Web System Administration - Archive
Tip
Only releases with enhancements or resolved issues for this module have content below.
Resolved Issues
Enhancements
This release includes performance improvements to the System Administration, Manage System Roles, J1 Web Privacy Role, Edit Role page.
Input validations have been added to the APP_USER.USER_ID and the AppID parameters of the ExiCreateExiRoleAssignment stored procedure. These parameters must be valid before existing J1 Web users can be added to J1 Web roles. If there are errors, notification messages appear in the system, –1 is returned, and a row is added to the ERROR_LOG table.
Enhancements
New import and export Security Assertion Markup Language (SAML) metadata options let you quickly populate the Single Sign On (SSO) details as opposed to manually entering the information. This saves time and ensures case-sensitive provider information is entered accurately.
Once your identity provider's SAML information has been exported into an XML format, it can be uploaded into J1 Web, System Administration. Identity provider and SAML communication information are stored in the database and immediately applied to the SSO process. You can view the identity provider (IP) information from the Sign Sign On window.
Use the new Export SAML metadata option to export J1 Web SSO identity information in an XML file that can be imported into your identity provider.
Jenzabar added a new role permission called ‘Can be added as an Event Coordinator’. This permission allows users to create and edit events without automatically being added to Event Coordinator drop-downs.
Users must have this permission to be included in the Event Coordinator drop-downs on the following pages:
Create Event Wizard | Event Basics page
Event page | Contacts block
Review event details page | General Information pop-up
Manage Event Settings page | Event Requests Team field
Caution
Existing custom Event Coordinator roles will have the 'Can be added as an Event Coordinator' permission turned off by default.
Changes to your multi-factor authentication settings are now applied as soon as you save. This means you no longer have to reset the IIS (Internet Information Services) for updates to take effect.
Resolved Issues
Issue | Description |
|---|---|
199347 | An error message appeared when users tried to access the Product Installs and Sign In page. |
Enhancements
The following new settings in System Administration (Product Installs and Sign In) let your school set up Active Directory authentication in J1 Web as opposed to managing those configurations in the ProviderConfiguration.table.
Setting | SSO Configuration |
|---|---|
Service Provider Identifier | Name used to identify your J1 site in the SSO environment. For example, https://www.yourschool.edu/J1Web |
Identify Provider Identifier | Identity provider’s name/identifying information. Typically the identity provider’s base URL. |
Identity Provider SSO URL | URL your identity provider generated to redirect J1 Web users. |
Identity Provider Launch Page URL | URL your identity provider generated to appear when users sign out of J1 Web. |
SAML Communications |
|
New Permissions are available for the following roles:
Employee Administrator has new view, edit, and create Payroll Calendar permissions
Registrar
Can add student divisions
Can add programs
Can add student term table records
Registration Module Manager
Can add student divisions
Can add programs
Can add student term table records
Resolved Issues
Issue | Description |
|---|---|
194846 | Signing into J1 Web failed for users whose NAME_MASTER.LAST_NAME value included an apostrophe. |
194882 | The Academic Advising Module Manager role was not providing sufficient permissions to use the Manage Advising Roles page. The page was appearing blank for users in that role (except when they were also in another role providing the necessary permissions). |
195094 | The System Users page failed to display rows when more than 2,100 people were defined as Employees or as Faculty when picking those respective views. |
Enhancements
To make setting up SSO easier, a new Single Sign On window is available from the Product and Installs page, and lets you manage identity provider information and SAML communication configurations.
Detailed configuration information is available in the J1 Web System Administration SSO Implementation Guide and online help. [need link to Sys Admin help]
To improve overall usability, permissions and users related to a role have been broken out into separate tabs. Features for updating role permissions, and managing users assigned to roles remain the same.
With 2019.4, the Transitional Security role has been removed. All users must now belong to the J1 Web user role to access basic J1 Web features such as calendar, tasks, bookmarks, etc. As a part of this change, J1 Web User permissions have been generalized.
Meeting permissions have been added and moved to the following roles:
Academic Advising Module Manager
Advising – Access to All Students
Primary Advisor – Access to Assigned Students
Secondary Advisor – Access to Students by Academic Program, Athletic Roster, and Campus Location
Secondary Advisor – Access to Students by Campus Location
Faculty – Access to Courses and Students by Course
If you want users to be able to create and/or edit meetings, they must belong to a default or copied role with the Can create/edit meetings permission enabled.
