Release highlights

We've just released Omada Identity update! What's new?

Access-related updates

Search filtering in Access request

We have introduced a new menu to the "What do they need?" resource search, surfacing options to filter by System Name or Resource Type. The search filtering now operates with increased performance. When you select a filter, a chip representing the filter is created in the autocomplete field. The resource list and available filters are then filtered accordingly. Filters can be removed by deleting the corresponding chip from the autocomplete. Additionally, a Recent Filters section has been added, storing the five most recently applied filters.

Access request date picker

We have implemented an update to the date picker in the Access request and Extend access flows. This enhanced date picker improves usability by offering a more intuitive and user-friendly date selection experience. By default, the Valid From date is set to the current day, and the Valid To date is set to Never Expires.

Access Request "Eligibility Filtering" added to search query - Technical Preview

The Graph API has a new search filtering functionality for Access Request. This change introduces context-based visibility rules for resources, allowing you to pre-filter the resources that can be displayed in Access Request to resources that match the context of the selected identities.

• A resource tagged with Context B and Context C will be visible in search results only if selected beneficiaries are assigned to one or both of these contexts.
• If a beneficiary is added without Context B or context C, the resource will be excluded from the search results.
• Resources without any defined context will always appear in search results, ensuring comprehensive accessibility.
• A warning dialog will appear if you navigate back to step one after selecting resources and attempt to add a new identity. The warning dialog will inform you that the selected resources will be cleared if you proceed.

Important

To access this feature, please ensure that the Enable resource eligibility filtering customer setting is enabled. For detailed instructions on how to enable this setting, refer to Access request documentation.

Technical preview

In the current release, the new filtering query is provided as a Technical Preview feature only. In Technical Preview, this feature increases the time required to perform a resource search, thus we recommend you do not use it in production environments. If you wish to test this functionality, please get in touch with Omada Service Desk.

Access request Reason field

We have enhanced the Extend access process. It is now possible to set the Reason field as optional. This is configured in the access request form. The Reason field can also be omitted from the form if it is considered unnecessary for the access request.

Refer to Access request to know more.

New date picker in Access request and Extend access

We have introduced a new date picker for selecting dates in the Access request and Extend access flows. This date picker enhances usability by providing a more user-friendly and intuitive way to choose dates.

Mass editing in Access approval

We have introduced the possibility to edit multiple questions in Access approval. When multiple questions are selected, the following fields can now be edited and saves accross all selected questions:

• Comment
• Valid to
• Decicisions (Approve/Reject)

info

For this functionality to be available, you must enable mass edit. To do that, refer to Use cases. The visibility and editability of these fields during mass edit can be configured in the Survey template under the Forms tab by selecting Fields from the menu. If none of these fields are set as visible/editable, mass edit will effectively be disabled for the survey.

note

Translation support for this feature is not included in this release. We're currently working on it, and it will be available in the upcoming release.

Reassign questions in Access approval

We have introduced the possibility to reassign survey questions to designated users with the new UI. You can now select and assign survey questions to specific identities directly from the survey interface.

Refer to Access approval to know more.

New pane in Access request

We have introduced a new pane in the Access request that displays information about the identity or resource you are requesting access to. Now, when you click on the identity or resource, a pane opens with detailed information about the related identity or resource.

UI/UX and functionality updates

Item counts in the main menu

We have introduced a new feature in the main menu. A badge will now be displayed in the main menu to indicate the number of pending tasks you have.

Important

The Item Count feature is activated only if the customer setting for New Approvals as Default is enabled.

History timeline

We have implemented a new feature on the Identities page. When you select an identity and click the More button under Direct Assignments, you will now have access to a new functionality that displays the historical timeline of the selected assignment.

Enhancements to the Identities view

We have introduced some improvements in my identities view.

• The Access rights section will no longer display the Direct Assignment button if there are no direct assignments available.
• If multiple reasons exist, a count will be shown; otherwise, the specific reason will be displayed.

New UI for detailed view

We have introduced a new UI enhancement in detailed view upon triggering the Edit action. This detailed view is presented in a tabbed interface, where each tab’s content can be customized based on the specific configuration. Additionally, the detailed view can also be accessed directly from the Identifier/Key column.

New Identities package in the main menu

We have rolled out a new Identities package now available in the main menu for easier access. This update includes the new Identities and My identities list views, which open the new Identities form and support the current Form and List actions. This release also ensures that your existing columns are retained by default, while fully complying with our security model.

