142 docs tagged with "Release Notes"

To use the Access Request or the Approvals feature, you must install the Extend Access request application package.

In the Access Request process, the date picker for Valid from to Valid to dates will display according to your language browser and not the language is chosen in the 01.

We have introduced a new tab to improve your access management process. Now, there is a new tab that displays any access you requested manually by typing in the box when accessing request. To view it, go to the Access tab in your navigation pane and you will see the new tab added.

In the process of requesting access, when you're adding multiple instances of the same resource that can be used with different types of accounts, we now check to make sure that the combination of account types you choose is unique.

We fixed a bug which in some cases could cause the Access requests list to not show any access requests and silently throw an error.

The Active Directory (AD) connector reported errors for modify provisioning tasks for users sharing the name with a computer object in AD. The issue has now been resolved and errors no longer occur.

We have fixed an issue in the Review step in the Access request form where there was a chip to modify the attributes even though you cannot modify them.

Due to the dependencies for any field with an expression dependent on another property, changing the Resource ID Name will clear any child resources from this resource. If Resource ID is changed, you will see a warning pop up when trying to save or apply the change.

On the new UI Tasks, Access Requests and Delegations views, if you hide all of the rows and columns you can still click on the rows. When hovering over a row, the row is highlighted and the pointer is changed to indicate that the row is clickable. When clicking, it navigates to the details of the hidden items. To fix it, always show at least one column.

There was an issue with the custom view failing on null values. The issue has been resolved and if it can't be determined if an attribute is single or multivalued it is registered as a multivalued one, not returning null.

In the new UI, for an attribute type based on the Integer data type, if you set the Max. length value to 0, you won't be able to enter any number. You need to leave the field value empty.

In the legacy request access process, you will be asked for an account type when the resource allows more than one account type, the resource has visible attributes, and a request is being made for the resource for more than one identity, where each identity has one valid account.

We fixed an issue in RoPE where attribute values originating from the AttributeResolver extension were not being copied onto child assignments. The resolver was updated in version 14.0.15, in response to a reported issue of attributes from the same extension not being aggregated, and it has now been further improved.

We are launching our integration to Azure Application Insights. This tool will help us to gain valuable insights into the usage of our product. It's crucial for us to communicate the following points clearly:

We've fixed an issue in RoPE where identity calculation was not triggered after a resource assignment object got approved.

There was an issue where changing the Ownership type filter for view dialog was not displayed, reflecting the change that was made.

The + button on the access request list view will now link to the Technical Preview New UI Access request process instead of the legacy access request. The default shortcut on the homepage will still link to the legacy access request.

Omada Identity does no longer support Windows Server 2012 and Windows Server 2012 R2 versions.

We have resolved a bug in the Survey event definition functionality. The Actor in Step X properties are now correctly mapped to the users who have finalized a survey object in a specific workflow step.

We have added ValidTo and ValidFrom to the child-resources that are being returned.

We've fixed the Execution Time value in the Code Method Log that was incorrectly truncated when exceeded 999ms.

The SetTargetPropertyValue code method now supports other data object types than "Activity":

We have fixed a bug that happened when running a timer on an Event Definition for a Calculated Assignment if you filtered the dates using Valid from or Valid to and compared them to Now.

In case you are using SQL Server 2014 or older in standard edition, the Configuration import profile might fail with:

We have improved an error message displayed when a user wants to perform a task that was already completed by another user. Now, the following error message is displayed:

There was an issue with creating connectivity package to be exported. In the dialog box allowing the user to override export parameter values, an integer type parameter had a non-empty value and the connectivity package was not created. The issue has been resolved.

We fixed an issue related to copy rules. Now, if you create a copy rule with the boolean Copy files and set it to True, the files of the origin entity are copied to the destination one correctly.

We resolved a bug associated with the default copy rule Onboarding contractor to Access request (v2). Previously, if the copy rule included additional fields apart from the default Contractor Identity to Request is for, the value in the Request is for field would be cleared during the request access process initiated after the contractor completed onboarding.

