Resolved Issues and Bug Fixes
Read more about resolved issues and bug fixes in this release.
Access request
New assignment explorer showing wrong history data
We have fixed an issue where the missing calculationId parameter caused the system to always display current data instead of historical data. Historical results are now correctly shown when applicable.
INC-303583
Prioritization policies not working correctly
We have fixed an issue where prioritization policies correctly disabled parent role assignments but failed to disable the corresponding child resource assignments.
#INC-305529
Regression in the Access request
We have fixed a bug related to the automatic account type selection in the new Access UI by adding a new customer setting SetDefaultAccountTypeInAccessRequest with default value set to True; when True, the default account is automatically selected as before, and when set to False, users with more than one valid account are forced to choose which account to use during access request.
INC-302761
Approvals show incorrect Requested By for Extend access
We have fixed a bug that caused the field to be incorrectly mapped. Now, the field is correctly mapped to the identity requesting the extension.
CalculatedAssignmentVerdictSurveyPostActionHandler setting verdictDate to 9999 days
We have fixed a bug that caused negative verdicts to be created for implicit assignments during survey launch. Two new survey settings have been introduced for Access review for Managers and Access review for Resource Owners: dontCreateNegativeVerdictsForImplicitAssignments, which prevents negative verdicts for implicit assignments when enabled, and applyExpiresAfterDaysToRemoveVerdict, which controls whether Remove verdicts use the configured expiry period or the default 9999 days.
INC-301760
Unable to turn on mass edit and reassignment in approvals
We have fixed a bug that prevented users from turning on mass edit. Mass edit is now enabled by default in the Access request approval survey, and a new user group, Approve requested access survey admins, has been added as survey admins for the Access request approval survey. You can add members to this user group to configure the survey admins.
For more information, go to the Users and user groups documentation.
INC-302778
Filter systems and applications from request access process
We fixed an issue where resources marked as Prevent self-service did not appear in the access request process but were still available as filter values. These resources no longer appear as filterable values.
INC-306848
A non-mandatory attribute is being treated as mandatory during access requests
We fixed an issue where non-mandatory attributes of type reference were treated as mandatory. Additionally, when a required reference attribute was corrected, the error state did not reset. The system now correctly handles optional reference attributes and clears the error state when values are provided.
INC-303614
Access request cancel feature texts are faulty
We have fixed several issues. We corrected multiple instances where Canceled was used instead of Cancelled, along with a few incorrect capitalizations. We also added the missing username in brackets in the description, together with the quotes around the name, and removed the stray <br> tag that was being rendered in the UI. Finally, we fixed the timeline behavior so that when the approval status is Cancelled, the request status is no longer shown as Pending.
INC-307922
Cancel Access Request fails due to missing DTC
We've fixed an issue where cancelling an access request failed when MS DTC was disabled. Access request cancellation now works correctly without requiring MS DTC.
INC-307873
Access Requests being Terminated
We've fixed an issue where pending access requests submitted for an identity's destination context were incorrectly terminated when the identity was transferred. Access requests in Pending state that explicitly target the identity's new context now remain open after the transfer completes.
INC-306705
Access approvals
Approval not working as intended
We have fixed an issue where access approval submissions failed when the same approvals were submitted. This issue could leave requests in the Pending state. The system now provides clear feedback and ensures the workflow transitions correctly during concurrent submissions.
INC-305789
New approval columns contains duplicate on grouped column
We have fixed an issue where grouped columns show duplicate values. The grouped column is no longer hideable, and its name now updates based on the Group by column.
INC-304979
Norwegian translation of new approval flow does not show
We fixed an issue where the approval card title did not use the translated text when available. The title now displays the correct translation.
INC-307151
Enterprise Server
Prolonged imports
We've resolved an issue with prolonged imports caused by unstable or broken PowerShell sessions when retrieving distribution group members. The error handling in the Exchange connector has been improved to properly detect and recover from failed PowerShell sessions.
INC-305766
Import status inconsistencies
There was an issue with a warning being visible with no related errors in the import execution log present. The inconsistencies have been removed and unwarranted warnings are no longer displayed.
