In the process of requesting access, when you're adding multiple instances of the same resource that can be used with different types of accounts, we now check to make sure that the combination of account types you choose is unique.
We fixed a bug which in some cases could cause the Access requests list to not show any access requests and silently throw an error.
The Active Directory (AD) connector reported errors for modify provisioning tasks for users sharing the name with a computer object in AD. The issue has now been resolved and errors no longer occur.
We have fixed an issue in the Review step in the Access request form where there was a chip to modify the attributes even though you cannot modify them.
There was an issue with the custom view failing on null values. The issue has been resolved and if it can't be determined if an attribute is single or multivalued it is registered as a multivalued one, not returning null.
We fixed an issue in RoPE where attribute values originating from the AttributeResolver extension were not being copied onto child assignments. The resolver was updated in version 14.0.15, in response to a reported issue of attributes from the same extension not being aggregated, and it has now been further improved.
We've fixed an issue in RoPE where identity calculation was not triggered after a resource assignment object got approved.
There was an issue where changing the Ownership type filter for view dialog was not displayed, reflecting the change that was made.
We have resolved a bug in the Survey event definition functionality. The Actor in Step X properties are now correctly mapped to the users who have finalized a survey object in a specific workflow step.
We have added ValidTo and ValidFrom to the child-resources that are being returned.
We've fixed the Execution Time value in the Code Method Log that was incorrectly truncated when exceeded 999ms.
The SetTargetPropertyValue code method now supports other data object types than "Activity":
We have fixed a bug that happened when running a timer on an Event Definition for a Calculated Assignment if you filtered the dates using Valid from or Valid to and compared them to Now.
We have improved an error message displayed when a user wants to perform a task that was already completed by another user. Now, the following error message is displayed:
There was an issue with creating connectivity package to be exported. In the dialog box allowing the user to override export parameter values, an integer type parameter had a non-empty value and the connectivity package was not created. The issue has been resolved.
We fixed an issue related to copy rules. Now, if you create a copy rule with the boolean Copy files and set it to True, the files of the origin entity are copied to the destination one correctly.
We resolved a bug associated with the default copy rule Onboarding contractor to Access request (v2). Previously, if the copy rule included additional fields apart from the default Contractor Identity to Request is for, the value in the Request is for field would be cleared during the request access process initiated after the contractor completed onboarding.
There was an issue with the appropriate conversion of JSON payload into data model. The issue has now been fixed and the properties are specified as multivalued, by the converter, if the JSON payload contains array tokens.
Deleting a single resource that was part of a prioritization policy made the edit prioritization policy show no resources. The issue has been fixed.
Updating existing set property filter expressions on Views will no longer lead to duplicated right-side values.
We've fixed an issue in RoPE where Direct Assignments to a permission resource referencing the system of the permission resource but depending on an account in a trusted system weren't linked to the trusted account.
There was an error when saving the mass update to multi-language properties for data objects. This has been fixed.
There was an issue causing an error when sorting by resource on the Identity page, in the Resource Assignment section. This has been fixed.
There was an issue causing an error when sorting by resource on the Identity page, in the Resource Assignment section. This has been fixed.
If you submitted a survey question and tried to edit multiple survey questions afterwards, it was resulting in an error. Now, this will not cause an error.
We've fixed an issue with opening an object containing special characters when using the search bar in the Identities view.
We've fixed a bug that caused event definition filter expressions with reference paths not to be applied. As such, that could cause the event to execute despite the filter conditions not being met.
We've updated the UI to prevent the creation of a not supported filter setting.
The extension attributes migration for the exchange system was failing. The issue has now been resolved and the migration processes is successful.
An issue with the migration of the extension attributes during the Exchange migration process has been resolved and is now successful.
We've fixed an issue related to the lookup of exchange mailbox owners in the attributes values of the assignment grid.
The export errors in onboarded system were not visible in the built-in Omada Identity system. The issue has been resolved and you can monitor errors in onboarded systems via Identity Governance and Administration system.
The post action handler for the Access request approval survey has been enhanced to effectively handle steps that do not have a decision. When no decisions are made in a step, the approval log on the resource assignment will indicate that no decision was made.
On the Access request page, when a user was on any page with a nested route, such as /access/access-requests, clicking on the required updates link would navigate to the incorrect URL.
