Resolved Issues and Bug Fixes

Read more about resolved issues and bug fixes in this release.

UI and UX

Date picker date selection issues

Due to different date formats, including time zones and configured offsets, there were inconsistencies during date selection causing several issues. The issue has been resolved by removing the adjustDateOffset function and instead retrieving the browser's local date and time. This simplifies the data selection process and avoids inconsistencies.

INC-283160

Eligibility filtering issue

There was an issue where, with the showAlreadyAssignedResources setting was enabled, the beneficiary list was not sent to the API for the eligibility filtering purposes. As a result, the eligibility filter was unable to filter out relevant resources. The issue has now been resolved and relevant data is filtered.

INC-288876

HTML tags not rendering correctly in dialogs and fields

In some dialog boxes and fields the HTML tags were not rendered correctly. The issue has been resolved and HTML tags are now rendered as intended.

INC-294810

Incorrect number of tasks shown

There was an issue where the number of displayed tasks was incorrect. When a workflow step had a name other than the default one it was not counted in. The issue has been resolved and the counter displays the actual number of tasks.

INC-283101

Restrictions on the DefaultValidityForAccessRequest setting

Editing rights for the DefaultValidityForAccessRequest setting were limited to platform admins. The restrictions have been lifted and non-platform admins are allowed to edit the setting.

INC-285245

Read-only access to identity views on assignment policy

We have fixed an issue with the read-only state of the Identity view field in the Assignment policy data object form.

INC-290453

Tables infinitely loading when using the Norwegian language

In some cases, if users adjusted Norwegian application strings through the UI and then switched to use the Norwegian language, an issue could occur where some tables would display their loading animation indefinitely. This has now been fixed.

INC-297003

Missing translations of widget titles

We have enabled the translations of widget titles on dashboards where those translations were missing.

INC-286603

Performance issues

To reduce loading time and avoid session crashes, we have:

• improved performance when running Policy and risk checks in the new UI access approval flow,
• simplified the counting query to improve performance when updating the count of items in the menu.

INC-286918

Approving or rejecting requests with valid to set in the past

Due to an issue, it was impossible to approve or reject an access request that had the valid to in the past. We have now made it possible.

INC-289917

Export option not working under access approvals

The export option has been removed from the Approvals page, as exporting is available for the List views only.

INC-290584

Error message when using the assignment explorer

We have fixed an issue where the assignment explorer in the old UI would not open if references attribute values had identical names.

INC-290125, INC-289040, INC-290153

Checkbox in Identities forms not storing unchecked values

In the Identities form, there was an issue with storing the value of the checkbox Has pending acceptance of terms documents. If the checkbox was checked (that is, set to true) and you unchecked it (that is, set to false), it would still be saved as checked. This issue has now been fixed.

Inconsistent Revoke option display for birthright resources across different identity views

When viewing birthright resources across different identity views, there was an issue with an inconsistent Revoke option. It has been fixed by adding a missing verification to the grid row to decide whether the Revoke option should be shown or not.

INC-295006

Menu structure not selectable to delete

Previously, clicking a checkbox in the menu structure also opened the corresponding item, making it impossible to select it without opening. This issue has been fixed: checkboxes can now be selected independently, allowing you to choose multiple items and use the Edit or other action buttons as intended.

INC-289445

Written request and extend access map broken in Access page

Several improvements have been made to enhance grid behavior and navigation:

• Tabs now open the correct grids without errors.
• Grids display the appropriate data and column definitions.
• Filtering, sorting, and pagination work as expected.
• Visual styles have been corrected, removing unintended blue cell highlights.

Access request validity date - wrong date format according to user settings

Date formats now display correctly for users in English-speaking regions that don’t use the US format, such as the UK, Australia, and India. This update ensures dates are shown consistently according to local formatting standards.

INC-285865

Access page column positions resetting after each move

We have fixed an issue with column order: you can now reorder columns in the Access page grids across all tabs. The selected column order is saved in your user settings, so your preferred layout persists between sessions.