INC-305009
Missing employments
There was an issue with missing employments in the Enterprise Server related to context data not available during the adaptation stage, and as a result, not exported. The issue has been resolved by improving the handling of context and context assignment synchronization and fixing the way deferred export mappings are processed.
INC-300291
Fixed update failure for long property values
We fixed an issue where updating object property values longer than 200 characters could fail for properties marked as Unique.
The error was caused by an nvarchar length mismatch in temporary normalization tables when processing long property values.
INC-304654
Resource assignment properties dialog did not apply changes when selecting OK
We've fixed an issue where the Properties dialog for the Resource Assignment data object type did not respond when clicking OK, preventing users from modifying and saving property values.
INC-304747
Caching issue for CodeEditingService
We've fixed the caching issue for CodeEditingService. Now, we add the build version to JavaScript files loaded dynamically.
INC-307426
UpdateSearchData executable does not exclude deleted DataObjects
We’ve fixed an issue where UpdateSearchData.exe did not honor the ExcludeDeletedDataObjectsFromSearchData setting and attempted to process deleted DataObjects during search data updates. The utility now correctly excludes deleted DataObjects as configured.
INC-306265
Approve all assignments creating duplicate resource assignments
The Approve all assignments feature has been updated to prevent concurrent duplicate operations on the same target scope.
Previously, multiple users, or multiple sessions, could trigger the approve-all process simultaneously for the same system or resource type. This could lead to duplicate verdicts and the creation of duplicate Direct Resource Assignments (DRAs) for the same calculated assignments.
We've introduced a concurrency guard. If an approve-all operation is already in progress for a given system or resource type, any subsequent attempt to start the same operation is immediately rejected with a clear error message. Operations targeting different systems or resource types can still run in parallel as expected.
SR-306393
Event Definition fails for deleting Process data object with Purge option set
We've fixed an issue where deleting a Process data object with the Purge option enabled would fail if the process had associated activities or user/user group references.
The purge operation did not remove all related entities, resulting in foreign key constraint errors that prevented the object from being deleted. The deletion logic has now been updated to ensure that all related entities are properly removed.
INC-303342
Issue with timers not working
We've fixed an issue where importing a changeset that contains a filter expression update (switching from property-to-property mode to value mode) caused all right-side DB columns to be set to NULL.
INC-307889
Username is shown as changed despite different data in tblDataObjectVersion
We've fixed an issue where the user history page incorrectly marked the username as changed even when the value remained the same, while the underlying tblDataObjectVersion data correctly showed Modified="false". The history page now only displays username changes when they actually occur.
INC-309858
AuthRole Update for Administrator Role is not imported correctly
We've fixed an issue where updates to the Administrator AuthRole were not imported correctly. As a result, changes to Administrator permissions made in the source configuration were not consistently reflected after import.
With this fix, Administrator AuthRole updates are now imported reliably and applied as expected, ensuring correct role configuration and permission consistency across environments.
INC-308533
Not approved assignments are not revocable
We fixed an issue where the revoke action on the identity form was blocked for resource assignments that included ImplicitAssignment or ImplicitChild reason types, even when a valid reason type was also present. The revoke action is now available and works correctly for these assignments.
INC-302672
The Event log fails to convert Azure Log Analytics entries
We've fixed an issue where the Azure Log converter method crashed with a KeyNotFoundException when processing an exception whose inner exception had a non-empty Data dictionary that did not contain the "REFNO" key.
INC-307838
Archiving DataObjectVersion stalls for hours due to AuditTrail archiving
Previously, the Archive process unnecessarily prevented the short and long archive cycles from running at the same time, even though they are independent operations. The cycles now run concurrently as intended, improving archive throughput.
INC-311618
spSystemDiagnostics fails to detected deprecated code methods
We've updated the spSystemDiagnostics stored procedure with deprecated code methods.
INC-304656
Revert application string to defaults is not recorded as a changeset
We've fixed a problem where reverting application strings was not recorded as a changeset.
The Revert to defaults action in Application Strings no longer attempts to revert Data Object Type (DOT) multilingual property values to their default values. To modify DOT multilingual property values, use the Mass Edit option.
Reverting application strings only affects translations stored in the database. Custom translation files are not modified. For more information, refer to the Translations section.