We fixed sometimes incorrectly displayed child pop-up title.
There was an issue resulting in overwriting the ResourceParentChildFact cleanup status with Aborted value, when the cleanup import profile failed, even though it was successful. The issue has been resolved and the correct status is visible.
We fixed the issue where the email notification for a survey did not replace the [CreatedBy] key with the appropriate user who created the request.
There was an issue with applying SystemInfo.sql to OIS v14u15 database. We have fixed the diagnostic of the SystemInfo SQL script to work on latest version of Omada Identity Database.
We've fixed an issue in the calculation of attribute values for an assignment in the Disabled state. Previously, under some circumstances, the attributes were not added which could cause a challenge during deprovisioning. With the introduced fix, the attributes for disabled assignments can be assigned.
We've fixed a problem with displaying CHANGETIME in the email notifications sent for the custom-built request access approved. CHANGETIME was shown for both CreateTime and ChangeTime variables. Now, the CreateTime variable shows the survey's CreateTime correctly.
We've fixed an issue with deleting DataObjectType when a deleted property is referencing the DataObjectType.
We've fixed an issue with handling data objects with references to a deleted data object where the display name of the deleted data object contains a semicolon.
Fixed an issue where the OPS claimed for a completed account removal task and got a Add/Modify action instead of Remove. This caused a duplicate deleted task.
We have fixed an issue with mailboxes in the Exchange Hybrid. The personal mailbox was set to be deprovisioned if another mailbox for the admin account existed.
There was an issue with migrating two Active Directory systems trusting each other. The issue has been resolved and the migration process is successful.
We fixed the Resource assignments grid to be grouped based on a property even for systems having the same name.
We've introduced performance improvements to RoPE when loading the master data at the start of each processing batch.
We've fixed an issue with Timer execution when the DayOfWeek and Date in UTC are different from the DayOfWeek and Date in the customers' TimeZone.
We've fixed an issue where Users or Groups with Names containing non-ASCII characters couldn't be selected in reference properties.
When import was failing for all systems, it could lead to import lock and result in integrity errors and import rollback afterwards. Now if import for all systems has failed, the Resolve primary identities step of the process is skipped to avoid unnecessary processing.
The QualifiedUsernameLegacy master setting was misspelled (QualUsernameLegacy) and incorrectly documented. This has been fixed and the Master settings documentation has been updated.
When utilizing the Service Desk Agent mode within the Omada.OE.Solution.OIM.AppLogic.AccessModifiers.IdentitiesAccessModifier access modifier, we now only load identities associated with the active user, provided that the user has access to these identities through membership in the Service Desk Agents user group.
In the new UI Access request process, there was a limitation regarding selecting an account type for multiple beneficiaries.
The known issue that doesn't allow you to clear Attributes values that you already provided when requesting access has been fixed.
We fixed a bug that caused the ToDo-items to stop listing affected identities when changing the customer setting SurveyApprovalProcessTemplateId.
Now, the table control buttons are not visible in the printed output when Export > Print functionality is used in React view specifically in the Access Requests, Access Delegations, and Tasks sections.
We have updated the New UI Main menu document, and now the document contains the updated icons.
We've fixed an error where the ValidityPeriodException did not cause an OData batch request to roll-back all changes.
OData DataObjects now supports filtering by UId, for example, OData/DataObjects/UserGroup?$filter=UId eq 207833a28d-d294-4763-acff-2ff740deaf83.
We've reduced the use of SQL resources in the Timer service.
We've introduced a fix that prevents running the same archive tasks concurrently.
In the contractor onboarding process, the maximum ValidTo data was depending on the timezone of the active user rather than the timezone of the contractor or the default timezone if not used. This issue has been fixed.
RoPE now deletes orphan provisioning claims once the calculation is complete.
The Maximum number of objects being handled parameter in the Details for the event definition tab was taking more items to process than specified. This has been fixed.
The password hasn't been hidden in the connection string for SQL connector. Now the password is replaced by asterisks * and is no longer visible.
In previous versions, when a large number of ResourceTypes (tested with 100 000) resulted in the generation of numerous shadow Data Object Types, opening Event Definitions could take several minutes.
