Upgrade Considerations

This page provides the information you need to consider while upgrading your instances of IdentityIQ.

To learn more about SailPoint’s recommended best practices for upgrading from one version of IdentityIQ to the next (or any subsequent) version, refer to Upgrade Best Practices.

Note

  • On Feb 21, 2023, IdentityIQ 8.1 will reach its limited support date and will reach its dropped support on February 21, 2024. If you are on IdentityIQ 8.1, refer to IdentityIQ-Server-Software to learn more about the upgrading processes. To know the status of the supported version, refer to the IdentityIQ End of Life policy.

  • All patches are cumulative, so the latest incremented patch includes all changes from previously released patches for a major release.

IdentityIQ 8.0

  • To support the Authenticate keyword which is used with Pass Through Authentication, add the following attribute to the featureString in the application Debug page:

    AUTHENTICATE

    For more information, refer to Keywords.

  • Multiple independent endpoints for aggregation and getObject operations are only supported for new applications.

  • Endpoints must have unique names, not null values.

  • To enable the Unlock feature, add the following feature value to the featuresString in the application Debug page:

    featuresString="UNLOCK"

  • In IdentityIQ versions 8.0 Patch 5 and later, the following class names must be changed in any configured rules:

    Original Class Name

    New Class Name

    sailpoint.connector.webservices

    sailpoint.connectorDependencies

    sailpoint.connector.webservices.WebServicesClient

    sailpoint.connectorDependencies.WebServicesClient

    sailpoint.connector.webservices.EndPoint

    sailpoint.connectorDependencies.EndPoint

    sailpoint.connector.webservices.WebServiceConnectorUtil

    sailpoint.connectorDependencies.WebServiceConnectorUtil

    sailpoint.connector.webservices.WebServicesConstant

    sailpoint.connectorDependencies.WebServicesConstants

    sailpoint.connector.webservices.RestRequestExecutor

    sailpoint.connectorDependencies.RestRequestExecutor

    All connector classes and third-party-required .jar files are packaged as "fat jar" files and they are kept in the WEB-INF/lib-connectors directory. These .jar files are found in the default system classpath. The connector classloader loads them at runtime.

  • After upgrading IdentityIQ from version 7.2 Patch 3 or prior to version 8.0 Patch 5 or later:

    • If you use OAuth 2 authentication and your Grant Type is JWT, add the following parameters to the application XML in the Debug page:

      • oAuthJwtHeader

      • oAuthJwtPayload

      For more information, refer to Additional Configuration Parameters.

    • Add the following entry key into the application XML in the Debug page of the existing application:

      <entry key="encrypted" value="accesstoken,refresh_token,oauth_token_info,client_secret,private_key,private_key_password,clientCertificate,clientKeySpec"/>

    • To support Pass-through authentication, add the isGetObjectRequiredForPTA attribute to the application Debug page.

      For more information, refer to Additional Configuration Parameters.

  • Starting with IdentityIQ version 8.0 Patch 5, to use Partitioning, you must add static mappings to Get Partition objects, or you can configure dynamic or Get Partition endpoints. To aggregate accounts using partitions, you must configure a Partitioned Account Aggregation endpoint.

    For more information, refer to Partitioning.

    Important
    Partitioning is not supported for the applications created prior IdentityIQ version 8.0 Patch 5.

  • The use of quotation marks ("") is not supported in applications created prior to IdentityIQ version 8.0 Patch 5. If you require quotation marks in your configuration, contact SailPoint Customer Support. Quotation marks are supported in applications created after IdentityIQ 8.0 patch 5.