Security Risk Advisors

Highlights of Archer Version 5.5 Service Pack 3

July 1, 2015 | Posted in GRC by Will Heineman

This post highlights five enhancements included in Archer 5.5 service pack 3 which was released on July 1st, 2015.  We upgraded Archer test instances in our lab and can confirm that the upgrade was smooth and solutions continue to function as intended.

Session timeout warning

Prior to v5.5.3, if a user session was inactive for a designated period of time, Archer would automatically end the session and log the user out with no warning which could led to lost data and a frustrated user. Customers can now enable a pop-up alert to notify users of an approaching session timeout.  The warning message, pictured below, appears at the top of the user’s browser but does not interrupt the user experience. The user can select “Continue Working” to extend the session.


Figure 1 - Session timeout warning

If the session timeout limit is reached, the user will see the following message displayed at the top of the browser:


Figure 2 - Session timeout message

To configure the session timeout warning, open Archer and go to Administration -> Access Control -> Manage Security Parameters. Open the parameter that you wish to add a timeout warning for. Scroll down to Authorization Properties and check the box next to “Enable session timeout warning” and specify how far in advance of the timeout the warning should be displayed.


Figure 3 - Configuring session timeout warning

Record locking bug addressed

Some past versions of Archer contained a bug that caused records and related records to remain locked if a user opened a record in edit mode and then navigated away without saving or exiting edit mode. Such records would lock preventing that other users from opening them in edit mode even though they were no longer being edited by the original user. The only way to unlock these record was to have the original user log out of Archer or ask an Administrator to disconnect their session. In 5.5.3, RSA has corrected the issue and confirmed that Archer should now properly unlock records after they have been closed.

Notification improvement

Changes to the notification feature now allow a single email notification to be sent to multiple recipients and the inclusion of CC and BCC recipients.  This should improve visibility and accountability around the intent of a notification.  Prior to 5.5.3, a notification would send an individual email message to each named user.  If there was more than one recipient for a notification, the recipients were not listed in the email notification so could not tell who else was receiving the notification.


Figure 4 - Email notification configuration

User attribute display for user/group fields

Administrators can configure a pre-determined user attribute to be displayed when a user, in edit mode, hovers over a user account reference in a user/group field set to display as a “values popup”.  This feature provides additional context about the user that can help eliminate confusion in large organizations where multiple users have an identical name. You can display either the user’s domain/username, title, or email address.


Figure 5 - Example of displaying user attributes

This Attribute Display setting is set in the Archer Control Panel, under ‘General Instance Settings’.  The setting applies to all user/group fields in your Archer instance; it cannot be set per field, user, or application. We hope to see this feature expanded in future releases to allow more granular configuration such as an option to enable it at the field level and to show additional information from the user profile.


Figure 6 - Setting up attribute display feature

RSA Archer and VIA integration

Archer customers who also use RSA VIA (formally IMG and Aveksa) for identity and access management will be happy to learn that RSA has updated the Archer Restful API to better support integrations of the two tools. The new API features are intended to make it easier for customers of both solutions to more efficiently manage user accounts, groups, and roles in a single tool (VIA) rather than retaining and managing more than one registry of users and permissions (in an IAM tool and in Archer).

Where can I learn more?

As always, RSA has posted detailed release notes and updated documentation in the Archer Community.

Have the system performance requirements changed?

No. The system requirements for 5.5 SP3 remain the same as all versions of Archer 5.5.x. The sizing and performance guide may be found in the Archer Community. RSA has also updated the qualified and supported environments to include IIS 8.5 & SQL Server 2014.

Can Security Risk Advisors help with Archer version upgrades?

Yes, feel free to contact Will Heineman for more information at: Will.Heineman@SecurityRiskAdvisors.com