INC-307262
SystemBoot fails when configuring AzureLog target with Vault Secret
We've fixed an issue where the system failed to start if a logging configuration used Vault‑backed secrets.
INC-306795
Surveys
Web service: improved access control in GetViewInfo
We have enhanced access control for the GetViewInfo web method. The method now consistently enforces existing authorization rules.
INC-294061
Security
Resolved SQL security finding
A possible SQL query vulnerability has been resolved by implementing parameterized queries. No exposure or customer impact occurred before the fix.
INC-312778
Surveys
Transfer survey property is not copied
We have fixed a bug in the Transfer identity assignments process where the System property was not copied to transferred identities.
INC-304445
Closure of recertification survey has some limitations
We have fixed a bug where resource assignments were not properly updated after recertification campaigns. Resource assignments descriptions now clearly reflect access removals during recertification, including non-response cases, ensuring the latest and most relevant status is shown.
Go to Release highlights for more information.
INC-304445
Approval surveys close only for transferred identity
We have fixed a bug where approval surveys were incorrectly closed during identity transfer when multiple identities were involved. Approval surveys are now closed only if they contain assignments exclusively for the transferred identity, while surveys with other pending identities remain open. Pending assignments for the transferred identity are correctly marked as Obsolete without affecting others.
INC-304593
Manager can not submit survey tasks
We have fixed an issue where resource assignments were incorrectly transferred during the Transfer identity survey. The system now detects Expired assignments, marks them as Obsolete, and skips transferring them with a clear explanatory message.
INC-304470
Post action handler OIS_ResourceAssignmentSurvey fails with error
We've resolved an issue with the OIS_ResourceAssignmentSurvey post action handler which was failing and returning an error. We've restored the legacy survey-related SQL tables and reinstated the corresponding post action handler code to resolve the issue.
INC-305210
The survey schedule is not displaying the list of resources or timer details
We have fixed an issue where special characters in the Name and Description fields caused the Edit survey schedule URL to be built incorrectly. The values are now encoded using the encodeURIComponent, ensuring a safe URL transmission and correctly opening the created survey schedule instead of redirecting to the survey schedule initiation step.
INC-299888
System owner approval doesn't work on STG environment
We have fixed an issue where using survey activities with unsupported activity types, for example, voting, caused an error when submitting survey questions. Survey activities now only support the All must complete activity type.
INC-305294
Unexpected provisioning triggered after Resource Owner survey “Keep” decision creates duplicate calculated assignment
We've fixed an issue where assignments whose resource type is configured with the AssignmentAttributeValueDifferentiator RoPE extension could receive a "Keep" (Approve) verdict during a survey and incorrectly result in a duplicate Calculated Resource Assignment (CRA) being generated. The duplicate CRA was treated by OPS as a new assignment, which triggered an unnecessary provisioning "create" operation for an assignment that had already been provisioned.
INC-311157
Survey Schedule settings fail to commit
We've fixed an issue in the Work Item dialog where property values passed through the query string were incorrectly split when they contained a comma. Property values are now preserved correctly regardless of the characters they contain.
INC-311181
Survey question submission experiences significant delays
We've fixed a performance issue affecting surveys configured with the Create verdict for multicontext assignments only if all decisions are identical setting enabled. Survey processing is now significantly faster in this scenario.
INC-305405
Survey download mail template has square brackets
We've fixed an issue with the Survey export completed email template, where square brackets around variables were not removed when the variables were replaced. The brackets are now correctly stripped from the rendered template.
INC-307385
UI and UX
Changes not saved in access right tab
We fixed a bug where grid layout changes were not persisted after navigating away from the screen.
INC-304218
Cannot save identity in the new UI
We fixed an issue where the access modifier was not correctly read when saving an identity in the new UI. The access modifier is now applied correctly.
INC-307229
New identity view filter expression
We fixed an issue where the filter expression was not correctly read. The filter expression is now applied as expected.
INC-304663
Alignment of fields in Identity details form
We fixed an issue where date control fields were not aligned. The fields are now properly aligned.