Access page: + button missing in languages other than English

The + button on the Access page was not displayed when using languages other than English. This occurred because the system relied on the English process name to locate the button link. The issue has been fixed: the button now appears correctly in all supported languages.

INC-296884

Access page reloading when navigating between tabs

Switching between tabs on the Access page no longer causes the content to reload unexpectedly. Navigation is now smoother and more consistent.

Enterprise Server

Error executing webservice – System Owners

We have fixed an error with executing the web service which occurred in the System Overview when selecting the System Owners.

INC-290074

Empty date in copy rules blocking access to all copy rules

We have fixed the displaying of copy rules with empty copy values and added validation before saving the data in the copy rule fields.

INC-287321

Event definitions failing to trigger object creation

There were issues with event definitions on object creation that sometimes was not triggered correctly. We have now fixed it.

INC-291739, INC-291282

Access modifiers and property security

We have enhanced the security measures in the access modifiers listed below, preventing the Property security configuration from being overwritten. This way, we avoid the disclosure of property values for properties that are protected by the Property security (which could only happen if the user had read access to the object under the business rules of the access modifier).

In the default configuration, the following Data Object Types have an access modifier set on the type definition:

• Access requests
• Activities
• Application onboardings
• Context assignment requests
• Context assignments
• Data update requests
• Delegations
• Evaluate identity violations
• Identities
• Onboarding contractors
• Onboarding employees
• Password reset enrollments
• Processes
• Provisioning tasks
• Resource assignments
• Resource folders
• Resources
• Survey templates
• Surveys
• Systems

The following access modifiers have been updated:

• ActivityAccessModifier
• FullReadAccessModifier
• ProcessAccessModifier
• ProcessTargetAccessModifier
• CalculatedRolesAccessModifier
• ContextAssignmentsAccessModifier
• ContextIdentitiesAccessModifier
• ContextObjectsAccessModifier
• DuplicateRoleAssignmentsAccessModifier
• IdentitiesAccessModifier
• IdentityContextsAccessModifier
• IdentityRequestableRolesAccessModifier
• IrrelevantRoleAssignmentsAccessModifier
• ManagedIdentitiesAccessModifier
• ManagedOrOwnedObjectsAccessModifier
• MyContextsAccessModifier
• MyDelegationsAccessModifier
• MySurveysAccessModifier
• ObjectsWithIdentityPropertyMatch
• OrgUnitsAccessModifier
• OwnedContextsAccessModifier
• OwnedRolesAccessModifier
• OwnedSystemsAccessModifier
• PasswordResetAccessModifier
• ResourceFoldersAccessModifier
• ResourcesAccessModifier
• RoleAssignmentsAccessModifier
• SecondaryIdentitiesAccessModifier
• SystemRolesAccessModifier
• SystemRoleSelectionAccessModifier

DOT lookup error when creating a new event definition

We have fixed issue in the event definition dialog that caused a validation error Must be greater than 0 if the Name field has not been populated prior to submitting the page.

New data object type misusing SM_GROUPS property

The system now automatically transfers values from the old SM_GROUPS property to the new FLA_REQUIRED_USER_GROUPS property. The outdated SM_GROUPS property has been removed from the FORMANDLISTACTIONS data object type, and all related features now use the new property for improved consistency and maintainability.

INC-291012

Resource assignments placed under wrong system

We have changed the way we sort resource assignments on the old Identity page. Now, we sort them first by system name (alphabetically), and second, by systemId. Additionally, we allow user sorting.

This change fixes the problem with displaying resource assignments under wrong systems when multiple systems have the same name.

INC-293650

Bug in the application role resources

There was an issue with the resource access modifier and the resource folder access modifier that would cause most property fields on the data object form dialog to become read-only if the user was both a Data Administrator and an owner of a resource object or a resource Folder object. This issue has now been fixed.

INC-288605

Issue preventing timer-based event definitions from updating the identity status

We have fixed an issue that prevented the timer-based event definitions from updating the identity status from Locked to Terminated.

