4.8.1

Introduced the initial version of the Oracle NetSuite connector (agtnetsuite), provided as part of the standard Connector Pack.

Group membership add/remove operations

Implemented group membership management in the NetSuite Python connector so GRUA scenarios no longer failed with an “objreladd not implemented” error, by adding the groupuseradd and groupuserdelete operations to add and remove users from roles.

Connector verification classification updated

The Oracle NetSuite custom connector was reclassified from Bravura Security‑Verified to Customer‑Verified because Bravura did not maintain a NetSuite environment and did not run regression tests for this connector.

NetSuite group membership operations

The NetSuite connector now supports group membership add (GRUA) operations, which previously failed with a “not implemented” error when attempting to add accounts to groups.

Updated the Bravura Safe (2025+) and Bravura Safe User Management (2025+) connectors to use the Bravura Safe CLI (bsafe.exe) instead of the legacy Bitwarden CLI (bw.exe). The CLI is available via the Bravura Safe GitHub repository: https://github.com/Bravura-Security/bravura-safe_clients/releases.

Listing behaviour

Improved error handling when listing users and other objects so that partial listings are no longer treated as successful. This prevents only a subset of Okta users being loaded during auto‑discovery.

Timestamp logging

Updated the Okta time conversion helper to return an empty string when the Okta time value is empty, eliminating “not a valid format []” notice messages when Okta timestamp fields (such as last login) are missing.

Support has been added for version 65.0 of the Salesforce SOAP API.

Expired password/account handling

Reintroduced support for the AD_VERIFY_EXPIRED_PW and AD_VERIFY_EXPIRED_ACCT registry options so you can control whether expired passwords and expired accounts are treated as login failures.

Better handling of new users.

Updated the Azure AD connector to tolerate Microsoft Graph’s eventual consistency when creating users. After a successful user create, the connector now uses the object ID for follow‑up checks and applies targeted retry logic to PATCH operations, so attribute updates that happen immediately after creation no longer fail due to transient “resource does not exist” responses.

Added the onPremisesSyncEnabled account attribute for the Azure Active Directory (agtazure) connector.

Updated the Exchange 2007+ Server connector (agtexg2k7) to add the longid for the agent output for the create operation and for when users already exist.

Exchange connector now supports OAuth 2.0 authentication for Exchange Online (list operations only; on-premises Exchange continues to use Basic Authentication).

Logging level

Updated the PowerShell connector so that variable conversion messages are logged at Debug level instead of Info, reducing noise in normal logs.

Salesforce: New troubleshooting subsection for no accounts returned from discovery

Added a new troubleshooting subsection titled “No accounts returned from discovery” that provides initial troubleshooting steps and error message details for situations where discovery processes return no accounts, helping administrators diagnose configuration or query issues more quickly.

Fixed an issue to include default global attributes when an attribute override is used.

Fixed an issue in the Siteminder connector (agtsm) so that it now correctly saves the list override setting.

Fixed session handling in PeopleSoft 8.49 agent to prevent a crash during list groups operation.

Notice log spam from empty timestamps

Eliminated repeated “not a valid format []” notices when Okta timestamp fields are missing.

Active Directory connector – expired password/account handling

Restored the documented behaviour for how expired passwords and accounts affect login checks via registry options.

New user creation falsely reported as failed

Fixed a bug where Azure user creation succeeded but was reported as failed because subsequent attribute updates immediately after creation returned HTTP 404 “resource does not exist”. The connector now recognises this as a temporary propagation delay, retries PATCH operations for newly created users, and uses the user’s object ID when checking for resource existence, so template attributes and post‑creation changes are applied reliably without manual intervention.

User filter URL construction

Fixed formation of URLs for filtered user listings, preventing Azure “Invalid filter clause” errors.

Updated the Azure Active Directory connector (agtazure) to correctly construct the query URL when attributes are empty and a filter is used, which was previously causing listing to fail.

NetSuite entityId not set on create account

Fixed an issue where the NetSuite connector was not correctly setting the entityId field when creating new user accounts, resulting in an auto-generated identifier instead of the specified value.

entityId set during create account

Create account operations no longer failed to set entityId as configured (previously requiring manual correction in the NetSuite UI); this was noted as applicable for environments running Pass/Identity 12.6.3 with Connector Pack 4.8.x. (BSCS-11636, BSCS-11609, fixVersion: 4.8.1, 4.9.0)

Correct handling of includeInGlobalAddressList

Fixed an issue where create operations could default includeInGlobalAddressList to true (and log “Warning: Error occurred when setting attributes: [Resource Not Found: userKey]”); the connector now treated the attribute as a boolean (not a string) and corrected the read/write paths, including a copy-paste error where the read path returned a different attribute’s value.