Skip to main content
Version: On prem: 14.0.16

Upgrade guide from 11.1 to any version 14

Prerequisites

For description of prerequisites common to each upgrade, refer to the Upgrade guides main page.

Enabling object access for OData

If you are using the Odata interface, you need to review and update the settings for objects that are accessed through the API.

Upgrading from 11.1 to 12

Here you will find the prerequisites to upgrade from version 11.1 to any version 12. It's mandatory to do this upgrade if you want to get any version 14:

  • Back up the databases.
  • Back up the configuration files below the ODW installation folder. Any major update will delete the configuration files.
  • Install the software.
  • Restore the files.
  • Review the OIS Data Warehouse.

LDAP migration from 11.1 isn't supported in 12.3

Omada Identity v12.3 doesn't support importing multiple systems for the same LDAP source, as you could in version 11.1. Therefore, you must be aware of the following two steps:

  1. During your upgrade, you will have to select all the systems you want to import under Systems, so you perform System onboarding for each system. The migration wizard then creates a new source system for each system, where all old settings are migrated to.
  2. When you start an import from any new source system, you must configure the ODW logical key for the system to make sure that the resources in the system are linked correctly to ES.

Update crypto libraries

If you are upgrading from 11.1 to 12 and want FIPS policy to be enabled, you must set a number of passwords again. Examples of places where you need to generate passwords:

FeatureWhere
System onboardingEverywhere you need to type in a password. Remember to specify Initial password for OPS
Enterprise ServerThe customer setting SSIS service account.
OIS Data WarehouseThe file Omada ODW Webservice.dtsconfig.
OPSSystem onboarding tasks for systems from which you need to update data. Remember to click Commit settings.

Upgrading from 12.2 to 12.3

If you are upgrading to version 12.3, the following prerequisites are mandatory:

  1. Ensure that your system is up-to-date and can run .NET Framework 4.6.1.

    note

    You can read more about the .NET Framework system requirements in this Microsoft article.

  2. You must stop all running Omada Identity services as well as any scheduled SSIS import jobs. In IIS, you must stop all Omada-related Application Pools and web-sites.

  3. Create a backup of all Omada databases.

  4. Create a backup of all files by making a manual copy of all files and subfolders in the *C:\Program Files\Omada Identity Suite* folder.

  5. Create a backup of the content of the registry keys in the following registry path:

    HKLM\SOFTWARE\Omada

    Make sure you do this by copying the connection string and the encryption key in PswEncryptionKey to a text file. You will need the PswEncryption key for the next procedure.

    note

    Before you perform or verify documentation, ensure that you have access to the license key for reinstallation and service account password(s).

Upgrading to 14.4

If you are upgrading to version 14.0.4, the following prerequisites are mandatory:

  • Updating ComposedBusinessKey for SAP collectors

    • Due to bugfix #72889 for Omada Identity v14.0.4 (Update 4), a few manual steps have to be taken when upgrading SAP from Omada Identity v14.0.3 (Update 3) or earlier to Omada Identity v14.0.4 (Update 4) or later because the [ComposedBusinessKey] for SAP Identities will change if the "Identity UID Source" is configured to use INF105USRID/INF105USERID, INF709PERSONID_EXT, or INF02INITIALS (or any combination of those three values).

      note

      This change will not affect SAP collectors that use the default setup with "Identity UID Source" not set.

    • Changing the [ComposedBusinessKey] will result in the generation of new OISIDs, breaking the relation to the previous version unless the CBK of the old versions is updated to match the new format.

    • In order to prevent this, you need to change the CBK values for the [Identity].[ComposedBusinessKey] where [ODWSourceSystemID] = 4 in both the main Data Warehouse DB and in the Master DB before the upgrade to Omada Identity v14.0.4 (Update 4) or later.

    • Up to Omada Identity v14.0.3 (Update 3) the [ComposedBusinessKey] was always in the format:

      • [SystemCBK]<perno>[INF02PERNO]</perno>

    • In Omada Identity v14.0.4 (Update 4) and later, the [ComposedBusinessKey] follows the same logic as the UID by using the first non-empty value of the comma-separated list in "Identity UID Source."

    • Assuming that "Identity UID Source" is set to INF105USRID (and the value is always populated in SAP), the [ComposedBusinessKey] can simply be updated to the following, both inthe main Data Warehouse DB and in the Master DB:

      • [SystemCBK]<perno>[UID].Lower()</perno>

        note

        Note that [ComposedBusinessKey] is always lowercased.

    • However, if multiple values are configured as "Identity UID Source," there is currently no straightforward solution to this.

