Skip to main content

What's new - iCIS On-Prem v4.2.5

This topic provides an overview of the more significant changes in the "on-premise" release of iCore Integration Suite v4.2.5.


This release includes all changes in iCIS Cloud version v4.2.0 - v4.2.5.

Updated technical requirements

iCore Integration Suite now requires .NET 4.8.

For more information, see Technical requirements.


Large Event / Job argument values

Large Event / Job argument values can now be displayed in the Administrator tool. See View the arguments of a Job.

Authentication and authorization

Enable/Disable authentication with Open ID Connect (OIDC)

Authentication with Open ID Connect (OIDC) can now be enabled or disabled for the iCore system. This can be done in System settings in the Administrator or with the Set-iCoreAuthenticationProvider cmdlet.

User authorization with Azure AD

Users can now be authorized via Azure AD instead of via User groups in the iCore system. Users and their group memberships can be administered directly in Azure. In order to use authorization with Azure AD, the iCore system has to be configured with an Azure AD provider. Authorization in Azure AD requires that authentication is set up with OpenID Connect in Azure.

For more information, see Authorization with Azure AD.

User authorization with Azure AD for Administrator

The Administrator now supports user authorization via Azure AD by managing users and groups in Azure instead of in the local configuration. Using this feature requires that you configure an Azure AD as OpenID Connect provider, as well as an Azure AD provider, in combination with role mappings against Azure AD groups.

For more information, see Configuring authorization using an Azure AD provider.


New System Event type – ServerPartFaulted

A new System Event type (__iCore_ServerPartFaulted) is now available. An Event of this type is created when a Server part enters a faulted state, and can be used to set up alarms that notify the administrator of the system.


The Categories property is no longer visible in the entity properties view in the Administrator GUI. To ensure backwards compatibility, it is still available as a read-only property on the entity in the iCore Public API.

  • Entities can be added to or removed from a Category in the entity details view (as before).
  • Adding or removing an entity from a Category no longer affects the modified date of the entity.

User management & security

Multiple User group memberships

It is now possible for a User to belong to more than one User group. The access rights for a User is the sum of all granted permissions that it receives through its User group memberships.

Authentication with Open ID Connect (OIDC)

System login now supports Open ID Connect (OIDC). There are several well-known authentication providers that support OIDC, for example Microsoft Azure, Google and SalesForce. Note that OIDC System login does not (currently) imply that OAuth authorization is supported. Authorization in an iCore system is handled via User groups that specify what a User is allowed to do in a System.

For more information, see User authentication.

New permissions on iCore systems

The Security Administrator, Administrator, and Developer User group can now set the following permissions on the iCore system level:

  • Export – Users with this permission can export all entities in a system (regardless of other permissions).
  • Import – Users with this permission can import any entities to a system (regardless of other permissions).
  • Attach/Detach – Users with this permission can attach or detach a system (regardless of other permissions).
  • Upgrade – Users with this permission can upgrade a system (regardless of other permissions).
  • Edit tracking page – Users with this permission can edit tracking page in a system (regardless of other permissions).
  • Set Default filter – Users with this permission can set default filter in a system (regardless of other permissions).

These above permissions are granted to the Administrator and Developer User groups by default when you create a new iCore system. However, if you upgrade an existing system, the permissions will be granted to all existing User groups.

The Restricted operations property has been removed from the User entity, and access rights are now instead controlled by the following new permissions:

  • Protected data access – Users with this permission are allowed to view or update the values of a protected entity.
  • Modify protectable – User with this permission are allowed to modify the protected property of a protectable entity. This implies permission "Protected data access".
  • System protection – Users with this permission are allowed to update the Data protection setting of a system.
  • User password policy – User with this permission are allowed to modify the User password policy of the system.

For more information about how these permissions are managed when an iCore system is created or upgraded, see Backwards compatibility.

New permission on Component definition

The Administrator and Developer User group have a new permission on Component definition:

  • Execute – Users with this permission can Execute a Component in the Run Component tool (regardless of other permissions).

The Execute permission is granted to the Administrator and Developer User groups by default when you create a new iCore system. However, if you update an existing system the permission is added to all existing User groups.

New User group in new iCore systems

When a new iCore system is created, a User group called "Security administrator" is now added to the system. The new permissions that replace the previous Restricted operations (see New permissions on iCore systems) will be granted this User group and the User "Admin" will be added as a member. "Security administrator" replaces the User "SecAdm" which is no longer added to the system.

Entity references

  • User-defined entity references no longer explicitly prevents deletion of a referred entity. Deletion is now allowed after manual confirmation.
  • User-defined entity references and Category memberships no longer require the referred entity to be exported or imported. These entities will be included by default, but can now be deselected if desired.
  • The Import-Export Tool has new visualizations of the various selection statuses to make it easier for the user to determine the state of a particular entity and what that state it may be changed to.

Component definitions

Component definition locks

Component definitions can now be locked to prevent other Users from making changes to it. The feature is a useful for example when you want to prevent multiple Users from simultaneously editing the same Component definition. A locked Component definition cannot be edited, overwritten (through an import or otherwise), or compiled and can only be unlocked by the User who locked it or an Administrator with the “Release other User’s lock” permission.