INC-292855

Failure to create copy rule

There was an issue with the creation of new copy rules with a constant value of the Boolean type that could lead to not accepting the selected value. We have now fixed it.

INC-293473

Governance missing DisplayName resolver

We have resolved an issue where the USERGROUPREF values in resource assignments were not displayed as human-readable names when included in the AttributesToResolveDispValuesFor customer setting. These values are now correctly resolved and shown with their display names.

INC-294553

Failure to open decision activity in process template

There was an issue that affected process template element coordinates in locales where the decimal separator is a comma (,). The issue occurred when saving graphs due to an incorrect transformation of element locations, and it has now been fixed.

INC-295055

Azure Log Analytics - missing mail content

After an issue with missing mail conent, we now limit mail message length in log targets to 256 bytes to prevent exceeding the Azure log limit of 32,000 characters.

INC-294487

Code method copying wrong data with reference path empty

An issue was fixed where the CopyPropertyValuesFromReferencePath code method could copy incorrect data if the reference path property on the source object was not set. To resolve this, a new method, CopyPropertyValuesFromReferencePath2, has been introduced, which exits safely when no reference path is defined. The previous CopyPropertyValuesFromReferencePath method has been marked as obsolete.

INC-292005

Changes being recorded in non-recording Environments

There was a defect causing excessive logging of configuration changes to the vertical order of data object filter expressions. We have now fixed it.

INC-284760

Timer Service memory consumption

We have fixed an issue with excessive memory consumption by the Timer Service.

ES Timer Service running but not updating Archive

We have applied improvements to the performance of the Audit Trail.

INC-284318

URL encoding in menu items

There was an issue that caused double encoding of the value in the Menu item URL field when the URL contained an encoded value.

INC-286620, INC-285634

Page variables menu

To enhance our security measures, we have removed the Page variables menu option that appeared after pressing CTRL and right-clicking on a variety of pages, for example, Services and its subpages.

INC-289704

Child permissions in multiple roles extending role validity

We have fixed a problem where child permissions in multiple roles could extend role validity.

INC-284761

Special characters in History view

Before, the use of special characters in the History section within an identity caused errors. We have now fixed the encoding of user names in the data object history.

INC-288900

Role and Policy Engine

Permission compliance status set wrongly to Explicitly approved with Parent review

There was a bug related to the ReviewOK reason: the child resources were inheriting the ReviewOK reason from the parent, which was causing the compliance status to be set to Explicitly approved instead of Implicitly approved. Now, this wrong behavior has been fixed, and children do not inherit the ReviewOK reason from parents anymore.

INC-285597

MultiValue resource-driven attribute failing

There was an issue where the RoPE AttributeValueResolver extension ignored the MultiValue attribute if there were spaces between the values in the extraInfo. We now support the syntax with a space after the semicolon: Type:ReferencePath; MultiValue:True.

For details, see the following table in RoPE standard extensions:

INC-291382

Failing RoPE calculations

There were issues with failing RoPE calculations. They have now been resolved: deleting old Calculation Queue, Cycle Run, and Object Event items is now done in batches of 1000 to avoid timeouts and prevent excessive locking of the tables.

INC-290898

Validity period warning

Before, there was a RoPE info message about excluded validities when the identity validity was invalid, and the excluded validities did not intersect with the identity validity. Now, this message is only shown if the excluded validity is valid.

INC-284147

Assignment policy update events causing identities to be added twice to the calculation queue

Before, identities affected by a change to an assignment policy could be added to the calculation queue twice. This issue is now resolved.

Failing RoPE calculations (property definition not being correctly loaded from cache)

Previously, RoPE calculations sometimes failed with the error message: Calculation of an Identity failed due to Error calculating queued identity '<Display Name> (Partition 0)': Object reference not set to an instance of an object. The issue was related to the property definition not being correctly loaded from the cache, and it has now been fixed.

