Upgrade guide from 14.0.5 to any version 14

Prerequisites

For description of prerequisites common to each upgrade, refer to the Upgrade guides main page.

Tabular model - refactored population of security tables

The way the security tables in the Tabular Model are populated has been changed. This means that several Data source objects used for the analytics KPIs have been changed. If you have made any changes to these data objects, you should note the changes and merge them to the updated objects.

Peer Access Analysis

As part of the Peer Access Analysis functionality, the configuration object Analysis Service Configuration has been extended with new parameters and enumeration mappings. If you have made any changes to the configuration of this configuration object, you need to do a manual backup of this object before the upgrade.

The Peer Access Analysis relies on the Tabular Model in the SQL Server Analysis Service that was introduced in v14 update 4. If you have the Tabular Model installed already, you need to update it by running the XMLA script.

Change in REST Connector extension point

Due to a vast number of supported authorization options in the REST Provisioning Connector, one of the public extension points has been modified. The modification means that any custom REST connector that used this extension point must be updated.

The changed extension point is Omada.OPS.Connector.REST.Services.Authorization.AbstractTokenService. This extension point can be used to implement custom authorization flows.

In addition, the protected abstract method abstract string getPayloadAsString() has been replaced with protected abstract Dictionary<string, string> getTokenPayload().

Remove and reapply custom indexes in columns

Due to changes made to the tblDataObject.CreateTime, tblDataObjectVersion.CreateTime, and tblDataObjectVersionPropertyValueDateTime.PropValue columns, any custom indexes that have been applied on those columns must be removed before the upgrade and then reapplied after the change has been committed during the first-time startup of the upgraded application.

Enabling object access for OData

If you are using the Odata interface, you need to review and update the settings for objects that are accessed through the API.

Self-management extension changes

There has been an important change in the self-management extension regarding the rules for removal of members from the manager/owner property on a managed object.

Validating the Data Model

You may need to update the existing Data Model objects that don't conform to the new schema validations the first time you try to save them after upgrading to Omada Identity v14.0.5 (Update 5).

The new validation checks the provisioning Data Model for duplicate property definitions in the properties element when it is being saved, and also checks whether object properties are defined in the properties section if they are used in the object element.

After the upgrade, it will not be possible to save those data model objects that don't confirm to the validation. Some of the out-of-the-box connectors contain an incorrect data model. These have not been updated as there is a risk of overwriting customer configurations.

Upgrading to 14.0.8

If you are upgrading to version 14.0.8, the following prerequisites are mandatory:

• Backup Application onboarding configuration XML (AppOnboardingConfiguration):

  • Make a backup of the XML data in the AppOnboardingConfiguration configuration object.
  • During the upgrade, the content of the configuration object will be overridden to replace the OWNERREF field with the new MANUALOWNER field.

• Backup Self-management configuration XML

  • Make a backup of the XML data in the Self management configuration field of the OIS Resource Owner Role Resource type and the OIS Resource Folder Owner Role Resource type.
  • During the upgrade the content of the field will be overridden in order to include the MANUALOWNER property in the explicitOwner attribute.

• Remove the RequireSSL registry key

  • Remove the RequireSSL value under the Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Omada\Omada Password Filter registry key if you have manually created beforehand.
  • This is required to correctly update Omada Password Filter component.

• Upgrade of .NET runtime to 4.8 version

  • Omada Identity v14.0.8 (Update 8) requires .NET runtime version 4.8.

    info

    Please update the .NET runtime before updating Omada Identity.

Upgrading to 14.0.11

If you are upgrading to version 14.0.11, the following prerequisites are mandatory:

• Backup Key Figures dashboard

  • The security settings of the My Dashboard (with Key Figures) dashboard will be reverted to the OOTB version as the new version of the dashboard with a fix for multilingual support is supplied. The access to the dashboard will be granted to all users of Omada Identity.
  • If you want to keep previous changes, backup your custom dashboards based on the My Dashboard (with Key Figures). Then, you need to modify the Dashboards’ definition XML View All target parameter for the widget named KpiTiles from:
    • viewAllLinkDashboardName: S_Dashboard_Title_KeyFigures to
    • viewAllLinkDashboardName: 'Key Figures'

• New languages

  • We have added two new languages: Polish (pl-pl) and Latin American Spanish (es-mx). They will be now available as part of the Omada Identity standard language package available with an out-of-the-box installation.

    info

    An upgrade will overwrite the files for the Polish and Spanish languages. If you were already using one of these languages and want to keep your current version, then, please make a backup of the file and replace it before the upgrade is finished.

Upgrading to 14.0.12

If you are upgrading to version 14.0.12, pay attention to the following changes:

• Overwritten application objects. During the update process, some of the information in Omada Identity are overwritten:

  • Changes to dashboards

    • Key figures dashboards content will be updated to enable grouping of KPIs by KPI category. The dashboard will be reset. KPI's which don't have classification will no longer appear in the dashboard.

  • Changes to UI actions

    • Added UI action Export connectivity
    • New UI action in the vault connection details form's test connection.

  • Change to properties

    • IDTRF_OLDCONTEXTOWNERS & IDTRF_NEWCONTEXTOWNERS
      • Updated DOT filters on properties IDTRF_OLDCONTEXTOWNERS & IDTRF_NEWCONTEXTOWNERS it is now possible to select User and Users group as a value.
      • New property DISABCONDINHERIT on the Resource data object type.