INC-308274
403 when saving changes to UI Action object
We fixed an issue where saving a data object fails with an HTTP 403 error when a text property contains a percent sign followed by hexadecimal digits. This issue affects both classic and React-based forms. Percent signs are now handled correctly during submission, allowing the data object to be saved successfully.
INC-307359
Old Assignment Explorer fails to open CRAs for Exchange system��
We've fixed an issue where Mailbox Calculated Resource Assignments (CRAs) could not be opened from the legacy UI. The CRA detail page failed to load when accessed from the legacy UI, although the same CRAs could be opened correctly from the new UI.
INC-304983
Perform resource owner approval doesn't work properly
We've fixed an issue in the Select Beneficiaries and Select Resources steps of the Access Request where pressing Enter while a search input was still being debounced could accidentally add or remove resources and identities. The Enter keypress is now disabled while the search is pending input.
INC-308193
Access approval: fixed incorrect Peer Access Analysis status for system owners
We have identified a visual issue where system owners performing access approvals always saw the Peer Access Analysis result as No risk, regardless of the actual evaluation outcome.
This caused inaccurate risk visibility during the approval process.
We have corrected the display logic so that system owners now see the correct Peer Access Analysis status during approvals.
Expire button in direct assignment view allows for revoke RA
We've fixed an issue where user permissions were not being correctly checked before allowing an identity to be expired. Permissions are now properly validated before the expiration action is permitted.
INC-312747
Access Rights systems no longer collapse
We've fixed an issue in the Access Rights grid where the system expand/collapse button was unresponsive. The button now correctly expands and collapses the rows as expected.
INC-311286
Omada Provisioning Service
Fixed incorrect account removal across account types
We've fixed two issues that caused compliance status and remove verdicts to leak across account type boundaries when a Personal-type role has a child resource whose folder supports both Personal and Admin account types:
-
We fixed an issue where a
ReviewOKverdict on a Personal-type role incorrectly caused the Admin account’s child group to becomeImplicitlyApproved. The implicit assignment logic now skips parent resources whoseAccountTypeIddiffers from the child resource. -
We fixed an issue where a
Removeverdict on a Personal-type role incorrectly disabled the Admin account’s child group. The disablement logic now skips child resources whoseAccountTypeIddiffers from the parent assignment being disabled.
INC-289331
Idle state memory consumption
We've fixed an issue with the Omada Provisioning Service's excessive RAM consumption in the idle state. The underlying issue with the Omada Provisioning Service incorrectly loading system configuration has been resolved.
INC-307393
Manual provisioning tasks already processed get recreated
We've fixed an issue where already completed provisioning tasks were being recreated during RoPE calculations. This occurred when an assignment contained multiple reasons for the same resource, requiring provisioning attributes to be merged. In these cases, the attribute value was populated inconsistently between runs, causing OPS reconciliation to incorrectly detect changes and recreate provisioning tasks. Now, provisioning task handling ensures consistent values across calculations, preventing unnecessary recreation of completed tasks.
INC-314573
Role and Policy Engine
ES Policy & Risk check re-run on long RoPE simulations
We have fixed an issue where the Policy & Risk check in ES was executed multiple times if the RoPE simulation took longer than five minutes. The Policy & Risk check now runs only once, regardless of simulation duration.
INC-301142
RoPE fetches all deleted DataObjects and executes individual SQL statements
We have improved the synchronization mechanism for deleted resources between Enterprise Server and RoPE to ensure more efficient handling and optimized database operations.
SR-301504
Long running recalculations
We have optimized the performance of Policy and Risk checks, resulting in reduced RoPE calculation times, especially in environments where SoD is enabled.
INC-305199
Identity Validity is not extended to EndOfDay when a new DataObjectVersion exists
We've fixed an issue that could occur when an Identity was modified in Enterprise Server shortly after being loaded into a RoPE calculation batch, potentially resulting in incorrect provisioning or deprovisioning. This could happen, for example, when a new value was imported and a timer-based event definition was triggered soon afterwards.
Previously, when the Identity was reloaded, the Identity Validity was not extended in accordance with the RoPE ExtendValidityPeriods setting.
INC-305013
RoPE removing AD account even though identity is in an active context
We've fixed an issue where policies incorrectly evaluated invalid context assignments when determining whether they should apply to a given identity.
