Release Notes
Juniper Identity Management Service 1.7.0R4
Published: 2025-07-22
Introduction
This release note accompanies Juniper® Identity Management Service Release 1.7.0R4. It describes the product and its known behavior, problems, and limitations.
The Juniper Identity Management Service (JIMS) 1.7.0R4 build supports both the On-premises and Secure Edge.
JIMS (for Windows) is a standalone Windows service application that collects and maintains a large in-memory cache of user, device, and group information from Active Directory domains, enabling SRX Series firewalls to rapidly identify thousands of users in a large, distributed enterprise. SRX Series Service Gateways can create, manage, and refine firewall rules that are based on user identity rather than IP address, query JIMS, obtain the proper user identity information, and then enforce the appropriate security policy decisions to permit or deny access to protected corporate resources and the Internet.
The JIMS service in Juniper Secure Edge supports third-party Identity Provider (IdP) integrations with Okta and Entra ID.
What's New
Learn about new features introduced in this release for Juniper Identity Management Service (JIMS):
- Bug Fixes – Multiple issues identified in earlier versions have been resolved to improve system stability, performance, and reliability.
- Self-Recovery Mechanism – JIMS now introduced a self-recovery feature to enhance product resiliency. The system now monitors critical counters, and if a potential stuck state is detected, automated recovery actions are triggered to restore normal operation without manual intervention.
Specifications
| Component | Specification |
|---|---|
| Supported with Junos OS active releases | Yes |
| ClearPass Integration With Web API | No |
| ClearPass Integration Without Web API | Yes |
| Maximum SRX Series devices | Up to 1200 |
| Maximum CSO platforms | 10 |
| Support for Juniper Secure Edge | Yes |
| Maximum event log sources | 150 |
| Maximum Active Directories | 100 |
| Maximum domains | 25 |
| Maximum user entries | 500,000 |
| Maximum syslog sources | 200 |
System Requirements
Juniper Identity Management Service (JIMS) can be installed on the following Microsoft Windows platforms:
- Windows Server 2016 or later.
- Minimum system requirement for Juniper Identity Management Service: A server with a 4-core, 64-bit compatible 1.4 GHz or higher CPU, a minimum of 16 GB of system memory, and 100 GB of disk space.
- Recommended system requirement for Juniper Identity Management Service to scale up to 1200 SRX Series devices: A server with a 16-core, 64-bit compatible 2.4 GHs or higher CPU, a minimum of 64 GB of system memory and 128 GB of disk space is required.
Supported Identity Sources
Juniper Identity Management Service (on-prem) supports the following identity sources:
- Microsoft Active Directory on Windows Server 2008 R2 and later
- Microsoft Exchange Server 2010 with Service Pack 3 (SP3) and later
- Syslog
- PC Probe.
The JIMS service in Juniper Secure Edge supports third-party Identity Provider (IdP) integrations with Okta and Entra ID.
What's Changed
Learn about what changed in this release for Juniper Identity Management Service.
- JIMS release 1.7.0R4 addresses bugs identified in earlier versions, improving system stability, performance, and reliability.
- JIMS now introduced a self-recovery feature to enhance product resiliency.
Known Limitations
Learn about known limitations in this release for Juniper Identity Management Service.
- In certain environments, admin privileges are required to start JIMS admin user interface.
Open Issues
Learn about open issues in this release for Juniper Identity Management Service.
- After restarting the JIMS-Server, in JIMS Administrative UI at the Status > SRX Clients > Query State page, an unknown state is displayed. To resolve this, you should reconnect to the JIMS Administrative UI after a 15-minute period - PR1693586
- When a user alias is associated with multiple Active Directory domains, incorrect user domain might be associated with the user - PR1737513
- Please contact Juniper Support (JTAC) for resolution.
- Treatment of user sessions with $ at the end of the username as device sessions (Modification) - PR1762419
- Failure to update the token_lifetime value in SRX when default value is added (using SRX template) - PR1769031
- If user moved from one subdomain to other in active session, old session will be timeout as per configured session-timeout - PR1828955
Resolved Issues
Learn about the issues fixed in this release for Juniper Identity Management Service.
- Fixed an issue where the session timer was getting reset during group membership updates. These updates caused churn and concurrency issues in the system, preventing user sessions from timing out as expected. With the candidate build, customers no longer need to manually run the logout script, which previously could have triggered a race condition leading to the current ICE issue - PR1772014
- Resolved a problem where JIMS sometimes failed to parse user details from syslog user logon events. This fix addresses a syslog concurrency issue, preventing object overwrites in the attribute store related to syslog event processing - PR1801438
- Addressed concurrency-related object overwrite issues in syslog processing to improve stability - PR1758750
- Introduced a watchdog mechanism to detect and recover inactive threads by partially reloading JIMS components. This newly added resiliency system logs watchdog actions and can be disabled via registry configuration. Note that partial service impact may occur during recovery-for example, SRX IP-query will continue to function for existing data, but learning of new users and events will pause during the watchdog recovery process - PR1882585
Requesting Technical Support
Technical product support is available through the Juniper Networks Technical Assistance Center (JTAC).
If you are a customer with an active J-Care or Partner Support Service support contract, or are covered under warranty, and need post-sales technical support, you can access our tools and resources online or open a case with JTAC.
- JTAC policies—For a complete understanding of our JTAC procedures and policies, review the JTACUser Guide located at JTACUser Guide.
- Product warranties—For product warranty information, visit http://www.juniper.net/support/warranty/.
- JTAC hours of operation—The JTAC centers have resources available 24 hours a day, 7 days a week, 365 days a year.
Self-Help Online Tools and Resources
For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called the Customer Support Center (CSC) that provides you with the following features:
- Find CSC offerings: https://www.juniper.net/customers/support/.
- Search for known bugs: https://prsearch.juniper.net/.
- Find product documentation: https://www.juniper.net/documentation/.
- Find solutions and answer questions using our Knowledge Base: https://kb.juniper.net/.
- Download the latest versions of software and review release notes: https://www.juniper.net/customers/csc/software/.
- Search technical bulletins for relevant hardware and software notifications: https://kb.juniper.net/InfoCenter/.
- Join and participate in the Juniper Networks Community Forum: https://www.juniper.net/company/communities/.
- Create a service request online: https://www.juniper.net.
- To verify service entitlement by product serial number, use our Serial Number Entitlement (SNE) Tool: https://entitlementsearch.juniper.net/entitlementsearch/.
Creating a Service Request with JTAC
You can create a service request with JTAC on the Web or by telephone:
- Visit https://www.juniper.net.
- Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).
- For international or direct-dial options in countries without toll-free numbers, see https://support.juniper.net/support/requesting-support/.
Revision History
21 July, 2025 - Revision 1 - Juniper Identity Management Service Release 1.7.0R4.