    • For reference, the new [ComposedBusinessKey] is generated using the following logic [SystemCBK]+(depending on what is configured in "Identity UID Source" and what attribute contains the first non-empty value).

      <usrid>[INF105USERID]</usrid>
      <perno>[INF02PERNO]</perno>
      <personid_ext>[INF709PERSONID_EXT]</personid_ext>
      <initials>[INF02INITIALS]</initials>

Upgrading to 14.5

If you are upgrading to version 14.0.5, the following prerequisites are mandatory:

  • Log configuration changes

    • If you have made any changes to the Configuration object named Log Configuration, it is important that you back up the XML data before upgrading to OIS v14 update 5. When this update is installed, the installation will override the log configuration. After the upgrade, you must apply the changes to the log configuration again.

  • Validating the Data Model

    • You may need to update the existing Data Model objects that don't conform to the new schema validations the first time you try to save them after upgrading to Omada Identity v14.0.5 (Update 5).
    • The new validation checks the provisioning Data Model for duplicate property definitions in the properties element when it is being saved, and also checks whether object properties are defined in the properties section if they are used in the object element.
    • After the upgrade, it will not be possible to save those data model objects that don't confirm to the validation. Some of the out-of-the-box connectors contain an incorrect data model. These have not been updated as there is a risk of overwriting customer configurations.

  • Verifying ApiSharedSecret

    • Before the upgrade to Omada Identity v14.0.5 (Update 5), make sure that the following key has been added to appSettings in the configuration files for all Omada Identity components:
      • <add key="ApiSharedSecret" value=""/>

  • Self-management extension changes

    • There has been an important change in the self-management extension regarding the rules for removal of members from the manager/owner property on a managed object.

Upgrading to 14.11

If you are upgrading to version 14.0.11, the following prerequisites are mandatory:

  • New languages

    • We have added two new languages: Polish (pl-pl) and Latin American Spanish (es-mx). They will be now available as part of the Omada Identity standard language package available with an out-of-the-box installation.

      info

      An upgrade will overwrite the files for the Polish and Spanish languages. If you were already using one of these languages and want to keep your current version, then, please make a backup of the file and replace it before the upgrade is finished.

Upgrading to 14.12

If you are upgrading to version 14.0.12, pay attention to the following changes:

  • Overwritten application objects. During the update process, some of the information in Omada Identity are overwritten:

    • Changes to dashboards

      • Key figures dashboards content will be updated to enable grouping of KPIs by KPI category. The dashboard will be reset. KPI's which don't have classification will no longer appear in the dashboard.

    • Changes to UI actions

      • Added UI action Export connectivity
      • New UI action in the vault connection details form's test connection.

    • Change to properties

      • IDTRF_OLDCONTEXTOWNERS & IDTRF_NEWCONTEXTOWNERS
        • Updated DOT filters on properties IDTRF_OLDCONTEXTOWNERS & IDTRF_NEWCONTEXTOWNERS it is now possible to select User and Users group as a value.
        • New property DISABCONDINHERIT on the Resource data object type.

    • Change to views

      • New Vault connections view.

    • Changes to forms

      • New Vault connections form.
      • CIAM sign up step 2 form.
      • Changed order of fields (Address).

    • Changes to system onboarding

      • New user interface icon and dialog in system onboarding's default connection section for entering vault connection details.

    • Changes to sequences

      • The OISID sequence has been marked as Relaxed by default.

Upgrading to 14.0.15

If you are upgrading from version 14.7 to version 14.0.15, the following prerequisites are mandatory:

  • DataObjectSecurSetup setting. When upgrading from version 14.7 to version 14.0.5, the setting DataObjectSecurSetup doesn't exits. To avoid that, you should follow these steps:
    • In Task Manager, stop all Omada services and make a backup of the Omada Identity Suite installation folder.
    • Uninstall the existing Enterprise Server, RoPE and Provisioning Service and and install their latest version.
    • Copy the Omada ODW ConnectionString.dtsConfig and Omada ODW WebService.dtsConfig files to Datawarehouse Installation folder > Common.
    • Restart the environment.
    • Launch CMD ad Admin and go to C:\Program Files\Omada Identity Suite\Role and Policy Engine\Service.
    • Execute this command: Omada.RoPE.EngineExecutor -U.
    • In SQL execute the appropriate database patch stored procedures (dbo, PatchDB_xx.xx.xx) located in the Omada Data Warehouse database.
    • Apply the support script CreateObjects.OISAudit.sql to the Audit db to re-deploy the reports.
    • Run iisreset in CMD.
    • Launch OIS and import all the changesets listed in the yellow warning notification.
    • Apply the MenuStructureChangesets and enabled the New UI in the database
    • Run iisreset again.