For more information, see Component definitions.

SSL/TLS configuration

Sending and receiving email now has added configuration options for SSL/TLS. You can specify which SSL/TLS versions to support when establishing secure connections to SMTP and POP3 servers in the following objects / activities:

TLS 1.3

TLS 1.3 is now available as an option when configuring an SSL connection in the following objects / activities:


After upgrading to version 4.2.5, there is a risk that existing mail and http clients that use SSL/TLS will stop working. For more information, see Backwards compatibility.

SFTP Key Exchange (KEX)

A new parameter Initialize KEX is available that can be used to resolve issues with some SFTP servers which expect the client to initialize the key exchange (KEX). Applies to:

Web service client – enable/disable XML schema

When adding a new Web service client, there is now an option to enable/disable XML schema generation.

Web service client – Improved options to configure bindings

In Workflows

The options to configure an Endpoint have been improved, which provides the user with new options to configure bindings.

  • In Workflows that use a SOAP-based web service client, it is now possible to create an Endpoint from a VB expression directly in the web service consumer activity. For more information, see Web services.
  • A new Workflow activity, Create Endpoint from Configuration, is automatically added when a new web service consumer activity is created. The activity can also be added manually.
  • During system upgrade, all existing Workflows that use a SOAP web service will be updated with the new activity.

In Adapterflows

A CustomBinding can now be configured in the generated Web service consumer activities, in addition to the existing binding types. The custom binding can only be configured in code expressions. The use of a CustomBinding gives the user improved possibilities to configure the binding for the Endpoint.

For more information, see:

Enable/disable Write To Log activity

A new property ("Enabled") has been added to the Write To Log activity, which lets you enable or disable the activity dynamically for example via a Setting.

Entity filters available in Web APIs

It is now possible to programmatically execute Entity filter queries from a Web API, with support for caching and strongly typed result rows and parameters. For more information, see Using Entity filters in Web APIs.

SFTP support UTF8 in filename

Workflow and Adapterflow activities now have a new parameter, Use UTF8, for parsing filename in UTF8. Applies to:

ConvertDate function renamed to FormatDate

The Script function ConvertDate has been renamed to FormatDate, but keeps the same functionality.

Execute Web API definition activity startup/shutdown timeouts

New arguments have been added to activity Execute Web API definition:

  • Startup timeout
  • Shutdown timeout

AS2 Keep alive and HTTP version

New arguments have been added to AS2 Workflow activities Send AS2 Message and Send AS2 MDN:

  • HTTP version
  • HTTP keep alive policy

Load certificates from file

It is now possible to create certificates from a file or stream using iCore coded API in Component definitions support coded API. For more information, see LoadCertificate method.


AS2 functionality has been re-worked to better follow the specification of the EDIINT-Features header that was introduced in AS2 version 1.2. The header is included in AS2 messages and is a specification of the capabilities of the sending user agent, it is not an indication of message contents. Therefore, when using the AS2 activities you should set these arguments to indicate what features are implemented:

EDIINT features that can be implemented in iCore:

  • AS2 reliability
  • Multiple attachments

For more information, see:

AS2 Workflow activities for EDIINT

Workflow AS2 activities now support implementation of EDIINT features defined in AS2 version 1.2. The following features are supported:

  • multiple-attachments
  • AS2-Reliability

New Workflow activities to support multiple attachments in AS2 messages:

New types:

Coordinated Universal Time (UTC)

All dates and times in an iCore system are now stored as UTC (Coordinated Universal Time). To handle the conversion, an iCore system time zone is defined for each iCore system. The iCore System time zone needs to be specified both when upgrading existing systems, as well as creating new ones.

  • When you upgrade an iCore system, all dates and times in iCore entities (except tracking entities) are converted from the selected iCore System time zone to UTC. For more information, see Backwards compatibility for iCIS v4 updates.

For more information see Working with dates and times.

iCore Database

iCore Database Isolation now uses Read Committed Snapshot Isolation (RCSI), with the purpose to reduce deadlocks and blocking scenarios that can occur in Components during runtime. Note that using RCSI will also lead to increased database storage requirements.

See also Backwards compatibility for iCIS v4 updates.

Deprecated and removed tools

iCore Port Monitor

The iCore Port Monitor is no longer included in the iCIS installation, but is available as a separate install file. If you need access to iCore Port Monitor, contact us ( Documentation about Port monitor has also been removed from this help file.

iCore API Web Service

The iCore API Web Service feature has been removed and is no longer available.


CheckRefs is now deprecated and will be removed in future versions of iCIS. We recommend that you use the Test-iCoreEntityReferences PowerShell cmdlet instead.


The legacy Administrator tool is no longer available. Use the web-based Administrator instead.


The iCoreTrig.exe application is now deprecated and will be removed in future versions of iCIS.

Build Component tool

The Build Component tool is now deprecated and will be removed in future versions of iCIS. We recommend that you use Build PowerShell cmdlets instead.

Run Component command line tool

The Run Component command line tool is now deprecated and will be removed in future versions of iCIS. We recommend that you use the Run Component tool instead.

See Also

Backwards compatibility for iCIS v4.2