126 docs tagged with "Release Notes"

We have introduced a new change in the Access approval procces, there has been a modification to the Submit button functionality. Previously, the button would be disabled when nothing was selected. However, with the latest update, the Submit button remains active regardless of whether any item is selected. Now, the button attempts to submit all rows that meet the validation criteria. If none of the rows pass the validation, a yellow message is displayed, indicating that 0 questions were submitted successfully.

We fixed a bug that displayed a warning message even when there wasn't any data modified. Now, the Access approval table resets when users perform actions like filtering, sorting, or changing the page. A warning dialog informs users about the data reset before they proceed, following a one-time acknowledgment pattern. The warning won't reappear until the page is refreshed.

The button to request access in the Access Requests and in the Extend Access Requests list views will now be hidden if the logged in user does not have permission to request access.

In the Access Request process, the date picker for Valid from to Valid to dates will display according to your language browser and not the language is chosen in the 01.

There was an issue when requesting access from the mobile phone that overlapped the fields. This is now have been fixed.

We have found an issue when requesting access for technical identities in the new UI. Please, use the old UI if you need to request access for technical identities.

We fixed a bug that showed the same context multiple times. Now multiple context assignments with the same ContextId will no longer appear in the business context selection dropdown on the Access Request form.

We fixed a bug that slowed down the functioning of the access request process validation stage for resources with child resources. This was fixed by modifying the order of conditions and implementing a queries cache.

We've identified a known issue related to Access Request, where a validation message is erroneously triggered when the Reason field is empty and the Requires Value checkbox is unchecked.

We have introduced a new feature in Access Approval. You can now review the violations identified during the Policy & Risk check by clicking on the See More button. The summary will open, enabling you to assess the results of the Peer Access Analysis check, Segregation of Duties check, and General Risk check in accordion-style sections.

There is a known issue when selecting account types in the Resource step when requesting access. If the account type in a resource doesn't match the account type associated with the identity you are requesting access for, then the dropdown will be empty.

On the new UI Tasks, Access Requests and Delegations views, if you hide all of the rows and columns you can still click on the rows. When hovering over a row, the row is highlighted and the pointer is changed to indicate that the row is clickable. When clicking, it navigates to the details of the hidden items. To fix it, always show at least one column.

Resolved an issue where survey adminstrators were not assigned to the verify activity when the Confirm before launch flag was set on the survey schedule. Now, survey admins are correctly assigned to the activity upon survey launches.

We have enhanced the Application form by defaulting the fulfillment section to a hidden state. You can adjust the visibility of the section in the configuration.

Resolved a bug that shows irrelevant fields in the Application form. We fixed that by setting to hide the section. Go to Application form enhancement to know more.

In the new UI, for an attribute type based on the Integer data type, if you set the Max. length value to 0, you won't be able to enter any number. You need to leave the field value empty.

In the legacy request access process, you will be asked for an account type when the resource allows more than one account type, the resource has visible attributes, and a request is being made for the resource for more than one identity, where each identity has one valid account.

There was a formatting issue that displayed unintended `` tag in Approval Status on Access List.

Read more about resolved issues and bug fixes in this release.

We have found a known issue that prevents the addition of custom processes to service shortcuts in Omada Identity. To avoid this, before upgrading, back up the UIHomePageActions value in the customer settings to preserve customizations made in the JSON value of the customer setting. The value of the customer setting will be overwritten. Once the upgrade is complete, you can add the changes back into the JSON.

Read more about the changes and bug fixes introduced in this release.

Some classification tags used in the classification process do not have multilingual functionality, and they always display in English, even if you have configured your regional settings and your language settings are in a different language. We are actively working to address this issue in upcoming releases.

We have fixed the description of the CheckIfSetPropertyHasValue code method in the event definition, which previously contained methods with an obsolete status.

We have added a limitation to our documentation related to code methods and triggering event definitions if a code method action results in an update of a data object. Refer to Code methods for more information.