INC-303500
Application Onboarding – Get System Owners fails after Identity Governance installation
We've fixed an issue where System Owners were not returned in the assisted Application Onboarding workflow after SelfManagement attribute values were converted to GUIDs in RoPE.
INC-307167
RoPE throws InvalidCastException for invalid ReferenceValues during type conversion
We've improved the error message for RoPE calculations related to type conversion of direct assignment attributes. The message now includes the name of the affected attribute, making it easier to identify and resolve the issue.
INC-306016
Unresolved Identity calculation is failing due to OdsIntegrationQueueController timeout
We've fixed an issue where calculating the Unresolved Identity could fail with a timeout when publishing assignment data to the ODS integration queue. A new configuration setting, BulkOperationTimeout, is now available (Cloud only) to control the timeout duration for this operation.
For more information, refer to the Integration (ODS) section in the RoPE - Standard extensions documentation.
INC-304529
Timeout while trying to remove identity historical calculations
We’ve improved the deletion of historical identity calculations. The previous implementation was inefficient - it first queried IDs and then performed the deletion using a temporary-table join. The new approach executes the deletion in a single SQL statement, reducing round trips and minimizing lock contention.
INC-304625
Automatic RoPE recalculation did not trigger after RA via Request access
We've fixed an issue where RoPE prevented processing of limited Omada Identity data object change events during non-initial-load ingestion retrieval.
INC-306856
Calculations with warnings still shows after recalculation when the new calculation is discarded
We've fixed an issue where warning comparison incorrectly treated calculations as identical when the previous calculation contained duplicate warnings.
The comparison relied on XOR-based hashing, causing duplicate warnings to cancel each other out. As a result, a previous calculation with duplicate warnings could be considered identical to a current calculation with no warnings.
The logic has been updated to perform a deterministic comparison of complete warning sets, ensuring duplicates are handled correctly and resolved warnings are properly detected.
RoPE SelfManagement triggers Access Modifier on configured DOTs
We’ve fixed the behavior of RoPE Self‑Management so that Access Modifiers are not taken into consideration. Self‑Management now works correctly for custom Data Object Types (DOTs) with Access Modifiers configured.
INC-306868
Database query timeout when registering large volumes of queue events
We've fixed a timeout issue affecting the database query responsible for registering a large number of queue events simultaneously.
#INC-309247
AttributeValueResolver: Fixed stale variable state issue
The AttributeValueResolver RoPE extension could return stale attribute values for other assignments.
This occurred when an attribute value resolver expression referenced a ROPE_ATTR_* variable that had already been resolved for an assignment of another resource type, but was not defined for the current assignment resource type. Because the expression interpreter was shared across the batch, it could, in some cases, use the previous value instead of failing. As a result, expressions silently used stale data, leading to incorrect attribute values for assignments.
Fix
The interpreter state is now cleared between assignments. Variables from one assignment are no longer reused for subsequent assignments.
When an expression references an attribute not defined on the current assignment's resource type, a clear error is now raised immediately:
Expression for attribute 'C_AD_DISPLAY_NAME' contains unknown identifiers: ROPE_ATTR_IDENTITYCATEGORY.
Previously, this error appeared only if the attribute was never set during the batch, making the root cause harder to identify.
Action required
Review AttributeValueResolver expressions that use ROPE_ATTR_* variables without a ResourceType filter in extraInfo.
If an expression applies only to a specific resource type, add ResourceType:<name> to extraInfo to avoid evaluation (and possible errors) for other resource types:
<add key="setting1"
name="C_AD_DISPLAY_NAME"
value="string.Format("Test_{0}", ROPE_ATTR_IDENTITYCATEGORY)"
extraInfo="Type:Expression;ResourceType:My Resource Type" />
Single value attribute holding previous and new value
We have fixed an issue where single-valued attribute (for example, C_AD_DISPLAY_NAME) incorrectly retained both its previous and updated values after recalculation, instead of only the updated value. This caused stale attribute data to persist in scenarios such as identity recalculation, for example, when a terminated identity is recalculated.
