open.

• Updated UI translations to fully cover all supported languages.

10Duke OrgAdmin

Enhancements:

• When the user logs out in one browser window, they’re now automatically logged out also in the other windows they have open.

• The option to download a license token is now enabled for all valid licenses and users. Earlier the logic that determined when a license token download can be attempted was linked to license seat availability, which includes seat reservations. This meant that when no seats were available, you were unable to download a license token for a user who had a seat reservation.

• If a user group is deleted, a user’s seat reservations are now released for the licenses they lose access to.

• Updated UI translations to fully cover all supported languages.

Bug fixes:

• Fixed issues with updating user listings after a user has been removed from an organization as a result of an API call.

• Small bug fixes, and some updates related to deprecated dependencies.

---

Release 3.24.1

Release date: February 3, 2023

10Duke SysAdmin

Bug fixes:

• This release fixes a number of small bugs

---

Release 3.24.0

Release date: January 26, 2023

10Duke Identity Management REST API v1.6.1

Enhancements:

• Extended the /organizations/organization-setup operation to support the creation of a default Entitlement and related LicenseConsumerRelations.

Bug fixes:

• A success response not specified for the getOtpCredential operation.

• QR code expansion fails with the createOtpCredential operation.

• Updating the email value of an existing user using the /users/import operation with the parameter "allowUpdateExisting": "true" returns "error": "resource_already_exists". The error response has been updated to "error": "invalid_argument" with "error_description": "Cannot change email address using this API", because this operation doesn’t allow updating the user’s email. Use the user operation /user/changeEmail instead.

10Duke Entitlement Management REST API v1.3.0

Security:

• The release includes minor security improvements. We recommend updating to this version.

10Duke SysAdmin

Bug fixes:

• Editing the name of an organization group on the entitlements page cause the group to be deleted.

---

Release 3.23.4

Release date: January 18, 2023

10Duke SysAdmin

Bug fixes:

• Fixed a multiselect error on the organization licenses page.

---

Release 3.23.3

Release date: January 11, 2023

10Duke Login Application

Bug fixes:

• Fixed an issue with an unconfigured redirect URI error handling for the PKCE flow.

---

Release 3.23.2

Release date: January 4, 2023

10Duke SysAdmin

Bug fixes:

• Fixed how the partial search works on the users page.

---

Release 3.23.1

Release date: January 2, 2023

10Duke Login Application

Enhancements:

• Updated the build target from Java 8 to Java 11.

• The insufficient_authentications error allows continuing the user login after authentication has been completed.

• Added OpenAPI info.

• Disabling the access token request rate limiter doesn’t work. Improved the parsing of invalid redirect URIs when using wildcards for the port number.

• Update json-path to version 2.7.0.

• Added support for alternative emails and changing the login email.

• Added version information to build output.

• Added a runtime API version compatibility check.

• Added a spinner for external redirects.

• Added error handling to login.

• Added configurable auto logout for idle users.

• Blocked external redirects for login processes where the browser is switched mid-process.

• Improved the usability in email validation.

• Updated the configuration version and added configuration version migration.

• Updated the German translation.

• Moved the monospace font to the branding CSS.

Security:

• The release includes minor security improvements. We recommend updating to this version.

Bug fixes:

• Logout from the profile page with a federated login if no single sign-out URL has been configured.

• A GET request to resource owner password grant exposes the stack trace.

• NPE with invalid device_code when accessing the OAuth 2.0 token endpoint.

• Fixed the UI for resetting the password when already logged in.

• Fixed an issue with a page not found route.

• Fixed issues with sourcemaps.

• Fixed page transition animations.

• Fixed issues with invitations.

---

Release 3.23.0

Release date: January 2, 2023

10Duke Identity Management REST API

Enhancements:

• Support for reservation cleanup when deleting organization groups.

• jaxb-api dependency convergence (Java 11 update).

• Updated the build target from Java 8 to Java 11.

• Updated the user-group connection deleting operations to return a flag if no more groups within the organization are left.

• Invitations were unusable if validFrom was left out of invitations.

Security:

• The release includes minor security improvements. We recommend updating to this version.

Bug fixes:

• Empty sections by tag in the OpenAPI spec.

• Updating the user’s phone number with /organizations/{organizationId}/users/import failed.

10Duke Entitlement Management REST API

Enhancements:

• jaxb-api dependency convergence (Java 11 update).

• Updated the build target from Java 8 to Java 11.

Security:

• The release includes minor security improvements. We recommend updating to this version.

Bug fixes:

• DELETE /api/entitlement/v1/management/permission-cache was broken.

• Updating the user’s phone number with /organizations/{organizationId}/users/import failed.

10Duke SysAdmin

Enhancements:

• Updated the build target from Java 8 to Java 11.

• Updated the Personal Entitlements label to singular form.

• Changed the applicable dialogs to modal.

• Fixed inconsistencies in error messages and certain UI items.

• Added a warning message when changing Name of a licensed item.

• Renamed the internal role GinOverGin to Super Admin in the SysAdmin configuration setup.

Bug fixes:

• The organization invitation dialog doesn’t shown a confirmation after saving.

• Fixed the select all text alignment in the invite member dialog.

• Incorrect character in the select internal roles dialog.

• The code dialog shakes on error.

• A duplicate error on the licensed items page.

• The organization group create dialog doesn’t show an error inside the dialog.

• Multiple error messages were shown when editing OIDC provider.

• A floating license model opens on the last page when creating a model for the second time.

• The create organization role dialog closes on error.

• The organization role template dialog closes on error.

• The organization entitlements/set allowed versions dialog doesn’t work.

• Corrected the dialog title when adding use count to a license.

• A duplicate error message when adding an organization role template with an empty name.

• Clear selection count is not cleared after removing licensed items.

• Exception when trying to create a licensed item with an already existing name under a product package.

• The Title field is empty for other OIDC/SAML providers if emptying the field and changing the provider.

• Activation Code Configuration - Assign Organization dialog sizing enhanced.

• The Name field is empty for other packages if emptying the field and changing the package.

• Error when changing an internal role’s name to an already existing name.

• Error when changing a product package name to an already existing name.

• Error when changing a licensed item’s name to an already existing name.

• Error when adding an internal role with an already existing name.

• Error when trying to create a product package with an already existing name.

• Error when adding an organization custom property twice with the same key.

• Error when adding a user custom property twice with the same key.

• Error when trying to add a client role that already has been added.

• Enforce product package validity when it comes to granting licenses.

• Don’t allow only whitespace in the licensed item name and display name.

• Deleting all organization user groups fails.

• The organization name link in organization_manage_groups view not working as expected.

• The product packages/change license model doesn’t clear references.

• The Product Configuration > License Models > Create/edit license model dialog doesn’t scroll.

• The organization creation should use a different service.

• A seat remains reserved when an organization group is removed.

• Organization Role details - Organization field should be read-only.

• The details view not closed when saving an edited licensed item.

• An organization cannot be deleted if it has at least one device group.

• Cannot filter or sort client app roles in the User > Client App Roles > Add view.

• The date picker widget moves down from the input field when navigating from one month to another.

• Switch to use allowedVersions defined in license credit.