RoPE not queuing new changes

RoPE could fail to populate the queue because of an SQL timeout when querying modified data objects with owner property changes. The query has been optimized to process fewer objects at a time, preventing timeouts. In addition, error handling has been refactored so that transient SQL errors—such as timeouts—no longer block the remainder of the queue population process.

INC-295362

OData DateTimeOffset values

We have updated how DateTimeOffset values are serialized in OData responses. Previously, OData returned DateTimeOffset values using the offset of the host machine’s default time zone, even when the values represented Coordinated Universal Time (UTC). Now, OData consistently returns DateTimeOffset values using a zero offset (+00:00), clearly indicating UTC. This change improves clarity and ensures time values are interpreted correctly across systems.

INC-293811

Failing calcuation of identities

There was an issue where risk score calculations based on child resources caused a System.InvalidOperationException if no children were present. The calculation is now skipped when a resource has no children, and processing continues with the next risk score step.

INC-296855

Slow RoPE calculations

There was an issue with slow RoPE calculations. We have fixed it by implementing a performance improvement in the synchronization of user group memberships in the self-management extension.

INC-283861

Implicit assignments for the unresolved identity

The performance of the calculation of the unresolved identity has been improved. RoPE will no longer try to resolve implicit assignments for the unresolved identity, because in this case, the ownership of the underlying permissions is undefined, and therefore, an implicit role assignment would not reflect a well-defined state.

Omada Provisioning Service

Purging mechanism for provisioning jobs fails

The purging mechanism for provisioning jobs could fail or time out when processing a large number of jobs. It has now been optimized to handle higher volumes efficiently and avoid failures due to timeouts.

INC-289117

Disable provisioning

An issue with the provisioning jobs still being created with the Disable provisioning setting enabled has been resolved. The provisioning jobs are still being created and queued for provisioning, but they are not performed, and they keep the pending status.

For more information, go to Provisioning section.

INC-287508

Omada Data Warehouse

Import issues caused by language names

Before, there was an issue with the population of the archiving database when the name of a language in tblLanguage had been changed manually to contain reserved characters. The issue is now fixed.

INC-290133

System maintenance: update search data

The update search data command-line tool has been enhanced to efficiently handle larger datasets.

INC-284122

Export performance issue

There was an issue with export performance when large volumes of object required reexporting due to initial failure. The export process has been optimized and the performance improved.

INC-286900

Access Request

Incorrect account option selection for access request

We've resolved an issue where users were able to select invalid account types during access request process. Now, it's possible to only select account types that exist on both the identity and the resource.

INC-298579 INC-298868

Request cancellation notification

We have fixed an issue with request cancellation notifications by adding a new template with actual values and removing the empty ones.

Access request still pending when Requested User is not active anymore

There was an issue that would cause an error when using the survey object shadow types where the user who created the survey had been deleted. The issue has now been fixed.

INC-290148

Resource owner cannot extend their own access

We have fixed an issue in the Extend access process that would cause an error when trying to extend access for a resource where the approval survey would be auto-completed.

INC-289504

Status of access requests - Approval survey launch cancelled by cleanup job

Due to an issue, in some cases, the access request page would incorrectly show the message: Approval survey launch cancelled by cleanup job. It is now fixed.

INC-293867, INC-292662

Homepage default widget for access request always pointing to old interface

Before, a bug caused the homepage default access request widget to always redirect to the old UI. We have now fixed it.

Additionally, before this change, the configuration of the home page action cards was using the name of the processes. That led to a number of issues when using the application in languages other than English.

Now, we have changed it so that it uses the ID of the process, but we have not changed the current configuration that users have. Right now, the system works with both names and IDs (although IDs are recommended to avoid any translation issue). If you want to use the IDs instead of the name (recommended option), the administrator should go to Setup > Homepage Configuration, select the default process cards, and save again.

INC-293455

Wrong status for access request after cancelling

There was an issue that caused a wrong access request status to be displayed after the request was cancelled. We have now changed the way the status is generated, and the issue is fixed.