We resolved the issue where you had to select a compensating control after resolving a conflict. Now, you only need to choose a compensating control when a conflict actually occurs.

In case you are using SQL Server 2014 or older in standard edition, the Configuration import profile might fail with:

We fixed a bug that hid a context. Now, even when the context field is hidden, the default identity context is added to Access Requests.

We resolved a bug that was preventing the data object type property quickform from loading when the property is configured as a Set property with a Listbox control type. The default value is now displayed as a dropdown selection.

Here, you can find a list of deprecated or removed features in Omada Identity.

Assignments pending deprovisioning will no longer be included in the SoD violation evaluation process. The Assignments Explorer will display a message for each of the assignments excluded from the process.

Here, you can find a list of deprecated features in Omada Identity. The features are still available in the release in which they are deprecated. This 12-month notice period is designed to allow for the transition to new features.

For consumers using Omada Identity Graph API version 2.3, all datetimes will adhere to the UTC time standard. A known issue arises concerning the ValidTo date of a resource assignment displayed in the Extend Access process versus other places in the system; the dates may not match.

There was an issue with duplicated UIDs in tblAppstr. We've changed the DataObjectType XMLSCHEMA Descriptions of property UID as it was duplicated with other one and the issue has been fixed.

We fixed some Dutch translations.

We're introducing a new option in the Access Request process. The identity details displayed will match what you configured in the Lookup view.

We have extended the available fields in version 2.6 of the Omada Identity Graph API to include CreatedBy and CreateTime in the following queries:

We identified a known issue in GrapghQL API version 2.7. You will get an error when trying to query the createdBy field of the identity, resource or context fields in the accessApprovalPolicyChecks query. We are working to fix this in the next release.

Fixed a bug that caused an error when submitting the Access Review Survey. This issue has been resolved through an update to the survey templates Calculated Assignment for Managers and Calculated Assignments for Resource Owners.

Resolved an issue where an unnecessary warning message was being triggered in the Service page.

There was an issue with initiating a new violation evaluation task after approving an SoD violation evaluation.

To improve handling of the REST connector failed jobs with multiple tasks, consuming extensive amounts of memory resulting in OutOfMemory issues the existing errorResponseFilter setting was enhanced and new responseFilter setting was added. They allow to provide JsonPath that are applied to responses limiting their size:

The Access approval flows supports now filtering and sorting.

The first request for a mailbox fails with a warning due to a missing account. The request is successful in a second attempt using the same mailbox name.

We fixed some German translations in the Access Request process.

The HandleProxyAddresses feature in the Active Directory collector was supporting only the SMPT protocol. The feature was enhanced to support any protocol.

There was an issue when the highwater mark was missing in the master database for the master data import from RoPE. It resulted in the import not storing the new highwater mark. The issue has been resolved.

We've identified a known issue with the See all tasks button link on the Homepage. Clicking on it redirects to the Task list view but fails to display links for Access approval.

We have improved the performance of the resource search in the Access Request process.

When attempting to exclude system objects using the reference property lookup view, the exclusion process failed to reset the reference property of system objects when the DOT number is greater than one. This has been fixed.

There was an issue with incorrect validation when attempting to input an invalid date range that resulted in inconsistent error handling. Initially, entering a valid from value that higher than the valid to value appropriately triggered a red border and displayed the following error message: Access to must be higher than Access from. However, upon subsequently entering a valid to value higher than the valid from value, the red border persisted, and the error message failed to disappear when it should.

We've fixed an issue within the RoPE Initial Password extension. Previously, only newly created account assignments would receive an initial password attribute value. With our recent fix, existing account assignments, without a direct reason, will now be assigned an initial password by the RoPE extension during the provisioning task. This adjustment ensures a seamless notification flow and successful completion of the process.

An issue has been solved in the OData API for calculated assignments. If the scope of the call contained an assignment for a deleted resource, the whole API call was failing. This is contrary to how the calculations look in the user interface. This has been improved.