INC-307177
GetConfigurationObjectIds is not cached efficiently
We've improved the performance and memory efficiency of the internal configuration object cache. Previously, cached results were stored per exact lookup combination, preventing overlapping requests from reusing cached entries and causing memory usage to grow over time. The cache now stores configuration objects individually, allowing lookups to reuse previously cached results regardless of the original request context. This significantly reduces memory consumption and improves scalability in long-running production environments.
INC-310905
Omada Data Warehouse
Role assignments were not marked as deleted after removal
We've fixed an issue where removed role assignments were not flagged as deleted in Omada Data Warehouse. Now, when actual assignments are disabled, the status is synchronized to ODW before the assignment is marked as deleted.
Inconsistencies in Analytics Processing
We have extended the documentation to explain the differences between inconsistency counts shown in widgets and detailed views in Analytics Processing. For details, see Handling inconsistencies.
INC-301063
Upgrade issue affecting configuration import jobs
We have identified an issue affecting some environments upgraded through the January 2026 release flow. In certain cases, the ODW updater tool and its dependencies were not deployed with matching versions, causing import configuration jobs to fail after upgrade and requiring manual package updates as a workaround.
We have corrected the ODW upgrade deployment process to ensure the appropriate updater components and dependencies are deployed consistently during upgrades. This ensures configuration import jobs complete successfully without requiring manual intervention.
Connectors
Prolonged Exchange imports
We've resolved an issue where Exchange imports were taking an excessively long time to complete. The Exchange connectivity package was updated to utilize the Get-EXO cmdlets instead of the legacy PowerShell commands, resulting in a significant performance improvement.
INC-313955
Active Directory delta import does not retun old assignments
In the Active Directory connector, if the following options were enabled (and the domain controller was changed):
[x] Full import in case of domain controller change
[x] Full import in case of domain controller change and error
then a full import was performed, but it also included deleted assignments. This issue was fixed.
INC-303565
Identity Governance – missing option (OData connector)
There was an option missing for Windows authentication methods in the connector settings. It can now be selected during the setup.
INC-304683
REST Relay anchor property
Anchor values were not properly resolved between the tasks in the REST Relay connectivity (it occurred because of the architecture of the relayed connectivity). We introduced a new anchor placeholder to handle this issue, see REST Relay for details.
INC-297154
SAP connector as a template connector
SAP Connectivity Framework 6.0 connector was not a template connector, it was not an intended behavior. The connector is now a template connector.
For all systems using this connectivity package, a copy of the connector was created using the following naming convention: SAP Connectivity Framework 6.0 (system name).
INC-305028
OAuth2 Custom authorization support
OAuth2 Custom authorization is now supported when testing the connection with the Cloud Application Gateway enabled.
INC-304718
Cloud Application Gateway OAuth JWT authorization not supported
OAuth2 JWT authorization is now supported when testing the connection with the Cloud Application Gateway enabled.OAuth2 JWT authorization is now supported when testing connection with the Cloud Application Gateway enabled.
INC-305059
Review mode for RLM/DOLM task mappings
The review mode setting was not respected for RLM/DOLM task mappings. This issue was fixed.
INC-300290
LDAP connector – byte array attributes
The LDAP connector now supports attributes sent as a byte array.
The following format is supported: bytes:Base64OrHexRepresentationOfBytes.
INC-303205
Review mode not working for multiple task mappings
If the review mode was set for several task mappings (for the same resource type), it was read from incorrect mappings (for example, from a disabled one). This issue was fixed.
INC-303668
REST connector - multiple parent variables
The January 2026 Cloud Update introduced a new functionality for the REST connector, providing support for multiple parent variables in the nested URL.
If the URL included anything else in the curly brackets, it was recognized (expected) as a variable. This behavior was changed: If the part in the curly brackets contains special characters, it is not treated as a variable.
INC-306689
Configuring an alias with a JSON path
There was an issue with configuring an alias with a JSON path in the REST connector. This issue has been fixed. Additional documentation has been provided in Alias mappings.
INC-307617
SAP SuccessFactors - support for the Headers configuration parameter
Headers configuration parameter has been added to the SAP SuccessFactors data import (collector). The SAP SuccessFactors data import documentation has been updated.
