IBM Support

IBM Security Privileged Identity Manager Issues and Limitations

News


Abstract

This document contains release information that was not documented in the published Release Notes.

Content


FeatureIssues or Limitations
Shared access consoles
  • Unable to delete secondary organization. For a workaround on this issue, see http://www.ibm.com/support/docview.wss?uid=swg21690991.
  • When the administrative console and Service Center are opened at the same time, logging in to the Service Center redirects it to the administrative console homepage.
  • The IBM Security Privileged Identity Manager Service Center does not meet accessibility standards.
  • Issue: When performing an Advanced Search in the credential vault, you cannot search for other Business Units when a Business Unit is already selected.
    Workaround: Click Clear to remove the chosen Business Unit and search again to see all available Business Units.
  • Credentials cannot be restored in the IBM Security Privileged Identity Manager Service Center when you are using Internet Explorer.
  • Managing privileged credentials on SoftLayer is currently not supported. See announcement.
Session recording
  • On Windows 10 machines, Session Recording is not supported for web applications running on Internet Explorer that are secured using Basic Authentication.
  • Unable to display other languages during playback.
  • Inconsistent user ID displayed in the Privileged Session Recorder Player console.
Automatic check-in and check-out
  • Issue: Credential injection fails when the user starts any of the applications, and at the time of injection the application is overlaid with another application, or with the lease expiry window.
    Workaround: Ensure that you place focus on the application until the application logon process is complete.
  • The IBM Security Privileged Identity Manager AccessProfile for Microsoft Remote Desktop Connection RDP client does not support the injection of shared credentials at the RDP lock screen.
  • Check-out and check-in of shared credentials cannot work for mainframe applications that run on z/OS® and i5 series, which have the following workflow:
    1. Inject user name.
    2. Press Tab.
    3. Inject password.
  • Multiple IBM Security Privileged Identity Manager credentials for one Privileged Access Agent user is not supported.
  • When the user does not have an IBM Security Privileged Identity Manager credential in the user Wallet and simultaneously starts two applications, such as RDP and VMware vSphere Client, checking out shared credentials only works for one application where the user enters the IBM Security Privileged Identity Manager credentials when prompted by Privileged Access Agent.
  • Shared access credential check-out in RDP only works when the General tab is selected.
  • Issue: Session recording fails with PuTTY 0.67.
    Workaround: Download the updated PuTTY AccessProfile.
  • Issue: Automatic check out for RDP fails on Windows 10.
    Workaround: Download the updated Remote Desktop AccessProfile.
  • Some configurable texts that are driven by policies in IMS Server by default contains "ISAM ESSO".
Privileged Session Gateway
  • If you copy a connection page URL and paste the URL into another tab in any browser, a new connection is not started. The original connection is also not disconnected.
    Note: This behavior is different from the limitation that is documented in Limitations with Privileged Session Gateway.
Virtual appliance
  • Issue: If you are upgrading the virtual appliance with DB2 ACR, the ACR settings are removed during the upgrade.
    Workaround: Reconfigure the database and add the ACR settings. Restart the services.
  • Issue: If you are upgrading a Xen deployment, during the post upgrade reboot, the system chooses the older partition.
    Workaround: Select the new 2.1.1.0 partition to reboot from when the GRUB screen pops up.
  • In the Directory server configuration details window, the organization name and short names for the Directory Server (LDAP) cannot contain these characters: ` $ | < > &.
  • Topic: Setting up a stand-alone or primary node for IBM Security Privileged Identity Manager
    When you are specifying a custom root certificate in the Root CA Configuration page, the length of the Distinguished Name (DN) for the custom root certificate must not be longer than 128 characters. For example, CN=pim, OU=example, O=ibm, ST=cal, POSTALCODE=1067, C=US.
ISPIM for Applications
  • Missing domain name in the displayed account for reconfigured windows scheduled tasks.
Reporting
  • In the Application Identity Registration Report, using the Host Name search filter generates an error and prevents the report from being rendered.

[{"Product":{"code":"SSRQBP","label":"IBM Security Privileged Identity Manager"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Not Applicable","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"2.1.1","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg22010575

Page Feedback