There was an issue with the appropriate conversion of JSON payload into data model. The issue has now been fixed and the properties are specified as multivalued, by the converter, if the JSON payload contains array tokens.

Deleting a single resource that was part of a prioritization policy made the edit prioritization policy show no resources. The issue has been fixed.

We have added two new fields to the OData DataObject property, that is, DeleteTime (DateTime) & Deleted (Boolean).

The RiskScoreCalculator RoPE extension has been deprecated and is no longer maintained. In a future version, the extension will be removed from the product.

It is possible now to disable written access requests. To do that go to Set up > Forms and select the Request access (ed2) - Submit form.

You now can display child resources in the resource assignment query in Omada Identity Graph API.

Updating existing set property filter expressions on Views will no longer lead to duplicated right-side values.

Boxes displaying information about your requested accesses have been improved. When you check the access you requested, the text will now appear in a user-friendly box, even if it is long, making it easily readable.

The Request Access process validation has been enhanced.

We've fixed an issue in RoPE where Direct Assignments to a permission resource referencing the system of the permission resource but depending on an account in a trusted system weren't linked to the trusted account.

There was an error when saving the mass update to multi-language properties for data objects. This has been fixed.

There was an issue causing an error when sorting by resource on the Identity page, in the Resource Assignment section. This has been fixed.

There was an issue causing an error when sorting by resource on the Identity page, in the Resource Assignment section. This has been fixed.

If you submitted a survey question and tried to edit multiple survey questions afterwards, it was resulting in an error. Now, this will not cause an error.

We've fixed an issue with opening an object containing special characters when using the search bar in the Identities view.

We've fixed a bug that caused event definition filter expressions with reference paths not to be applied. As such, that could cause the event to execute despite the filter conditions not being met.

We've updated the UI to prevent the creation of a not supported filter setting.

The extension attributes migration for the exchange system was failing. The issue has now been resolved and the migration processes is successful.

An issue with the migration of the extension attributes during the Exchange migration process has been resolved and is now successful.

We've fixed an issue related to the lookup of exchange mailbox owners in the attributes values of the assignment grid.

The export errors in onboarded system were not visible in the built-in Omada Identity system. The issue has been resolved and you can monitor errors in onboarded systems via Identity Governance and Administration system.

As the survey administrator or the survey respondent, you can now export survey questions in a CSV (Comma-Separated Values) format, in addition to the existing option of exporting them as PDFs. This feature empowers our users to obtain a comprehensive and structured overview of survey questions, facilitating seamless audits and analysis.

You will find a new tab under Access tab called Extend Access Requests. A new list view lists only the extend access requests.

The post action handler for the Access request approval survey has been enhanced to effectively handle steps that do not have a decision. When no decisions are made in a step, the approval log on the resource assignment will indicate that no decision was made.

We've improved a message that is displayed for an already completed tasks.

Both SQL Query Collector and SQL Query Collector for Generic Database have been enhanced with the support of synonyms for the Oracle Database. The performance on the Queries and Mappings is also improved if in the connection details the database schema is provided. Furthermore, SQL Query Collector for Generic Database, multiple system deployment, performs a comparison (case insensitive) of the system business key in the query.

On the Access request page, when a user was on any page with a nested route, such as /access/access-requests, clicking on the required updates link would navigate to the incorrect URL.

We fixed sometimes incorrectly displayed child pop-up title.

There was an issue resulting in overwriting the ResourceParentChildFact cleanup status with Aborted value, when the cleanup import profile failed, even though it was successful. The issue has been resolved and the correct status is visible.

We fixed the issue where the email notification for a survey did not replace the [CreatedBy] key with the appropriate user who created the request.

There was an issue with applying SystemInfo.sql to OIS v14u15 database. We have fixed the diagnostic of the SystemInfo SQL script to work on latest version of Omada Identity Database.

We've fixed an issue in the calculation of attribute values for an assignment in the Disabled state. Previously, under some circumstances, the attributes were not added which could cause a challenge during deprovisioning. With the introduced fix, the attributes for disabled assignments can be assigned.

