In this release, we focused on extending the automation capabilities of Adaxes and improving end user experience. It comes with rule-based groups, the ability to approve requests from emails, a new editor for binary fields, the dark theme, and a long list of convenience features for the Web Interface.
Here’s more about what’s new in Adaxes 2020.1.
Groups in your Active Directory can now have rule-based membership. The idea is simple — you define the membership rules for a group and Adaxes manages its list of members for you.
Membership rules are very flexible and offer many criteria for including objects in a group. As an example, you can include all users located in a certain OU, but only if their department is Sales and their account is enabled. Also, you are free to mix and match different object types within the same rule-based group.
You can configure the membership rules yourself or delegate it to other users, for example, group owners. And, of course, you can hide all the inner workings of rule-based groups from ordinary users and let them only view the current members.
To top it up, we included two new reports to simplify auditing rule-based groups:
After you upgrade to the new version, you will need to enable the Membership Type section in the Web Interface Configurator to start using rule-based groups. For more details, see Automate group membership management.
Approval-based workflow is one of the core features of Adaxes, so we decided to streamline the approval process as much as possible. Here is a list of improvements which will make your user experience more complete.
It is now possible to approve or deny requests without logging in to the Web Interface. The approver only needs to click a button in the notification email.
Operation descriptions in the notification emails are now more clear and concise, without any unnecessary technical details. Also, the layout now looks more consistent in different email clients.
After you upgrade to the new version, the ability to approve/deny requests from email notifications will be disabled. For details on how to enable it, see Enable Approve/Deny Buttons in Email Notifications.
It is now possible to review picture changes that are sent for approval. Updated pictures are displayed in the Web Interface and in the approval notification emails.
For example, you can now delegate updating pictures to your users and let their managers approve the new picture.
You can now view both your pending requests and approvals on any page of the Web Interface thanks to the new indicator in the navigation bar.
It is now possible to specify the reason for approval. This will make approved requests more informative.
Now Adaxes remembers the date when a request was approved, denied, or cancelled. It will help you with monitoring and auditing processed approval requests.
We have also updated the built-in Approved requests, Cancelled requests, and Denied requests reports. Now the requests in these reports are sorted and grouped by processing date by default.
These built-in reports will not be updated automatically after you upgrade to the new version. To replace the existing reports with the updated versions, you will need to restore them to the initial state.
It is now possible to upload files into binary properties of AD objects from the Web Interface. For example, your HR staff can now attach staff contracts, CVs, or any other relevant documents directly to user accounts. Adaxes recognizes the most popular file types like PDF, DOC, or XLS and displays the corresponding icon, but it is possible to attach any files.
You can download the attached files from various Web Interface views and from the report documents.
For more details, see How to attach files to AD objects.
We continue extending the functionality of the Web Interface and making improvements to its visual appearance. Here's a list of improvements we have made this time.
The dark theme is now available for the Web Interface. Users can switch between dark and light themes according to their personal preferences.
It is also possible to use the dark theme in the Web Interface Configurator.
The new version fully supports using SVG files for your custom logo. Your logos will now look great on any resolution.
You can even make your SVG logos dynamically change colors so they stand out on both, dark and light themes. For more details, see how to Set Custom Logo and Colors.
We have improved the user interface and have added new features to the HTML editor for automatic replies. You can now add tables to the messages and there are more formatting options available.
It is now possible to bulk reset computer accounts in one click.
You can now filter long lists of operations. It is helpful if you have many Custom Commands and need to find one quickly.
Drop-down lists that have more than 10 items can also be filtered. You can easily find the right value in lists of any length.
It is now possible to search for AD objects using a bunch of new search criteria. We have also added a filter to the criteria list, so you can find what you need quicker.
Here is the full list of new criteria:
We have improved the user interface of the sign in page and the Self-Service Password Reset wizard on small screens.
We have completely reworked all icons so they look crisp and clear on all resolutions, including 4K.
We have added a button to the Web Interface Configurator that lets you cancel all changes with one click.
We have increased the maximum number of fields in object mouseover popups from 5 to 10.
Email notifications sent by Adaxes can now have a friendly display name in the FROM field.
From now on, clicking on the My account card opens your account in view mode instead of edit mode.
A new condition is now available — If <property of the member> <relation> <value>. You can use it in Business Rules that trigger before/after adding or removing a member from a group. It allows you to check the property values of the member who is being added or removed, and execute different actions depending on those values.
For example, you can request approval for adding a user to a group if they are not from a specific department.
We have added a number of new virtual properties to simplify extracting information about AD object owners and group members. For example, you can now check whether a group owner has a mobile number, and send them an SMS if they do.
Here is the full list:
Available in Business Rules, Scheduled Tasks, and Custom Commands configured for an object type that has a Managed By property e.g. computer or group. Will retrieve information about the object owner.
Only available in Business Rules that trigger before/after adding or removing a member from a group. Will retrieve information about the group member who is being added or removed.
As another example, you can now send email notifications to new group members without using scripts.
We have improved how Adaxes handles situations when several Property Patterns for the same property overlap in their activity scope. Now, Adaxes will combine and apply all effective patterns, providing they are not conflicting. For example, you can now set a default value for a specific property in one pattern and define constraints in another pattern.
Fixed the vulnerability that resulted from special characters not being escaped when value references are resolved. For example, the vulnerability made it possible to inject PowerShell scripts in custom command parameter input fields if value references were used to get the parameter values.
This update extends the previous security update and addresses the same vulnerability. The previous fix can be bypassed, which was discovered recently. As a result, we've reinforced the fix by escaping all possible double quote characters ("„“”) when value references are resolved.
In this update, we have mainly focused on improving the security of Adaxes and fixing recently discovered vulnerabilities.