For the REST connector failed jobs with multiple tasks consumed extensive amounts of memory resulting in OutOfMemory issues. The issue is resolved by the addition of the errorResponseFilter parameter. Enabling it overrides the default behavior during error occurrance, when the whole response is logged. Instead, it provides JsonPaths to properties which should be extracted from the response body.
We fetch data object type properties not directly but through the data object type cache. Thus, besides updating the property entity version, we have to update the data object type version to ensure the cache will reload DOTs.
To prevent confusion when using the Revoke action to remove assignments, we've made a change. If a user has two roles that can perform a revoke on an identity form, the action will now be attributed to the ServiceDesk role.
RoleAssignmentsAccessModifier got a new access mode - SELF that returns resource assignments of the active user. This AM contained a bug making the following two configurations:
We've improved RoPE's calculation of effective attribute values when the identity data object is updated during the transition from the RoPE batch phase to the RoPE identity calculation phase.
We've fixed an issue that prevents the extension from failing with an exception when using a resource driven attribute configuration with uni-code characters in the Resource Type name.
We've made an improvement to the expiration of claim. A claim expiry will only be extended if the extension exceeds 4 hours. This will under some circumstances prevent an excess of RoPE calculations.
The validation for user objects was not included if dn in the provisioning task was defined in the scope in the connector settings resulting in the scope being omitted during provisioning. The validation has been added and the provisioning process runs correctly.
Before the fix, when you expanded an entry in Activity History, that had no modified fields (table with Field, Changed from and Changed to columns is empty), the scroll bar disappeared, even if it was visible before.
We have modified the security check for surveys. Members of the Operation administrators user group now possess complete read access to all surveys, except for the Role Certification Survey.
The Service desk role has been included in the Authorization role for the menu items located in the following places in the structure:
There was an issue with the ServiceNow relay connector that resulted in creating request item duplicates. The issue has been resolved and the duplicates are no longer created.
A known issue when setting attribute values in the new UI has been fixed. You can now set the value as "0" when editing the value property, indicating that it's equivalent to "unlimited" as it was in the old UI.
When selecting tasks, it was possible to submit the survey, before the page was rendered. As a result, the tasks without a decision of approval or rejection could be submitted.
In certain situations, a rare condition may occur when one user submits a significant number of survey questions all at once, while another user simultaneously submits a large batch of questions in a subsequent step. This scenario often results in the user in the second step unintentionally closing work items for assignees who were anticipating new questions from the user in the first step.
We have implemented a change that prevents users from updating the survey template admins in an already published survey template.
If there are no display properties specified for the criteria screen, the view fields will not be included as fields in the criteria screen. If you want to use the view fields in the criteria screen, make sure to add all the view fields to the Displayed properties field in the criteria screen settings.
If someone who is assigned a task has answered all the questions in a workflow step, and they have finished their work on that task, but then a new question comes up and is assigned to them, we will send them another email notification once a new task is created for the new question(s)."
We've fixed an issue where some time zones failed from loading data. Now, we've improved the function to keep zones up to date.
We fixed a memory leak in the Timer Service introduced in v14u14.
Choosing the transport layer security (TLS) protocol for the SAP connector was unavailable. It has been resolved and the TLS version can be configured in the web services task.
We've fixed an issue that prevents the event from being reset on an exception when using the customer setting TraceEventOnEntry.
In the Transfer Ownership Survey, when applying a filter to the Status column in the survey UI and choosing the Missing answers option, the appropriate questions are now loaded.
There was an issue with missing values in the dropdown for the Set Property in the Attributes container resulting in failure when trying to submit the request. The issue has been resolved and submitting no longer results in failure.
We've fixed a bug in the form field of the Access request template, ensuring that the complete information on field button is now displayed. The field now allows you to provide additional parameters. The available settings are:
There was an issue where all provisioning-related failures were logged with the generic error message.
The Valid to field in the Access Request Approval survey form is now editable.
We have made the following improvements to view copying permissions:
The WRC_PASSWORD property is now excluded from search data to reduce the exposure of passwords in the database.
In case a step is auto-completed, we have made changes to store the accurate comment in the Reason column of tb/AccessRequestApprova/Log.
If the Deadline days property has a value greater than zero, the survey's deadline will be set from the day the survey is launched, plus the specified number of days.