Please welcome Admin Console!

The biggest change in Unity 3 is a new administrative web UI: Admin Console (or Console for short). It completely replaces the legacy Admin UI.

The grand goal of adding Console was to expose all functionalities Unity has, over a web interface. Previously Unity administrator was forced to follow a hybrid approach: directory was managed with web interface, but many other settings like authenticators were only reachable from config files. Now almost everything is exposed within the Console.

It is hard to enumerate all improvements it has, the best is to give it a try. The most notable items are:

  • Complete management:
    • realms, authenticators, authentication flows
    • all endpoints (note that in console are now broken into two sections: IdPs and Services)
    • trusted certificates
    • all features of Admin UI
  • Many of existing views were refreshed to offer a better UX
    • better use of screen size, no more vertically split panels (besides directory browser, but see below)
    • sorting and filtering in all relevant places
    • small improvements in many places (e.g. on realms view you can check which endpoints are using it)
    • refreshed directory browser: some things still to come, but its UX is greatly improved already now. For instance attribute values are instantly visible for each selected entity, groups can be searched, and multiselected, attribute statements presentation is more compact.
  • New main layout with left bar navigation
  • Lightweight, faster loading, compared to AdminUI
  • Input and Output profiles are now 1-1 bound with their corresponding authenticator or endpoint (respectively). No more “global” view of profiles, e.g. editing of an input profile is now a part of authenticator editing.
  • Deep linking: you can login instantly to a specific part of Admin Console.

 

Audit log available

In Console you can now browse Audit log. Unity from version 3.0 stores audit traces of most important operations that were performed on the directory. That’s an initial version of this subsystem with certain gaps, but it is already now very functional and provides valuable insights into history of Unity deployment.

Audit log can be queried using simple but flexible filters bar, providing information on all changed attributes, groups, and entities.

 

Remaining notable improvements

  • Java 11 is finally supported. Java 8 can still be used. In close future we are going to deprecate Java 8. Java 12 & 13 should work too, but was not tested.
  • It is possible to outsource message templates management and message sending to an external service. Admins can integrate Unity with dedicated mail systems or marketing/CMS software and manage all organization communication from one place.
  • RFC 7662 support was added, i.e. a standard OAuth token introspection endpoint. (the proprietary one is still available for backwards compatibility).
  • Smarter checking of dependencies when updating credential definitions. Changes which can’t make stored passwords invalid are now neither blocked nor constrained.

 

Upgrade from 2.x

The upgrade from 2.8 should be easy. The biggest configuration change is related to turned off by default reloading of configuration changes from configuration files upon restart. This can be however reconfigured to have Unity 2 behavior.

Upgrade from older 2.x versions may be more problematic, so we advise to first perform a successful update to 2.8 and then to 3.0. However, technically it is fully possible to upgrade from any 2.x version to 3.0. The only problem are all incompatible configuration changes that were introduce in 2.x releases.

In any case make sure to read upgrade instruction in manual. While easy there are important facts to understand, as introduction of Admin Console changed default startup behavior.