  • Change to views

    • New Vault connections view.

  • Changes to forms

    • New Vault connections form.
    • CIAM sign up step 2 form.
    • Changed order of fields (Address).

  • Changes to system onboarding

    • New user interface icon and dialog in system onboarding's default connection section for entering vault connection details.

  • Changes to sequences

    • The OISID sequence has been marked as Relaxed by default.

Upgrading to 14.0.13

If you are upgrading to version 14.0.13, pay attention to the following changes:

• Overwritten application objects. During the update process, some of the information in Omada Identity are overwritten:
  • Changes to data sources
    • New collector type SQL Query Collector for Generic database
    • New OPS connector SAP HCM Identity Data.xml and a new task mapping.
  • Changes to event definitions
    • In the event definition Update survey assignees, the checkbox Event triggers only the first time the filter is passed is now cleared by default.
    • A new out-of-the box event definition Initiate Access Request Process for GraphQL has been added, which handles all access-requests that are submitted via the Graph endpoint
  • Change to surveys
    • One of the duplicate XML schemas SurveyDataML has been removed.

Upgrading to 14.0.14

When upgrading to version 14.0.14, pay attention to the following changes:

• Mail configuration upgrade

  • The mail configuration options have been migrated from the Omada.OE.Service.exe.config file to a new notificationSettingsconfiguration object. Make sure to follow these steps before upgrading:

    • To minimize the risk of sending errors after migration, we recommend that you make sure the mail queue is empty before you start migrating.

    • Launch Enterprise Server.

    • Import the Packsol changes. This will create the new configuration object notificationSettings which now hosts the mail configuration options.

    • Verify the new notificationSettings configuration object to make sure that it contains the proper configuration.

    • Test the settings by sending a test mail and/or monitor the mail queue and logs.

      note

      The migration from the old configuration file to new configuration object will run as an update action when the Omada.OE.Service (Timer Service) starts the first time.

• New Resource types in Application Onboarding standard package

  • This version of Omada Identity contains two new resource types called Application Role and Business Role. These will be created when you install the updates to the Application onboarding standard feature package.
  • If you already have a Resource Type with the business key Application_Role or Business_ Role you may see errors when installing these changes. If so, you can de-select these changes before installing. Omada always recommends that you do a test import of changes before installing updates to the standard application packages.

• Overwritten application objects. During the update process, some of the information in Omada Identity are overwritten:

  • Changes to Connectivity

    • New OPS connector ServiceNow ITSM Relay, based on the generic REST connector. It allows provisioning service catalog items from Service Now.

  • Changes to Resource types

    • Two new resources types in the Application onboarding standard package: Business Role and Application Role.

  • Changes to Views

    • In the Edit XML Schema view, the Description field is no longer mandatory.
    • In the new User Interface, a new configuration object changes the way Data object list views are handled. Users can now rearrange and hide/show table columns, and these are saved for the user across devices.

  • Changes to data object types

    • In the Resource Assignment data object type:
      • There is a new SYSTEMREF property,
      • The ACCOUNTNAME and ACCOUNTTYPE properties are now visible on the form,
      • The ACCOUNTKEY property is removed.

  • Changes to System onboarding

    • In the Import Profile configuration, there is a new field Override of system onboarding configuration that allows you to override the existing values in the profile sent to SSIS when the import has started.

  • Changes to Folders

    • In the Tree Structure, the folder ODW Database filters and the contained data objects has been moved from the Master data folder to the System data folder.

Upgrading to 14.0.15

If you are upgrading from version 14.7 to version 14.0.15, the following prerequisites are mandatory:

• DataObjectSecurSetup setting. When upgrading from version 14.7 to version 14.0.5, the setting DataObjectSecurSetup doesn't exits. To avoid that, you should follow these steps:
  • In Task Manager, stop all Omada services and make a backup of the Omada Identity Suite installation folder.
  • Uninstall the existing Enterprise Server, RoPE and Provisioning Service and and install their latest version.
  • Copy the Omada ODW ConnectionString.dtsConfig and Omada ODW WebService.dtsConfig files to Datawarehouse Installation folder > Common.
  • Restart the environment.
  • Launch CMD ad Admin and go to C:\Program Files\Omada Identity Suite\Role and Policy Engine\Service.
  • Execute this command: Omada.RoPE.EngineExecutor -U.
  • In SQL execute the appropriate database patch stored procedures (dbo, PatchDB_xx.xx.xx) located in the Omada Data Warehouse database.
  • Apply the support script CreateObjects.OISAudit.sql to the Audit db to re-deploy the reports.
  • Run iisreset in CMD.
  • Launch OIS and import all the changesets listed in the yellow warning notification.
  • Apply the MenuStructureChangesets and enabled the New UI in the database
  • Run iisreset again.

Upgrade steps

To upgrade the Enterprise Server to the desired version, follow the upgrade steps described in the Upgrade guide from 14.0.15 to 14.0.16.

Upgrading the User Interface (UI)

To upgrade the User Interface, follow the steps described in the Upgrading the User Interface (UI) section.