We've fixed a problem with displaying CHANGETIME in the email notifications sent for the custom-built request access approved. CHANGETIME was shown for both CreateTime and ChangeTime variables. Now, the CreateTime variable shows the survey's CreateTime correctly.

We've fixed an issue with deleting DataObjectType when a deleted property is referencing the DataObjectType.

We've fixed an issue with handling data objects with references to a deleted data object where the display name of the deleted data object contains a semicolon.

Fixed an issue where the OPS claimed for a completed account removal task and got a Add/Modify action instead of Remove. This caused a duplicate deleted task.

We have fixed an issue with mailboxes in the Exchange Hybrid. The personal mailbox was set to be deprovisioned if another mailbox for the admin account existed.

There was an issue with migrating two Active Directory systems trusting each other. The issue has been resolved and the migration process is successful.

We fixed the Resource assignments grid to be grouped based on a property even for systems having the same name.

We've introduced performance improvements to RoPE when loading the master data at the start of each processing batch.

We've fixed an issue with Timer execution when the DayOfWeek and Date in UTC are different from the DayOfWeek and Date in the customers' TimeZone.

We've fixed an issue where Users or Groups with Names containing non-ASCII characters couldn't be selected in reference properties.

When import was failing for all systems, it could lead to import lock and result in integrity errors and import rollback afterwards. Now if import for all systems has failed, the Resolve primary identities step of the process is skipped to avoid unnecessary processing.

The choice of paging mechanism for REST collector has been extended with the Link header option. It allows the collector to verify if the response header contains link with the rel="next", pointing to the next page.

The QualifiedUsernameLegacy master setting was misspelled (QualUsernameLegacy) and incorrectly documented. This has been fixed and the Master settings documentation has been updated.

Configuring duration for the activities in the survey process template, requires ensuring that appropriate amount of time is allocated for each of the activities. Currently, when a survey is launched, all activities start simultaneously. This may result in lack of sufficient time for assignees in subsequent activities to complete their tasks effectively.

When utilizing the Service Desk Agent mode within the Omada.OE.Solution.OIM.AppLogic.AccessModifiers.IdentitiesAccessModifier access modifier, we now only load identities associated with the active user, provided that the user has access to these identities through membership in the Service Desk Agents user group.

We have introduced a new icon for the new access request flow in the new UI. Now, you will see two different icons in the Home page for requesting access.

We are excited to introduce a new feature for requesting extending access to an existing resource.

We have added a new icon in the Access request process for resources which belong to Omada Identity system. This will make it easier to differentiate the resources when selecting them in the Access request.

In this release, we've added a new chapter to the IdentityPROCESS+ document that focuses on IGA classifications. This chapter emphasizes the importance of classifying access in your IGA solution and explains the distinction between data classification and IGA classification. This new chapter aligns with prominent cybersecurity frameworks like NIST, ISO 27002, COBIT, and CIS, highlighting the significance of IGA classification in the realm of IGA.

We've improved the lookup field for selecting attributes during the access request process. Now, you can easily add values by clicking the Add value chip or the arrow icon. Upon clicking either, a second panel will open up. To enhance the overall user experience, we have also introduced filters in the grid.

System Administrators can now check the Prevent instantiation checkbox for process templates originating from a feature package. This option allows System Administrators to decide whether the process templates should be shown or hidden in the Service shortcut on the homepage and in other dashboards.

We have changed our translation process in an effort to enhance the quality of our translations. As a result, you may notice some changes in the output for certain languages and maybe some quality issues. This adjustment is part of our ongoing commitment to providing the best possible translation experience. While we strive for improved quality, we kindly ask for your patience as it may take a few months to fully reach the desired level of quality.

In the new UI Access request process, there was a limitation regarding selecting an account type for multiple beneficiaries.

The known issue that doesn't allow you to clear Attributes values that you already provided when requesting access has been fixed.

We fixed a bug that caused the ToDo-items to stop listing affected identities when changing the customer setting SurveyApprovalProcessTemplateId.

Now, the table control buttons are not visible in the printed output when Export > Print functionality is used in React view specifically in the Access Requests, Access Delegations, and Tasks sections.