INC-309346
SalesForce connector - path not added to the resource paths
The February 2026 Cloud Update introduced a change that caused an issue where the path provided in the path for Salesforce objects was no longer added to the resource paths provided in the data model. This issue has been fixed.
INC-309388
INC-308203
SR-309039
Active Directory connectivity - domain controller selection
The automatic detection of the closest domain controller in the Active Directory connector has been improved. Until this point, in some scenarios the closest domain controller was not selected correctly.
INC-293466
Active Directory not handling large date values
We fixed an issue where unusually large date values from Active Directory could lead to unexpected errors. These values are now handled correctly.
INC-307704
REST connector - log requests
The debug‑level request logging was enhanced in the REST connector to ensure more consistent handling of sensitive information.
SCIM OPS connector not respecting the lookup failure strategy
The SCIM OPS connector did not apply the lookup failure strategy. This issue has been fixed.
SR-311636
Other
Account type name change not reflected in the Account rules for system summary
There was an issue with the change of the account type name not reflecting in the Account rules for system summary. The issue was resolved by improving the behavior of the summary to refresh not only when the classification rule is updated, but also when related account types are modified.
INC-312834
Time Service Perform throws a delete error
We have fixed an issue where the Time Service repeatedly failed to delete a user due to foreign key constraints.
#INC-303552
Resource exhaustion in GraphQL
We have fixed a performance vulnerability in the full-text search functionality by introducing validation that prevents excessive repetition of search terms, mitigating potential resource exhaustion and DoS (Denial of Services) risks caused by repeated search values.
#INC-293834
Translations - Error message in English
We have fixed a bug where the error message translation was missing. The translation has now been added for all supported languages.
#INC-302596
Expiry date in Delegation request gets overwritten
We have fixed a bug that caused entire delegation objects to expire when a delegator lost access to a single resource, now ensuring only the affected resources are removed while the remaining valid delegations stay active.
#INC-295972
Scroll bars in views with small screens using Firefox
We have fixed a CSS issue where the scrollbar overlapped the last row in grids, for example, in Identities.
#INC-302324
Identity Display name in history is missing
We've fixed an issue where users with permission to view history (for example, managers or service desk agents) could not see the Display name in the history popup title. The Display name now displays correctly across all history windows without requiring additional permissions.
INC-302307
INC-305265
Old assignment explorer is not showing details for linked systems
We fixed an issue where the Assignment explorer did not display details for linked systems. The details now appear correctly.
INC-310248
Future assignment remove triggering modify assignment job with +1 day
We've fixed an issue where, in some cases during the revoke-assignment process, the valid to date of an assignment was incorrectly set to the day before the intended revocation date.
INC-309669
Unable to download identities from view
We've fixed an issue with data object exports by improving memory allocation, resulting in more stable export operations. Exports of up to 90,000 entries are now supported, with the following limitations: the export must use the CSV file format and must be run as a queued download.
INC-310783
Date inputs get marked as edited even though no change has been made
We've fixed an issue where editing an identity as a manager could fail with a validation error on fields restricted by the IdentitiesAccessModifier configuration (such as VALIDFROM or VALIDTO), even when those fields had not been modified. Only properties that have actually been changed are now submitted.
INC-307229
Heavy frequent SQL query
We've fixed a performance issue in RoPE calculation cycles. Previously, when no assignment policies had a context filter defined, each cycle triggered an expensive database query that scanned the entire objects table, causing the environment to slow down over time.
INC-314155
Operations Dashboard: improved error message when resending inconsistencies
We have identified that errors occurring during inconsistency resend operations displayed only a generic web service failure message, making troubleshooting difficult. This provided insufficient information when users lacked permission to execute the operation.
We have improved the error handling for the Resend action in Setup > Operations Dashboard > Analytics Processing > Inconsistencies. Now, users receive a clear permission-related error message instead of a generic processing error.
Revoke assignments does not save the action comment anywhere
We've fixed an issue where the comment provided when revoking a resource assignment was not preserved. The comment is now appended to the resource assignment's description, together with the revoker's name and the timestamp. For example: Resource assignment removed by "System Administrator [ADMINISTRATOR]" on 05/05/2026 9:02 (UTC+01:00) with comment: Revoked due to role change.