Enhanced visual status indicators for Access view

We have introduced color-coded indicators for the approval, provisioning, and violation status columns. These visual enhancements aim to improve the user experience by making it easier to quickly identify the status of requests. The new color scheme is as follows:

• Approval status:

  • Green dot for approved requests
  • Red dot for rejected requests

• Provisioning status:

  • Yellow dot indicates that provisioning is pending

• Violation status:

  • Yellow dot highlights assignments in violation
  • Absence of color indicates there are no violations

Connectors

New connectivity packages are available:

• CyberArk Privilege Cloud
• Windows Server Fileshare
• Jira Relay
• Linux: SUSE, Debian, Red Hat, Ubuntu
• Windows Local Server
• DocuSign

Functionality updates

• You can now add manager attributes when importing accounts using the Microsoft Active Directory connector. See Microsoft Active Directory for details.
• We have added an option to include a client certificate in the OData, REST, and SCIM data imports (collector). This option is also available in the REST and SCIM data provisioning (connector).

New setting to deprovision assignments for unanswered questions in surveys

We have introduced a new setting in Access Review surveys named Deprovision assignments for unanswered questions if the survey is closed prematurely. If enabled, this setting deprovisions assignments for all unanswered questions if the survey is closed prematurely. It is available for the default surveys 'Access review for managers' and 'Access review for resource owners'. If you wish to use this setting for an adapted Access review survey, you can do so by copying one of the default survey templates.

Upon closing the survey manually, the survey administrator will see the following warning dialog:

To confirm closure with deprovisioning, enter DEPROVISION in uppercase. If not entered, it will not be possible to close the survey in this dialog. If you need to close a survey without executing the deprovisioning action, a system or operations administrator must terminate the survey process and use the mass update functionality to set the survey status to Completed.

If a survey is closed through an event definition with this setting is enabled, assignments will be deprovisioned at the close of the survey.

Reports enhancements

We have enhanced the Reports feature with the following updates:

• We have added new parameters to reports, including status, unique ID, classification tags, and more.

  

• We have introduced an option to generate a PDF version of the report with a customizable page size and orientation.

  

For more detailed information on the reports and their overview, refer to the Reports documentation.

New Form and List Actions view

We have introduced a new view with Form and List Actions. Now it is possible to perform action configuration using this new form. Here is what you can define:

• Action name and description
• Choose where the action button displays: List, Details Form, or both
• Decide on the action button location: Toolbar or Context Menu
• Set the order in which actions are executed
• Pick an action icon
• Action active flag
• Specify object types for which the action is available or not available
• Determine views where the action is available or not available
• Define the required user permissions to to data object for triggering action
• Identify the user groups authorized to trigger the action

Limitation

You can't attach a script that changes actions' behaviors or impacts users' permissions to a given action.

Refer to Master settings to know more.

Compliance workbench - system details

We have introduced a pie chart in every system detail pane. This section provides a detailed breakdown of the compliance state of all Calculated Resource Assignments for each specific system.

System details pane behavior:

• When accessing the pane via the context menu, the System Status accordion will now open by default.
• When accessing the pane by clicking a compliance state on the main list, the accordion will remain closed.

These enhancements aim to improve the visibility and accessibility of compliance data for each specific system, ensuring more efficient user experience.

Refer to Compliance Workbench to know more.

Governance for Omada Identity improvements

We have added the following improvements to the Governance for Omada Identity feature:

• Improved migration of existing Omada Identity self-management resources:

  • Changed the resource category from permission to role.
  • Set the Prevent self-service (in third-party applications) flag for the corresponding child resource and the Group Member resource.
  • Set the Disable conditional inheritance flag by default.

• Added a task mapping to import descriptions of user groups.

Managing built-in attributes on the user object

A set of Data Object Types, Properties and Attributes (among other configuration objects) has been added to the system under the feature Governance for Omada Identity to facilitate managing the built-in user attributes:

• Regional settings
• Language
• Time zone
• Work week

Please refer to the configuration guide for details on how to utilize the attributes.

Various updates

Discontinuation of SQL Server 2014 support

As of July 9, 2024, SQL Server 2014 is no longer supported by Microsoft. Consequently, we no longer provide support for setups using SQL Server 2014 in our services. Please upgrade to a newer version of SQL Server to ensure continued support.

Vault service requirements update

We have updated the software requirements for Vault service. With the current on-premises update, Vault service requires the newest versions of the following:

• ASP.NET Core Runtime 8.0.x
• .NET Runtime 8.0.x

System overview for Horizons

A new system overview is available for Horizons-enabled instances - it presents the latest statuses of the systems. See the System overview section for details.

A new RoPE configuration for self-management extensions

A new configuration is now available as part of the self-management extensions - LoadDataInParallel, allowing the batch preparation to be done in parallel. See the Self-management section in the RoPE standard extensions for details.

Configuration update for Omada Data Warehouse (ODW)

We have updated the configuration procedure for the Omada Data Warehouse (ODW). Now, before running the Configuration Package (Omada ODW Configuration.dtsx), a new record must be added to the dbo.tblApplicationSetting table. This record specifies the installation path for ODW.

For more information and detailed instructions, refer to the Omada Identity Data Warehouse installation documentation.