An issue was identified where the cleanup import profile could lead to fact violation errors, such as: 3 ResourceAssignment objects have no fact row with IsRowLatest = 1. This problem occurred specifically when a referenced account or resource was deleted and recreated in the past.

Provisioning with the Active Directory connector configured resulted in some instances with the Current security context is not associated with Active Directory domain or forest or The RPC server is unavailable. The issue has been resolved and those errors should no longer be encountered.

An enhancement has been implemented in the calculation of the provisioning statuses Pending Deprovisioning and Deprovisioning Failed.

An issue occured when working on a process that generates identities of the type "secondary." Upon requesting access to a custom resource through Legacy Access Request, an error occurred indicating that system id was missing from resource. This issue has been resolved, and Technical Identity Validation will no longer be triggered for custom Identity Types.

There was an issue with the Identity export from Omada Data Warehouse to the Enterprise Server. This problem has been resolved by making the extension attribute case-sensitive in the export mapping.

There was an issue with the Requested by filter in the Access Request. The problem has been resolved. Currently, the values searched for using the Requested by filter in the RequestedBy column align with those displayed in this column.

The preview service failed to multiply results when a multivalue source attribute was used in mapping for a single value target attribute. We have resolved this issue, and the preview service now functions as intended.

Read more about the issues that are known to still exist at the moment of introduction of the Omada Identity update.

Currently, there is an issue where Extend Access Requests in the audit log are logged simply as Request Access, without proper distinction.

We have identified a known issue within the left-side option menu in my Access Staging environment. Some group permissions, such as Employee or Manager, may not display all available options in the menu.

We have fixed a bug that prevented paging from starting on the second page. Now, it resets the currentPage to the first page upon rendering a new data grid, ensuring that the data grid always starts from page one for every listView.

Resolved an issue in the AssignmentAttributeValueDifferentiator that was creating duplicate provisioning tasks due to an extra assignment when the differentiator value is empty, as it pertains to provisioning claim reasons.

There was an issue with a missing exception. The problem has been resolved by adding an app log for data exchange exceptions during unsuccessful imports.

There was an issue with information missing in the WWW-Authentication header and the StatusDescription. The issue has been resolved and for the REST-based systems, the test connection, when failed, error messages are available in both HTTP header and response body.

Some grids in the transfer ownership survey lacked translations. We have resolved this issue by adding translations for captions used in the grid and form fields in the Transfer ownership survey.

Configuring duration for the activities in the survey process template, requires ensuring that appropriate amount of time is allocated for each of the activities. Currently, when a survey is launched, all activities start simultaneously. This may result in lack of sufficient time for assignees in subsequent activities to complete their tasks effectively.

Transferring a large volume of identities between organizations may result in an import issue. It is caused by multiple import threads updating transfer surveys from a single manager.

We introduce version 1 of the new UI Access approval for answering your survey questions. You find a dedicated tab in the navigation pane named Access approvals. This view has tabs for each approval step, such as manager approval, resource owner approval or system administrator. These tabs are always visible, even if you don't have any questions assigned. To check for assigned questions, click on each tab.

There was an issue with displaying long attibute names in the Accest Request UI. This problem has been resolved, and we now fully support and accurately display unusually long attribute DisplayNames.

We have introduced a new option to close the Access Request process. A new button will display to close the request.

We have introduced the Children resources column to the Access Request list view. Now when there are children resources associated with a particular resources, the See more button displays in the row. You can click See more to open a secondary grid that presents all children resources that have been assigned to the given resource.

In the Account List (WAC001) report, the Account parameter now uses the Account Name for filtering purposes instead of the Account UID.

We have incorporated a direct link to Omada Academy within the Navigation pane. Clicking on the tab will promptly redirect you to our Omada Academy portal. This tab is initially visible exclusively to administrators, but it can be configured to be accessible to other roles as well.