The following general facilities permissions are now managed through the new Facilities User role:
View places and spaces
Use the location browser
View pending location approvals
Search location calendars
Create and edit meetings
Users who need access to facilities information must now belong to the new Facilities User role. This allows your school to more efficiently control access to facilities information.
Caution
To ensure users’ access to create and edit meetings, and/or view information about places and spaces isn’t disrupted, verify they belong to a role with the appropriate permissions:
Users that need to create/edit meetings must now belong to a role with meeting permissions (the roles listed above or the new Facilities User role).
Users that need to view location information must now belong to the new Facilities User role.
The new J1 Web Privacy role restricts users from accessing any information about a selected group of individuals. This includes prohibiting access to information from the Global Search options or the individuals’ pages.
Notice
Your school may want to prohibit student users from accessing information about board members. You can create a Student Users privacy role and then prohibit users in that role from seeing a group that includes all the board members at your school.
New permissions are available for the following roles:
Business Office User has new view, create, edit, and delete batches and manage budget permissions
Employee Administrator provides new annual statement options that allow users to add/edit W-2 and 1095-C settings
Facilities Manager now includes the location browser permissions
Registration Module Manager and Registrars roles have new competency based education options for viewing, adding, editing and removing CBEs
Notice
Users can only see those pay groups they have permission to view (permissions managed on the Desktop HR Group Security Via Payroll window).
J1 Web log files now include more detailed information about SSO errors.
New measures ensure the SSO authentication verifies the target URL is a valid J1 URL, which prevents open redirect attacks.
Resolved Issues
Issue | Description |
|---|---|
179202 | The scheduled job "Update Facilities In Use Timeslots" was not optimized and ran slowly. |
180416 | A cross-site scripting vulnerability was found that would have allowed potentially malicious coding to be inserted into the body of messages being sent from J1 Web. |
187373 | The Active Directory (AD) Sync process was automatically activating users as J1 Web users, but the decision and action to allow users to use J1 Web should be left to J1 Web administrators. |
Enhancements
The following new permissions have been added to some Advising roles in order to accommodate the My Academic Plan features in Campus Portal:
Can edit academic plans and approve student edits
Any role that previously had permission to edit academic plans now has permission to approve or deny student requests to edit their plans.
This role permission has been added to:
Advising - Access to All Students
Academic Advising Module Manager
Primary Advisor - Access to Assigned Students
Secondary Advisor - Access to Students by Academic Program (secondary advisors can approve/deny student requests on the Student page)
Secondary Advisor - Access to Students by Athletic Roster (secondary advisors can approve/deny student requests on the Student page)
Secondary Advisor - Access to Students by Campus Location (secondary advisors can approve/deny student requests on the Student page)
Faculty - Access to Courses and Students by Course
For more information on the My Academic Plan feature, see Campus Portal Student Features release news.
With the new Can generate charges permission, users in these roles can generate charges for students during the registration process.
Note
The Generate charges feature is available under these conditions:
Your school has the Accounts Receivable license.
The Allow RE Billing? checkbox is selected for the particular billing period on the Billing Periods window in J1 Desktop.
Enhancements
The Manage Systems Users page has new Employee options that let users search for employees by position, hire date, and termination date.
Tip
Sign In Page settings let you set up the system to add JICS employees to J1 Web using their JICS credentials. For more information, see the Manage Product Installs and Sign In Methods help.
With J1 2019.1, Jenzabar added a multi-factor authentication (MFA) sign in option. MFA is a layered authentication process that makes it more difficult for an unauthorized person to access your network. Jenzabar's partnership with Duo to provide this feature has been finalized and the multi-factor authentication option can be implemented.
For more information:
System Administration Archive for 2019.1
Manage Product Installs and Sign In Methods [need to add link to online help]
Registrars and Registration Module Managers have the following new Student Management permissions available:
New Can remove student divisions permission lets users remove a division from a student’s record on the Manage Student Division and the Student Information Details pages.
New Can remove programs permission lets users remove a program from a student’s record on the Manage Student Division and the Student Information Details pages.
New Can view student notes permission lets users view notepad notes about a student on the student's summary page.
Registration Module Managers also have the following new Student Management permission:
New Can Design student General Info Custom Data permission lets users manage user-defined Student Master table information on the Student Information Details page
Note
These new permissions are available to any roles your school created based on the Jenzabar-provided default role templates.
