This page contains information about completed and upcoming releases of IAM program deliverables, including delivery dates, status updates, and contact information.

Harvard's IAM program team is committed to Agile methodology not only at the level of development, testing, and deployment, but also in larger-scale organizational planning. Under this framework, development, testing, and rollout are structured under two-week sprints, with major objectives addressed within overarching program increments (PIs) of twelve weeks each (six sprints). Within each individual program increment, the sixth sprint is dedicated to hardening, innovation, and planning (HIP), and includes demonstrations for the external product owners receiving deliverables under the PI in question. See below for a summary of the objectives under IAM's current program increment, as well as sprint-by-sprint summaries of objectives and deliverables completed.

Looking for a top-level view? Please consult the latest IAM program dashboard for an overview of deliverables and timelines broken down by the 11 primary program streams identified under our overarching three-year program plan.

Current Program Increment

You can find the latest Program Increment information on the News page.

Completed Releases

Get further details on completed IAM program releases below. Click the gray title bars for expanded information.


8/13/17 - HarvardKey Authentication 3.7.2

HarvardKey Authentication 3.7.2, released on 8/13/2017, includes the below functionality:

Bug Fixes

  • Any application allowing the XID login type, the assertion will now include the memberOf attribute.

8/10/17 - Identity API 2.7.0

Identity API version 2.7.0  fwas released on Thursday, August 10, 2017. It included Student Class Participant Role service, Person service performance enhancements and a number of bug fixes.


  • New student role service for Class Participant role type code to clients to POST, GET and DELETE class participant student roles via the API.  


  • Performance enhancements to the existing Person Service for matching for Search by EPI, and Find Create functionality, which includes reducing matching to a single data source

Bug Fixes

  • Identity API – Updated 2 additional match score entry for records where Last4NationalId is missing in database 
  • Identity API - Responses do not include all name entries for identified HUID records. 

Known Gaps and Remediation Steps

  • None

6/7/17 - IdentityIQ 3.1.12

IdentityIQ 3.1.12, released on 6/7/2017, includes the below functionality:


  • Enforcement of 2 step verification during the authentication process is now based on community membership. Included, is a mechanism that simulates a proposed update to eligibility so that business owners can assess the impact. 


  • Expanded the list of permissible UPN domains with
  • Implemented partitioning allowing the 15 minute delta refresh to process updates at a much quicker rate.

6/4/17 - HarvardKey Authentication 3.7.0

HarvardKey Authentication 3.7.0, released on June 4, 2017, includes a functionality update for integration with Grouper to enhance authentication in two ways: by providing coarse grained authorization filtering, and by returning groups of authenticated users in the assertion.

5/18/17 - IdentityIQ 3.1.11

IdentityIQ 3.1.11, released on 5/18/2017, includes the below enhancements:

  • Expanded the list of allowable Harvard Owned HUIT Managed email domains that are permissible in support the incoming HKS students. 
  • Streamlined a multi-step process in order to improve stability and performance.
  • Notification process improvements aimed at increasing stability and performance when entering Grace periods. 
  • Notification verbiage updates for entering grace, as well as 5 and 10 days prior to the end of the grace period to better describe for the user what services and accounts are affected and why. In addition, both will now ignore manually assigned entitlement roles.

5/11/17 - HarvardKey Self-service 3.7.2

HarvardKey Self-service 3.7.2, released on May 11, 2017, updates the verbiage included in the HarvardKey Claiming Success Notification email. As of now, the format is more flexible, and the service/account descriptions are less confusing to all recipients.

5/1/17 - HarvardKey Self-service 3.7.1


This is a followup to release 3.7.0 that updates the verbiage included in the HarvardKey Claiming Success Notification email. Verbiage has been more generalized in order to distinguish between those who are required to use Duo two-factor authentication, and those who are not.


4/23/17 - HarvardKey Self-service 3.7.0

HarvardKey Self-service 3.7.0, and HarvardKey Authentication 3.6.0, released on April 23, 2017, deprecate PIN authentication. The HUID/eCommons tab no longer appears when claiming on - users needing to claim a HarvardKey should go though the "New to Harvard" or "Alumni" paths. The HUID tab no longer appears when logging in to applications. One-way federation has been removed, which means the eCommons tab no longer appears when logging in to most University applications. Users should log in with the HarvardKey tab.

4/9/17 - HarvardKey Self-service 3.6.3

HarvardKey Self-service 3.6.3, released on April 9, 2017, includes an update to the address in the footer of emails generated from the system; saves provided login names in lowercase to prevent any issues with other systems; and added logic to better support Duo device management based on the user's Duo status.

4/9/17 - HarvardKey Authentication 3.5.2

HarvardKey Authentication 3.5.2, released on April 9, 2017, includes back-end changes regarding the processing of Duo enrollments.

3/12/17 - HarvardKey Authentication 3.5.1

HarvardKey Authentication 3.5.1, released on March 12, 2017, includes an enhancement so that users can sign into Duo multifactor authentication when they are using Dragon Naturally Speaking software. It also includes a fix to remove dependencies on the Aurora database, so that if that database goes down it doesn't affect Authentication. It also fixes minor display issues on the HarvardKey login page.

3/9/17 - IdentityIQ 3.1.10

IdentityIQ Release 3.1.10 includes the following minor changes:

  • Adds provisioning support for a soon-to-be-added Library Borrower for Schlesinger Library.
  • Expands support of User Principle Names within the new domain

Known Issues

  • No known issues have been raised for IIQ 3.1.10

2/2/17 - IdentityIQ 3.1.9

IdentityIQ 3.1.9, released on February 2, 2017, includes enhancements to notifications, as well as performance & bug fixes. 


  • Setup a scheduled process to prune the event logs (TEAMX-989)
  • Enabled internal event auditing on several custom workflows. (TEAMX-1070)


  • Simplified the notifications send to users when entering the Grace period in an effort to reduce confusion. (TEAMX-575, TEAMX-1137)
  • Several configuration changes aimed at providing a uniform licensing model for SharePoint and Exchange Online, and introduced new communities to faciliate future functionality for the Graduate schools. (TEAMX-941, TEAMX-1088)

Bug Fixes

  • Implemented vendor recommended bug fix for identified vulnerabilty. (TEAMX-1084)
  • Removed unused/deprecated code and account links (TEAMX-927, TEAMX-983)

Known Gaps and Remediation Steps

  • None


1/12/17 - AuthZProxy to the Cloud


1/10/17 - Communities Phases

CHG0017176, CHG0017183 (1/11/17)

1/10/17 - IdP 3.3