We have introduced a new menu section that enhances the user experience for administrators. This section provides access to critical list views, such as Identities, Resources, Technical Identities, Applications and Surveys, each featuring an updated user interface. To access the menu, click on the List views (Beta) tab on the navigation pane. This menu item is availalbe to Administrators and Service Desk users.

We have introduced new queries in the Omada Identity Graph API. policyCheckConfiguration to check if any policy and risk check is enabled for the approval survey and accessApprovalPolicyChecks to run a policy and risk check for the question assigned to the active user in the Access approval survey.

We have introduced a new Queue identity for recalculation authorization element. From now on, to queue identity for recalculation, you must have the QueueIdentityForRecalculation permission assigned.

We've fixed the OData viewId response to contain properties from View Displayed fields and basic DataObject properties, such as:

The OData API can now be used to manage (read and provision) all out-of-the-box and custom properties of users (accounts) and user groups (resources) entity types.

We've introduced the Omada Identity Governance feature to efficiently manage the users and user group memberships of the Enterprise Server.

Omada Identity installation currently necessitates outdated components. To address this, we have incorporated workarounds into the Installation guide:

In the new UI, on the Access page with the Onboarding guide tooltip opened, if you click OK in the tooltip, the whole grid will reload.

We have identified a known issue in the Policy Check for Access Approval. The policy checks currently display violations for resources in all steps of the survey, rather than just the selected step. We are actively working to address this issue in upcoming release.

The arPopularityEnabled customer setting enables customers to enable sorting resources by popularity on Resources Search field in Access Request flow. Introducing the filtering version for the resources autocomplete, coexsting with the exisiting paged version, can be configured with the EnableSearchFiltering setting. Configuring it to true results in replacing the Paged version with Filtering version.

We fixed a bug that was preventing to set a Valid to date from the past when requesting access.

An issue, where a duplicated preview request resulted in the preview service error has been resolved. In a situation when a duplicate request is registered, the existing preview query request is removed.

We have identified an issue where the preview update button is missing in System Queries & Mappings. If you encounter an error during upgrading, you'll need to perform the update manually by adding the script jsinc/OIM.SystemOnboarding.DataMapping.Preview.QandM.js to System onboarding > Script files.

There was an issue with QueueIdentity Webservice that could be called by any authenticated user. We have fixed that by introducing a new Queue identity for recalculation authorization element.

In any email template using the built-in email properties, the [ReceiverFirstName] and [ReceiverLastName] were not replaced with the actual values.

ValueGenerator.GenerateUniqueValue code method failed if the expression contained a reference path with filters. This issue has been solved.

The Omada Identity Update releases bring exciting improvements and enhancements in a variety of the product areas. Read more about the changes and bug fixes introduced in each of the Releases.

Since we have updated the API, the code that was marked as deprecated in V12, that is, ObsoletedInVersion12, is now removed.

Since we have consolidated target logs and stopped writing records to the tblServiceEvent table in the Role and Policy Engine database, this table is now removed.

We no longer support the VBScript CodeMethods. The Omada.OE.UtilityCodeAssembly.VBScript and Omada.OE.Solution.OIM.Assembly.CallVBScript code methods are now removed.

There was an issue with removing objects during reconciliation from simple arrays. The issue has been resolved.

When either ValidFrom or ValidTo fields are empty in a Resource object (but not both), the Resource status is not updated correctly with the associated event definitions.

The REST connectivity has been enhanced with the following improvements:

The Password Reset Service, which was previously a distinct feature in the Enterprise Server installer, has been removed. This feature allowed the reset of passwords generated through the Enterprise Server password reset processes. The process specifically targeted systems and accounts connected to MIM using the PCNS service.

It is not possible to recover references between resources and resources assignments once they have been deleted. If you have deleted them, then you should create them again. The issue extends to all references between data objects.

Fixed an issue in the context of a Parent/Child relationship where no overlap existed in their validity periods. This problem resulted in calculations failing due to an invalid validity period.

