IBM Support

IBM Security Privileged Identity Manager 2.1.0 Issues and Limitations

News


Abstract

This document lists the issues and limitations and provides workarounds for IBM Security Privileged Identity Manager.

Content

Feature Issues or Limitations
Shared access consoles
  • Unable to delete secondary organization. For a workaround on this issue, see http://www.ibm.com/support/docview.wss?uid=swg21690991 .
  • When the administrative console and Service Center are opened at the same time, logging in to the Service Center redirects it to the administrative console homepage.
  • Identity Feed Service uses workflow for reconciliation. For more information, see http://www-01.ibm.com/support/docview.wss?uid=swg21691715 .
  • The IBM Security Privileged Identity Manager Service Center does not meet accessibility standards.
  • Issue: When performing an Advanced Search in the credential vault, you cannot search for other Business Units when a Business Unit is already selected.
    Workaround: Click Clear to remove the chosen Business Unit and search again to see all available Business Units.
  • The Delegate feature in the Administrative Console and Self-service Console is not available for the Privileged Administrator and the Privileged User.
  • Credentials cannot be restored in the IBM Security Privileged Identity Manager Service Center when you are using Internet Explorer.
  • Managing privileged credentials on SoftLayer is currently not supported. See announcement .
Session recording
  • On Windows 10 machines, Session Recording is not supported for web applications running on Internet Explorer that are secured using Basic Authentication.
  • Unable to display other languages during playback.
  • Inconsistent user ID displayed in the Privileged Session Recorder Player console.
Automatic check-in and check-out
  • Issue: Credential injection fails when the user starts any of the applications, and at the time of injection the application is overlaid with another application, or with the lease expiry window.
    Workaround: Ensure that you place focus on the application until the application logon process is complete.
  • Issue: When you are using Remote Desktop Connection, Privileged Access Agent offers to save the shared credentials after injecting the checked out user name and password. This issue occurs after the PIM_Profiles.eas AccessProfile is uploaded to the IMS Server.

    Workaround: Disable the sso_site_wnd_rdp6_with_options AccessProfile.
    1. Log in to Privileged AccessAgent as an administrator.
    2. Open AccessStudio.
    3. Choose File > Import data from local Access Agent.
    4. From the list of AccessProfiles, select sso_site_wnd_rdp6_with_options.
    5. Select the General Properties tab.
    6. Under Signatures identifying web-page or exe where this AccessProfile is to be loaded, click Remove.
    7. Right-click sso_site_wnd_rdp6_with_options.
    8. Click Upload to IMS.
  • The IBM Security Privileged Identity Manager AccessProfile for Microsoft Remote Desktop Connection RDP client does not support the injection of shared credentials at the RDP lock screen.
  • Check-out and check-in of shared credentials cannot work for mainframe applications that run on z/OS® and i5 series, which have the following workflow:
    1. Inject user name.
    2. Press Tab.
    3. Inject password.
  • Multiple IBM Security Privileged Identity Manager credentials for one Privileged Access Agent user is not supported.
  • When the user does not have an IBM Security Privileged Identity Manager credential in the user Wallet and simultaneously starts two applications, such as RDP and VMware vSphere Client, checking out shared credentials only works for one application where the user enters the IBM Security Privileged Identity Manager credentials when prompted by Privileged Access Agent.
  • Shared access credential check-out in RDP only works when the General tab is selected.
  • Issue: Session recording fails with PuTTY 0.67.
    Workaround: Download the updated PuTTY AccessProfile .
  • Issue: Automatic check out for RDP fails on Windows 10.
    Workaround: Download the updated Remote Desktop AccessProfile .
Privileged Session Gateway
  • Starting from Fix Pack 6, if you copy a connection page URL and paste the URL into another tab in any browser, a new connection is not started. The original connection is also not disconnected.
    Note: This behavior is different from the limitation that is documented in Limitations with Privileged Session Gateway .
  • When you add a Privileged Session Gateway or load balancer certificate to the virtual appliance, avoid using a 4096 bit certificate. See Adding the Privileged Session Gateway or load balancer certificate .
  • Session recording for Privileged Session Gateway is not available when you are integrating IBM Security Privileged Identity Manager with IBM Security Access Manager. Disable the session recording feature in the Administrative Console.
  • Issue: On the Privileged Session Gateway console, if you run a command (for example, ls /etc) that returns multi-column output, the result might appear to be misaligned if you zoom in or out.
    Workaround: Use the default zoom.
Virtual appliance
  • Topic: Installing the virtual appliance on Citrix XenServer
    For any Citrix XenServer installations, skip step 11.
  • In the Directory server configuration details window, the organization name and short names for the Directory Server (LDAP) cannot contain these characters: ` $ | < > &.
  • The Machine Policy Template based on group membership is not properly assigned to machines with more than one Active Directory group.
  • Topic: Setting up a stand-alone or primary node for IBM Security Privileged Identity Manager
    When you are specifying a custom root certificate in the Root CA Configuration page, the length of the Distinguished Name (DN) for the custom root certificate must not be longer than 128 characters. For example, CN=pim, OU=example, O=ibm, ST=cal, POSTALCODE=1067, C=US
ISPIM for Applications
  • Missing domain name in the displayed account for reconfigured windows scheduled tasks.

[{"Product":{"code":"SSRQBP","label":"IBM Security Privileged Identity Manager"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"2.1.0","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
11 February 2019

UID

swg21995441

Page Feedback