INC-293867

Access request assigning business context despite it being disabled

Due to an issue, the context was being added despite being disabled. It has now been resolved.

INC-297990

Written access request requiring to use context

There was an issue where access requests required providing a business context. It was caused by incorrectly checking if the context selector should be shown or not, and that has been fixed now.

Additionally, if you select 2 identities without a common context, we now show an error message indicating the problem: No common context between selected identities.

important

If you make the context not required in the Request access form, you also have to make the context not required in the Interpret request form; otherwise, you will not be able to interpret the request, as the context will be missing.

INC-297242

Access request cancellation provisioning the request after cancellation

We have implemented a fix which prevents cancelled access requests from getting provisioned under certain conditions (if the request contains the valid to date later than the same day).

INC-291038

Reserve accounts

Previously, in the access request process, an account resource could be requested twice if the second requests happened before the first request was included in a RoPE calculation. We have fixed this issue in the old UI.

SR-280855

Resource assignments originating from old access requests impossible to extend

There was an issue with resource assignments originating from old access requests that could not be extended. We have fixed it: now, the Extend access process no longer applies the value of the MyRequestCreateTimeDays customer setting to filter the extendable resource assignments.

INC-285984, INC-286236, INC-284218

Resource assignments older than 9 months not visible in Extend access process

Due to an issue, resource assignments older than 9 months were not visible in the Extend access process. We have fixed it now: the Extend access process no longer applies the value of the MyRequestCreateTimeDays customer setting to filter the extendable resource assignments.

INC-288385

Business context forcibly configured

We've resolved an issue with the business context being assigned to resource assignments, even though the business context was set to hidden in the Request access - Submit form. Now it's possible to create resource assignments without a business context if it's not required.

INC-289065

Unnecessary approval assignment mail sent

There was an issue where an unnecessary approval assignment email was sent when the request was auto-completed. The issue has been resolved and obsolete notifications are not sent anymore.

INC-288782

RoPE calculation behaviour for cancelled access requests

We fixed the issue where cancelled access requests were incorrectly treated as directed assignments - the cancelled status is now skipped during resource assignment load in the Role and Policy Engine.

INC-294979

Access approval

Error when accessing attribute link from approval page

A bug resulted in an error message when trying to access the attributes of a resource assignment when the user did not have admin rights. We have now fixed it.

INC-289671

Issue with the approval Reassign questions dialog box

In the access approval proces, there was an issue with filtering the Reassign questions dialog box. It is now fixed.

INC-295813

Duplicate approvals with New UI for Approvals customer setting off

We have resolved an issue causing duplicate approvals when the New UI for Approvals customer setting was disabled.

INC-294842

Surveys

Survey export stability

We have introduced a new customer setting MaxSurveyExportDownloadObjects to resolve an issue with large numbers of objects downloaded in a single export resulting in instability and timeouts. By default, the setting value is set to 50. If the configured threshold is exceeded, the Download immediately option is disabled, allowing you to manage performance and maintain system stability during the export process.

For more information, go to the Customer settings section.

INC-292901

Survey mail notifications - incorrect behaviour

The incorrect behaviour of survey notifications has been fixed - now only the approvers that still need to perform an action are notified.

INC-293934 and INC-294121

Generating surveys causing system hang-up

We have improved the performance when launching parent/child surveys.

INC-281484

Survey failing because of special characters in description

Previously, the use of special characters in Survey template name and description fields caused an error. We have fixed it now.

INC-287515

Forms in a process: reverted changes in translations

We have fixed an issue that occurred while saving translations of application strings for form field titles.

INC-285762

Customer setting value overwritten during upgrade

We have resolved an issue with the EnableResourceEligibilityFiltering customer setting being overwritten with its default value during upgrade. The value is now retrieved from the database and holds the configured value.

INC-287348

Onboarding values overwritten

We have resolved an issue with the onboarding values being overwritten when changes were introduced in the System Update view. Now, introducing changes to the system related fields doesn't affect onboarding values.