We have updated the New UI Main menu document, and now the document contains the updated icons.

The Access Request tab on the Access Request page now allows you to receive paged results from the server. The server executes the list sorting and filtering, improving the performance of exploring the Access request list.

We have enhanced the experience when requesting access. Now, a warning message pops up to notify you that your changes may not be saved. This message will appear when:

We've fixed an error where the ValidityPeriodException did not cause an OData batch request to roll-back all changes.

OData DataObjects now supports filtering by UId, for example, OData/DataObjects/UserGroup?$filter=UId eq 207833a28d-d294-4763-acff-2ff740deaf83.

We've reduced the use of SQL resources in the Timer service.

For Omada Identity Graph API version 2.3 consumers, the user's selected timezone is now available in the API. All datetimes will be in the UTC time standard. You can convert the time using the following query and the baseUtcOffsetInMinutes property:

The Omada Identity Graph API has been extended to include endpoints for managing access approvals. This extension allows you to integrate with Omada Identity's approval process, enabling you to create your own UI for approval workflows.

For Omada Identity Graph API version 2.5, we've introduced 3 new queries that will be used to filter the resources for searching categories by ResourceType, ResourceOwner (users), and Contexts (dataObjectsInContexts).

In Omada Identity Graph API version 2.5, the accessRequestComponents/resources query offers enhanced filtering capabilities. It allows filtering based on attributes such as resourceOwnerId, resourceTypeId, and contextObjectId, which points to objects belonging to a context associated with the resource.

We've introduced a fix that prevents running the same archive tasks concurrently.

In the contractor onboarding process, the maximum ValidTo data was depending on the timezone of the active user rather than the timezone of the contractor or the default timezone if not used. This issue has been fixed.

RoPE now deletes orphan provisioning claims once the calculation is complete.

The Maximum number of objects being handled parameter in the Details for the event definition tab was taking more items to process than specified. This has been fixed.

The password hasn't been hidden in the connection string for SQL connector. Now the password is replaced by asterisks * and is no longer visible.

In previous versions, when a large number of ResourceTypes (tested with 100 000) resulted in the generation of numerous shadow Data Object Types, opening Event Definitions could take several minutes.

By default the customer setting arPopularityEnabled is always turned on for the filtering version. In parallel, this parameter can be turned on or off for the paged version. As a result, Resources on the filtering version can't be sorted alphabetically unless the context is disabled.

We have added a new UI action that allows system administrators to update the UID of the DOT system categories.

For the REST connector failed jobs with multiple tasks consumed extensive amounts of memory resulting in OutOfMemory issues. The issue is resolved by the addition of the errorResponseFilter parameter. Enabling it overrides the default behavior during error occurrance, when the whole response is logged. Instead, it provides JsonPaths to properties which should be extracted from the response body.

We have identified an issue where the preview update button is missing in System Queries & Mappings. If you encounter an error during upgrading, you'll need to perform the update manually by adding the script jsinc/OIM.SystemOnboarding.DataMapping.Preview.QandM.js to System onboarding > Script files.

The Omada Identity release bring exciting improvements and enhancements in a variety of the product areas. Read more about the changes and bug fixes introduced in the Omada Identity version 14 update 16 (14.0.16).

We fetch data object type properties not directly but through the data object type cache. Thus, besides updating the property entity version, we have to update the data object type version to ensure the cache will reload DOTs.

We have a new feature called Resource Search and Filtering that lets you choose how you want to view your list of resources in the Resource step when requesting access.

When either ValidFrom or ValidTo fields are empty in a Resource object (but not both), the Resource status is not updated correctly with the associated event definitions.

To prevent confusion when using the Revoke action to remove assignments, we've made a change. If a user has two roles that can perform a revoke on an identity form, the action will now be attributed to the ServiceDesk role.

RoleAssignmentsAccessModifier got a new access mode - SELF that returns resource assignments of the active user. This AM contained a bug making the following two configurations:

We've improved RoPE's calculation of effective attribute values when the identity data object is updated during the transition from the RoPE batch phase to the RoPE identity calculation phase.