We have enhanced RoPE for identities with a validity period starting after the PreValidity. Previously, the calculation of such identities could trigger a warning related to a missing account. With this update, the warning has been eliminated, and assignments are still not generated.

There were Omada Provisioning Service issues related to the way security protocols were implemented in the SAP connector. The issue has been resolved with the SOAP, Entrust, and MijnCaress connectors setting the TLS security protocol on the connection directly instead of using the global value.

We've introduced a new customer setting called Use new UI for approval. This setting enables you to switch all approvals to the updated Access Approval flow. This includes a Task card on the home page which will redirect to the relevant tab on the access approval page.

In some cases, a violating assignment with multiple reasons, including a ReviewOK reason, triggers an unhandled exception in the SoD evaluation feature. We've now fixed the underlying logic to ignore the order of reasons in an assignment.

Fixed a bug that triggered an exception when assignments were blocked in the SoD evaluation process and an expiration date was selected.

The grid will now display the name of the business process in conflict with another resource. If the process is a child of another process, the parent process will not be mentioned. This differs from the constraint, which only shows the parent business processes.

It is now possible to select Today as Expiration date in the Segregation of Duties evaluation process.

There was an issue with column names containing key words or special characters, causing the collector to break. Now to ensure that names are processed correctly the SQL queries generated by the SQL Query Collector for Generic databases encapsulates column names in special characters:

The Identity Delete query in Data warehouse to Cloud management portal has been fixed to exclude identities that are deleted after their ValidTo date, since such identities are deleted already by the Enterprise Server.

If you hide a required column, such as the Approve/Reject column in the access approvals grid before adding a value to the column, then clicking the Submit button won't produce any action.

We have resolved a recent bug that was causing the Log Entries button to be hidden when opening the survey questions of a completed survey.

There is an issue in the Access Request approval process in the new UI. While using the text description of the resource, you use the Cannot find the resource? link, where you can write your description of the resource you want. When submitted, the request interpreter gets a task but the description is not copied over and it only displays "test".

In Surveys, when applying a filter to the Status column and choosing the Missing answers option, the appropriate questions are now loaded.

We fixed an issue that was preventing the editing of transitions when creating a survey. Now, it is possible to create new transitions from the process designer and the list of transitions.

For CRAs with no actual state, a survey verdict will not extend its validity through the using the days before verdict expires field in the survey form. Instead, it will maintain the initial validity established on the direct assignment.

The Map null values setting in the Advanced settings section is enahnced with the possibility to set it for specific operations. It can be configured to true value for the combination of the following operations:

There was an issue with the Cleanup timing out during the rebuilding of XML indexes for the Identity table.

The Title, Description, and Estimate fields are no longer editable when modifying a published Transfer Identity Assignments survey template. You can make changes to these fields directly in the associated activity within the published survey process template.

We've identified a known issue related to setting the number of days in a form when using the Timespan format for the value property. Please, use the legacy UI if you want to set days.

The Manual Provisioning Extension had an issue where, upon disabling an Orphan Account, Omada Identity would check for the Previous Calculation of the Unresolved Identity and incorrectly assume that the Orphan Account Calculated Assignment also had a prior Calculated Assignment. We resolved this by fixing the logic, ensuring accurate handling in such scenarios.

We have introduced new updates to the survey templates: Calculated Assignment for Managers and Calculated Assignments for Resource Owners. These updated survey templates now incorporate the option Days before verdict expires in the post-action handler.

We have identified a known issue when switching timezones from user settings (to the day before or after), the dates entered during the submission of an Access Request may differ from the dates displayed in the access list or resource assignments list.

The assignment will be disabled due to the revocation if it has been explicitly revoked from the assignments grid or from the survey, and it has been assigned with a new direct assignment or an assignment policy before the deprovisioning has been confirmed.

There was an issue with the changeset - it did not apply any changes to a view field title when it was supposed to be set to null. This has been fixed.

Some options were not disabled to modify when a user had no permission to perform actions on the View page. This has been fixed.