INC-288487

Error when assigning child resource to application role

There was an issue with failing attempts to assign a child resource to an application role resulting in an error for violating constraints. The behavior of the Omada.OE.Solution>OIM.Assembly.PackagedSolution.SoDV2.AreResourcesInConflict code method has been updated to throw an exception only if there are violations of the constraints related to a resource.

INC-288374

Password reset functionality issue

The % character was incorrectly interpreted when providing a new password, preventing the user from logging in. The issue has been resolved, and the % character can be used in the password.

INC-285596

SAP HANA deletion fails

There was an issue with the deletion of SAP HANA accounts. Using commands (for example, DeleteIfExists) in curly brackets was not effective. The issue has now been resolved.

INC-288621

Error message on revoke

We've resolved an issue in the new UI where the revoke button was visible to users without the appropriate permission.

Disclaimer

For resource owners, the revoke button is visible for all resource, but is only effective for the resources assigned to them. Otherwise, selecting the revoke option results in an error.

INC-287074

Compliance workbench showing system health incorrectly

We have fixed an issue where Compliance workbench did not show system health correctly (despite the existence of assignments that were not approved, it showed 100% completion). The root cause of the issue were two survey templates with the same system name.

INC-284157

Connectors

Active Directory returning warning when manager was not set

Active Directory returned a warning for accounts which didn't have manager set when importing data. This has been changed to the information log.

INC-294755

Boolean parameters not sent correctly by the Powershell connector

Boolean parameters were not sent correctly by the Powershell connector to the Powershell scripts, causing provisioning task errors. This issue has been fixed.

JWT sends empty fields resulting in invalid requests for some APIs

The REST OPS connector sent all standard headers and claims in the JWT token, even if they were empty. It was changed to contain non-empty headers and claims only.

OAuth2 Client Credentials certificate not recognized by ADP system

The Include certificate option in the REST connectivity was not respected for the authentication requests (when OAuth2 authentication was used). This has been fixed.

INC-290669

ServiceNow Service Catalog Relay Provisioning - incorrect RITM mapping

The ServiceNow Relay connector for Service Catalog assigned incorrect RITM numbers to tasks related to the same service catalog cases. This situation could occur when:

• a provisioning job contained several provisioning tasks.
• provisioning tasks were configured for the same service catalog items.
• the connector was configured to create all tasks under one request in ServiceNow.

This issue has been fixed – correct assignments between RITMs and provisioning tasks are now created.

INC-293442

Connector data model validation

During the connector setup using a data model without objects, the validator didn't detect that objects were missing and allowed saving the configuration. Now it validates them correctly.

INC-291484

CyberArk connectivity task mappings

The CyberArk connector didn't include the default task mappings during the system setup. This issue has been fixed.

EntraID multiple property values support

The EntraID connector didn't support multiple values in reference property lookups. This support has been implemented. See the Support for reference lookup with returned arrays section in the generic REST connector documentation for details on property lookups.

SR-296546

SOAP connectivity – support for the HTTP protocol version selection

The generic SOAP and some SOAP-based connectors now include a new parameter - HTTP protocol version selection:

This setting dictates which version should be used during the handshake process with the target API. Set it to 2.0 for the services which require HTTP 2.0.

INC-296929

originJobId attribute prevented new jobs from being created in the Review mode

The originJobId attribute had the same value for all provisioning jobs created using the DOLM feature and shadow data objects. It prevented new jobs from being created if the system was in the Review state. This issue has been fixed.

INC-297225

REST-based connectors – incorrect URL resolution

After the August Cloud Update 2025, some of the REST-based connectors (Entra ID, Coupa) could incorrectly resolve URLs for some operations. The issue has been fixed.

INC-297856

DataTime dataType doesn't support null

The OPS data model now allows passing DateTime as null.

