You are browsing the documentation for iTop 2.7 which is not the current version.

Consider browsing to iTop 2.6 documentation

iTop 2.7 Community

What's new in iTop Community 2.7

New display for Attachment

We have reworked the attachment display, with new ordering capabilities and additional information displayed such as

  • who has uploaded the file,
  • when this upload occurred,
  • what is the size and type of the file.

As before, you can drag and drop a file directly on an object. In the console, it works even if not on the Attachment tab.


You've dreamed about it, we made it: You can now perform in a single OQL query, what was only possible through Audit rules.

  • Teams without members
SELECT Team WHERE id NOT IN (SELECT Team AS t JOIN lnkPersonToTeam AS l ON
  • Change Tickets without FunctionalCI linked to it
  • Users not allowed on their own organization
  • and many more…

Check here for more examples

Password Policy

When creating a new user password or changing an existing user password, a password policy is now applied.
The password must have at least 8 characters with lowercase, uppercase, number and special character.

You can remove this default policy, by adding this in $MyModuleSettings array of the Configuration file:

      'authent-local' => array (
                'password_validation.pattern' => '',

You can set a different policy with a regex. More details: User password policy

Application upgrade

With iTop 2.7.0 and above, iTop administrators can upgrade or downgrade their iTop, directly from iTop web interface (console), without having access to the iTop server.
More details here


  • The legacy portal code has been removed from iTop package. iTop portals since version 2.3, should be written based on the enhanced Portal design.

New behaviors

  • A new icon, allows to copy the url to the displayed object, to provide it to a colleague or the support agent.
  • When a user portal clicks outside of a pop-up window in which he has entered some data, he is asked with a confirmation message, instead of loosing his entries.
  • When the user cancels or submits a Ticket form, it now displays a refreshed version of the ongoing tickets.
  • Contacts linked to a Ticket and displayed within the Ticket form are limited to the contacts that the user is allowed to see.
  • External keys attributes displayed in forms are now clickable as in the Console, to open the related object in his own pop-up above the current form.

New customization possibilities

  • Navigation rules allows a Portal developer to specify where to go, when a Portal user cancels or submits a form, in modal or non-modal mode.
  • The Browse Brick now supports to connect two levels not only with a 1:n relationship but also a n:n. So for example, you can define Customer Contracts as the first level, then Service as the second level, and Service Subcategory as the third one.
  • When n:n related objects (AttributeLinkedSetIndirect) are displayed in a form, a new parameter allows to limit the displayed objects to those allowed to the user, or to display all of them (as it was done before 2.7).
  • Number of displayed objects in a page for a Browse and a Managed Brick, can be specified.

More details here

Markup HTML

If you are a Web developper, you can now more easily customize iTop Look & Feel thanks to new attributes added to html tags within iTop pages. See here for more


The administrator can use variables within the Configuration file. When editing the Configuration file within iTop, those variables are now preserved when saving the file. This allows to define a Configuration file, applicable regardless of the environment in which you will deploy your iTop. This follows recommendations for deployment on modern cloud platforms: Best practice.

    'db_host' => $_ENV['DB_HOST'],

We have added a parser to prevent an administrator to put active code in the Configuration file (function calls, system commands,…) within the online editor of the Configuration file. If you want to do this, which is not recommended, you must edit the file on your system and disable the online edition.

API authentication

If you are a developer, you can write an extension, to:

  • Authenticate your iTop users with Single Sign On (SSO) - SAML, OAuth or OpenID (Facebook, Twitter, GitHub, Google,…)
  • Automate user provisioning on his first connection to iTop
  • Customize login/logoff forms to align them to your corporate standards
  • Apply Security Policies on Local users


Authentication can rely on different protocols:

  • Some have been supported for years:
    • AuthLocal
    • AuthLDAP
    • External authentication, mainly used for CAS
      • CAS configuration is now in the modules part, but the old global cas_ parameters are still working.

Some are new 2.7 possibilities which must be coded using the iTop authentication API:

  • SAML (45 parameters)
  • HybridAuth (Facebook, Twitter, GitHub, Google… +27 existing applications)
  • Multiserver LDAP

User provisioning

External applications can provide information about the user:

  • Facebook (like Google and probably others) provide first-name, last-name, email, which can be used to provision the user within iTop, in order to create a user and a contact on the fly.
  • Cautious GitHub only provides the login for eg.

Login screen customization

You can change the login and logoff screens to:

  • Add a background image
  • Add web links to other web sites
  • Add other authentication mecanisms
  • Request additional information to complete user provisioning for eg.

Example of screen customization

Password policy

API to check passwords used in Local Authentication

  • Password complexity can be controlled with a Regex out of the box.
  • but an extension can add/replace it by other controls.
  • Password expiration can be handled by an extension, using available fields Password expiration flag and Password renewal date.

All details here

MySQL8 compatibility

In order to be compatible with MySQL8, we had to change the way the Ticket reference is generated.

Ticket Ref generation

Because of this change, Ticket id is no more used to build the reference and so can differ from the number included in the Ticket ref

MetaModel::GetNextKey is deprecated it is now an alias to ItopCounter::IncClass.

This method is usually used within DBInsertNoReload. You should change the code from:

public function DBInsertNoReload()
      $oMutex = new iTopMutex('ticket_insert');
      $iNextId = MetaModel::GetNextKey(get_class($this));
      $sRef = $this->MakeTicketRef($iNextId);
      $this->SetIfNull('ref', $sRef);
      $iKey = parent::DBInsertNoReload();
      return $iKey;


public function DBInsertNoReload()
      $iCounter = ItopCounter::IncClass(get_class($this));
      $sRef = $this->MakeTicketRef($iCounter);
      $this->SetIfNull('ref', $sRef);
      return parent::DBInsertNoReload();

But not doing it will still work for now.


  • Security: restrict access over /env-xxx

For extension developers

Access to object modifications

  • Improve customization possibilities by providing a list of changes within
  • in \iApplicationObjectExtension::OnDBUpdate using \DBObject::ListChangesUpdated()
  • in \DBObject::AfterUpdate using \DBObject::ListChangesUpdated()

Logs filtering

When writing logs you can now pass new parameters :

  • channel: enable log filtering based on an extension, a feature, a class name, a PHP namespace,…
    • If not given, the default channel is the class log name (IssueLog, SetupLog, …)
  • context: if given, the context will be written alongside the log.

The default log level is all of them except Debug. This can be tuned using the configuration parameter log_level_min: it leverages the possibility to filter the logs below a given level on a per channel basis.


The following API have been deprecated in iTop 2.7 and will be removed in a future version.



  • Change visibility of \DBObject::GetReferencingObjects from public to protected
  • \DBObject::DBInsertTracked
  • \DBObject::DBInsertTrackedNoReload
  • \DBObject::DBUpdateTracked
  • \DBObject::DBDeleteTracked
  • \CMDBObject::DBInsertTracked
  • \CMDBObject::DBInsertTrackedNoReload
  • \CMDBObject::DBUpdateTracked
  • \CMDBObject::DBDeleteTracked
  • \MetaModel::EnumLinksClasses
  • \MetaModel::EnumLinkingClasses
  • \MetaModel::GetNextKey : see ticket_ref_generation

Customer portal

- Tags <submit> and <cancel> will no longer be supported in action rules, use navigation rules instead.

2_7_0/release/2_7_whats_new.txt · Last modified: 2020/01/10 09:56 (external edit)
Back to top
Contact us