INC-307830
GraphQL query returns parent menu item as menu item
We've fixed an issue where the GraphQL query returned a parent MenuItem even when none of its child items were accessible to the user. Empty parent menu items no longer appear in the left menu.
INC-307400
Access rights system not collapsing when hitting the marked button
We've fixed an issue in the Access Rights view where the collapse button did not correctly collapse the listed access rights when clicked. The button now collapses the entries as expected.
INC-310810
API
OData API - AccountResourceType field wrongly mapped
We have updated the payload of the GET endpoint for OData/Builtin/CalculatedAssignments to enable retrieval of Resource and Account Resource information. We have also prepared the endpoint for the deprecation of several confusingly named properties.
INC-305943
Security
Web service: improved access control in GetViewInfo
We have enhanced access control for the GetViewInfo web method. The method now consistently enforces existing authorization rules.
INC-294061
Documentation
KPIs: clarified difference between All identities and Managed identities counts
We have explained a discrepancy between All identities and Managed identities counts in the KPI dashboards.
The difference is caused by the All identities KPI excluding expired identities, while Managed identities includes them. This behavior is expected, and documentation has been updated to clarify the distinction on the List of Key Performance Indicators (tab: # all identities, row: Method of measurement).
INC-303678
Updated obsolete ReferencePathAttributesValueResolver references
We've updated documentation examples to use the AttributeValueResolver RoPE extension instead of the obsolete ReferencePathAttributesValueResolver.
The obsolete resolver remains supported for backward compatibility.
Missing documentation on the effect of blocking access in SoD
We've updated the documentation about blocked and revoked assignments in SoD.
INC-302766
Updated documentation about Policy & Risk check configuration
We have updated the documentation about configuration options in the Policy & Risk check. Go to Policy & Risk check configuration options for more information.
INC-303684
Missing information on Access rights grid view
We have updated the documentation about how access rights are populated in the Access right tab. Go to Access right for more information.
INC-302921
Details on how $AccessReqOrgApprover calculates an approver
We have updated the documentation for the $AccessReqOrgApprover virtual reference property to provide additional clarification on approver resolution behavior. Go to Virtual reference properties for more information.
INC-305186
Omada Identity Graph API - Changelog
We have fixed an incorrect documentation path in the Omada Identity Graph API changelog for version 3.0.
INC-305186
TD Resource Revocation Status and deprovisioning job issue
We have fixed the issue. As part of this update, several product improvements were introduced, including renaming the Revoke access feature to Remove access for better clarity and alignment across the product.
INC-301193
Entra ID – connector documentation update
Entra ID connector documentation was updated to capture the queries and mappings execution order correctly.
INC-300419
Strict mode for Eligibility Filtering
We have updated the documentation for Eligibility Filtering to correctly describe how Strict Mode works. Go to Access request for more information.
INC-307258
Implicit assignments cannot be revoked directly
We've added documentation clarifying that implicit assignments cannot be revoked directly, as they are derived from explicit assignments higher in the resource hierarchy (for example, app role - role - group).
To remove access driven by an implicit assignment, the explicit assignment at the root of the hierarchy must be revoked. For more details, refer to the Revoking implicit assignments section of the documentation.
INC-291650
Customer setting DefaultAccountType in documentation but not in cloud demo
The documentation has been updated to clarify that DefaultAccountType is a hidden customer setting and is therefore not configurable by the customer.
INC-305940
Unclear documentation on Policy and Risk Check Options/Settings
The documentation about the Policy & Risk check has been updated with new information about configuration options.
Go to Policy & Risk check for more information.
INC-303638
INC-303684
Deep links don't respect the customer setting Website URL
We have updated the documentation to clarify how deep links are generated.
Go to Access request for more information.
INC-307260
Graph API documentation
We have updated the documentation with the missing information related to Graph API. Go to Omada Identity Graph API for more information.
INC-305491
App Onboarding - empty Owners (Business) field
We have updated the documentation with additional information about business owner roles and onboarding behavior. Go to Guided onboarding process for more information.
INC-302980