Resolved Issues
Issue | Description |
|---|---|
157077 | When the JICS URL is set to an invalid path, several jobs in the Scheduled Jobs service will fail. Further, those failures were causing unrelated jobs to exit unexpectedly. This left J1Web in an unexpected state, as required jobs were not completing. |
167530 | When EXi is configured to use Exchange calendar syncing, it becomes impossible to use JICS as its SSO identity provider, because both features require the use of the APP_USER.DIRECTORY_SERVICE_USERNAME database field, but in conflicting ways. |
167536 | When SSO is correctly configured and users and correctly set up, users are still getting a "Sign in was not successful" message on the sign-in screen and are not able to login. |
167907 | On the My General settings page for a user, the Task and Message Forwarding section sometimes displayed a cached email address for another user. This has been resolved. |
168314 | The SSO Configuration SQL Script published to MyJenzabar.net has been fixed to require signed certificates for user credentials. Schools using SSO should re-run the script to set up that requirement. |
Enhancements
The new System User Names drop-down on the Manage System Users page lets you view all system users or just faculty. Filter options let you search for faculty by name, status, role, name, type, term, and/or section.
Note
Sign In Page settings let you set up the system to add JICS faculty to J1 Web using their JICS credentials. For more information, see the Manage Product Installs and Sign In Methods help.
A new Verify a mailbox or calendar option on the Calendar Settings page lets you access the new Verify a Mailbox or Calendar for Microsoft Outlook page.
Use this new page to enter a user's name and/or Exchange credentials and test the connection.
To facilitate student registration, several roles have new permissions available.
Role | What's New |
|---|---|
Registrars | Section Management permission set Student Management permission set |
Registration Module Managers | Catalog Courses permission set Student Management permission set Section Management permission set |
Faculty Access to Students and Courses and Students by Course | Can view student section list (replaces Can view student course history) |
Sign In Method and Calendar and Third-party Calendars settings no longer require an Internet Information Services (IIS) reset after being updated.
If your school isn’t licensed for a particular J1 Web module, then the scheduled jobs for that specific module no longer run. All schools still run common and standard scheduled jobs.
Two updates were made to the System User Names filter option on the Manage System User page:
Account status information is no longer shown
User IDs now appear next to the names matching the results
Resolved Issues
Issue | Description |
|---|---|
151343 | Schools were unable to save email addresses ending with a capital letter in the Email field of the Contact Information for Your Support Team setting on the Communications page. |
Enhancements
A new View all scheduled jobs link on the Scheduled Jobs block accesses the new Scheduled Jobs History page where users can view a full list of all failed or successful scheduled jobs.
The Scheduled Jobs block on the System Administration Home page shows the 5 most recent scheduled jobs and the new Scheduled Jobs History pages shows a full list of all failed or successful scheduled jobs. Just like the Scheduled Jobs block, users can see information about what a scheduled job does, when it was last run, how frequently it runs and for how long. For failed jobs, users can also see the log incident number making it easier to find the issue in the log file when troubleshooting issues.
The Scheduled Jobs History page includes a filter feature that lets users search for scheduled jobs by a specific keyword.
To make it easier to distinguish what roles and permissions have been changed or added, version indicators have been added to the System Roles and Edit Roles pages. New Updates by Version and Versions filter options let users choose what release they want to see indicators for. They can chose to see indicators for a specific release, all releases, or no releases.
With J1 2019.1, Jenzabar has added a multi-factor authentication (MFA) sign in option. MFA is a layered authentication process that makes it more difficult for an unauthorized person to access your network. A partnership with Duo to provide this feature is imminent and will be announced once official.
To make System Administration settings easier to find and setup, settings were broken out into three pages: Calendar, Communications, Product Installs and Sign In. To access these new pages, the Hub options were separated into Admin options and Settings and new options were added.
The Systems Role page has a new System Roles Filter, which allows users to search for roles by keyword and filter them by default versus copied or when the role was added to J1 Web or most recently updated.
A new Account Status filter option has been added to the Manage System Users page. This filter lets users choose to see only active or only inactive J1 Web system users.
Jenzabar’s cloud help server is now synchronized with the J1 Web URL configuration on the Product Installs and Sign In page. When your school changes the J1 Web URL, the new URL is registered with the cloud server to ensure users can access online help.
Resolved Issues
Issue | Description |
|---|---|
138875 | Users were unable to bookmark the System Administration hub, System Users page. The bookmark feature for this page now works correctly. |
150133 | System Users page showed JICS login information for users even when a school did not have a JICS URL configured on the Product Installs and Sign In page. |
147290 | Database error occurred when attempting to delete a J1 Web user who had sent Web messages. |
147859 | When two columns in the Facility table requiring data were null, J1 Web Facilities pages did not appear. These columns have been removed and Facilities pages now appear correctly. |