We've fixed an issue that prevents the extension from failing with an exception when using a resource driven attribute configuration with uni-code characters in the Resource Type name.

We've made an improvement to the expiration of claim. A claim expiry will only be extended if the extension exceeds 4 hours. This will under some circumstances prevent an excess of RoPE calculations.

New connectivity package for SAP HANA Database systems has been added. It is capable of creating, reading, updating, and deleting users. Additionally, reading database roles and user groups, and managing assignments to both of them. On top of that it also supports password reset.

The validation for user objects was not included if dn in the provisioning task was defined in the scope in the connector settings resulting in the scope being omitted during provisioning. The validation has been added and the provisioning process runs correctly.

Before the fix, when you expanded an entry in Activity History, that had no modified fields (table with Field, Changed from and Changed to columns is empty), the scroll bar disappeared, even if it was visible before.

We have modified the security check for surveys. Members of the Operation administrators user group now possess complete read access to all surveys, except for the Role Certification Survey.

The Service desk role has been included in the Authorization role for the menu items located in the following places in the structure:

There was an issue with the ServiceNow relay connector that resulted in creating request item duplicates. The issue has been resolved and the duplicates are no longer created.

A known issue when setting attribute values in the new UI has been fixed. You can now set the value as "0" when editing the value property, indicating that it's equivalent to "unlimited" as it was in the old UI.

When selecting tasks, it was possible to submit the survey, before the page was rendered. As a result, the tasks without a decision of approval or rejection could be submitted.

In certain situations, a rare condition may occur when one user submits a significant number of survey questions all at once, while another user simultaneously submits a large batch of questions in a subsequent step. This scenario often results in the user in the second step unintentionally closing work items for assignees who were anticipating new questions from the user in the first step.

On the new Access Request page, we have moved the Show assigned resources toggle to a new settings menu. We've added an option to toggle between alphabetical and popularity sorting on the access request search page. This enhancement makes it easier to understand which sorting option is applied and to choose your preferred sorting options.

We have implemented a change that prevents users from updating the survey template admins in an already published survey template.

If there are no display properties specified for the criteria screen, the view fields will not be included as fields in the criteria screen. If you want to use the view fields in the criteria screen, make sure to add all the view fields to the Displayed properties field in the criteria screen settings.

If someone who is assigned a task has answered all the questions in a workflow step, and they have finished their work on that task, but then a new question comes up and is assigned to them, we will send them another email notification once a new task is created for the new question(s)."

We've fixed an issue where some time zones failed from loading data. Now, we've improved the function to keep zones up to date.

We fixed a memory leak in the Timer Service introduced in v14u14.

Choosing the transport layer security (TLS) protocol for the SAP connector was unavailable. It has been resolved and the TLS version can be configured in the web services task.

We've fixed an issue that prevents the event from being reset on an exception when using the customer setting TraceEventOnEntry.

In the Transfer Ownership Survey, when applying a filter to the Status column in the survey UI and choosing the Missing answers option, the appropriate questions are now loaded.

There was an issue with missing values in the dropdown for the Set Property in the Attributes container resulting in failure when trying to submit the request. The issue has been resolved and submitting no longer results in failure.

We've fixed a bug in the form field of the Access request template, ensuring that the complete information on field button is now displayed. The field now allows you to provide additional parameters. The available settings are:

There was an issue where all provisioning-related failures were logged with the generic error message.

The Valid to field in the Access Request Approval survey form is now editable.

In the new UI Access request process, there is an additional server-side validation performed after you click the Next button. This validation also includes the implicit set of the default account types that you defined in the customer setting RoPE:Default Account Type UID. The purpose of this validation is to ensure that the Access request meets certain requirements.

We have made the following improvements to view copying permissions:

The WRC_PASSWORD property is now excluded from search data to reduce the exposure of passwords in the database.

In case a step is auto-completed, we have made changes to store the accurate comment in the Reason column of tb/AccessRequestApprova/Log.

If the Deadline days property has a value greater than zero, the survey's deadline will be set from the day the survey is launched, plus the specified number of days.