INC-297084

Flat file CSV connector failing with the Permission denied (password) error

Flat file CSV connector could fail with the Permission denied (password) error, but it worked successfully on the second attempt. This error may have been caused by the server configuration that was now improved:

• the connector now supports both password and keyboard-interactive authentication methods.
• the connector performs an automatic retry if the first login attempt fails.

INC-298874

SAP environment provisioning issue

There was an issue with connectivity configuration. When a vault option was selected for storing secrets, the Connection details remained in Pending state, and the test connection option was unavailable. The issue has been resolved, and retrieving secrets from the vault for connector test connection functions properly.

INC-295552

RoPE tasks order update (Azure Active Directory connectivity)

From August 2025 Cloud Update, RoPE now allows executing disabled account provisioning tasks after permissions-related tasks (for backward compatibility, this feature is disabled by default). For some systems the previous configuration caused issues - they required assignments deletion before disabling accounts or didn't allow any changes to permissions if the account was disabled.

INC-282719

Active Directory delta import attributes

The Active Directory connectivity did not return all attributes during delta imports,. This issue has been fixed.

#INC-288085

Active Directory - reference properties failed if null value was sent

In Active Directory connectivity, the reference properties failed if the null value was sent, causing issues to clear attributes in AD that used reference properties. It has been fixed - now null values can be sent for reference properties to clear attributes.

INC-295050

ResourcePathGet not respected in reconciliation requests

When using the REST connector, the ResourcePathGet object detail was not respected in reconciliation requests. This issue has been fixed.

INC-294860

Security

Access to object purging

We have improved the authorization of web service calls for purging deleted data objects. Now, only system administrators and operation administrators can execute the web service.

Authentication mechanism

As part of our security efforts against user enumeration, we have strengthened the authentication mechanism.

SR-292513

Protection of hyperlink field control

As an ongoing security measure against code injection, we have increased the protection of hyperlink field control.

SR-292513

Function level access control (purging objects)

Access to the PurgeDataObject web service is now limited to System Administrators, Operation Administrators, and Data Administrators.

INC-294061

Improvements to data display and encoding

As part of our ongoing security measures, we have improved data display and encoding across several areas of the platform. These changes ensure that information is displayed safely and consistently throughout the application.

• Improvements to the print functionality to ensure field values are rendered securely.
• Enhanced encoding of system properties for more reliable display.
• Better handling of messages shown during data object deletion to ensure consistent and safe output.

INC-294060

Escaping customer settings

Customer settings are now properly escaped when read. This means that special characters (such as quotes, backslashes, or symbols) are correctly interpreted as part of the text value, preventing errors during configuration loading or processing.

INC-294059

Segregation of Duties

User group assignment restrictions in Segregation of Duties process

Previously, assigning a user group to multiple steps in the Segregation of Duties process was prevented. This restriction has now been removed.

INC-282849

Translations

German translations

We have applied extensive improvements to the German translation of the UI of Omada Identity.

INC-293382, INC-293124, INC-291993, INC-290263

Other

Failure to change password of account type other than personal

We have fixed an issue that caused an error when attempting to reset the password for accounts that were not of the default account type.

We have also updated the password reset process: it is no longer possible to reset passwords for multiple accounts simultaneously. Passwords must now be reset individually for each account.

INC-299559

"Leave site" pop-up

There was an issue with a Leave site pop-up unnecessarily appearing when navigating between different sections of Omada Identity. The issue has now been resolved.

INC-293444

ValidFrom Date/Time validation error

There was an issue with the time conversion to UTC format happening multiple times. Depending on the time zone, it resulted in Date/Time validation error. The issue has been resolved, and the time conversion does not trigger validation errors.

INC-292848

Function level Access controls issues

We have enhanced control over archive operations jobs by limiting access to them when triggered via web services. The roles needed for that are ObjectUId.UserGroup.Administrators, ObjectUId.UserGroup.OperationAdministrators (accessed through the Operations dashboard), and ObjectUId.UserGroup.SystemOwners (accessed through the System page).

INC-294061