Release highlights
We've just released Omada Identity Cloud update! What's new?
New UI in the Compliance Workbench dashboard
We have introduced a new User Interface (UI) in the Compliance Workbench. This includes system overview that shows the overal compliance state for all applications in the solution, as well as a System list with all the information for the systems.
In this new Compliance Workbench, you will see the following columns:
- System name: This column shows the name of the system.
- All assignments: This column displays the total sum of all calculated resource assignments for each system.
- Explicitly approved: The calculated resource assignments that are approved.
- Implicitly approved
- Not approved: The calculated resource assignment only exists in the connected system - there is no desired state for it.
- Orphaned: he calculated resource assignment belongs to an unresolved identity, or the Data Warehouse is uncertain of its ownership.
- System health: This column reflects the current health status of the system, indicating the level of risk associated with its operation. The health status is categorized into three levels: high, medium, or low risk. These states (compliant and non-compliant) can be configured in the Compliance Workbench configurations.
- More: It allows you to open the configured surveys for the chosen system. When you click on one of the reviews, the initiated survey opens in a new tab.
There are some column statuses that are hidden by default:
- In violation
- Pending deprovisioning
- Implicit assigned
- None
We have implemented numerous new features designed to enhance your experience within the updated Compliance Workbench flow. For further details on these enhancements, consult the Compliance Workbench article.
You can find the legacy Compliance Workbench under My Data menu.
New Audit Trail Dashboard
We have released a new Audit Trail Dashboard ensuring a better user experience. This dashboard includes:
- Fully embedded, navigable from the home page.
- Interactive widgets. Click directly on important metrics for quick filtering.
- Powerful drill-downs and pivot tables: Hover over any data point in the table to jump to a new analytics window.
- Advanced and quick filter options.
- Shows different data columns from the Data Model.
- Exports widgets, dashboard view as PDF.
- Unlimited downloads of data table views you have filtered.
- Secure data access partitioned for user groups by role.
- The Data Model is enabled for Auditors and Managers (partitioned by Manager responsibilities).
- Translations for this feature are not supported in this release.
- One dashboard available per user. Dual role holders will default to their higher status.
- You may change the default settings.
In the current release, the Audit Trail Dashboard is provided as a Technology Preview feature only. Technology Preview features may not be fully functional in the configuration that has been provided out of the box, so they should not be used in production environments without proper testing.
Access Request new columns: Provisioning and Violation status�
We have enhanced the Access Request feature. Now, there are two new columns named Provisioning status and Violation status columns. Provisioning status shows the status of your request: Queued, Failed or Completed. The Violation status column shows if any violation have been found in your request.
New Entra ID connectivity package
We have introduced a new supercharged connectivity package for Microsoft Entra ID that amplifies the management capabilities and elevates security. The package offers a wide range of out-of-the-box functionalities, allowing you to import information about users, groups, group memberships, and used licenses. You can also automate the provisioning and deprovisioning of Entra ID users, groups (Security, Teams, and SharePoint), and memberships. The connectivity package includes support for the delta import of users and groups, significantly reducing the time required for the import process.
This update introduces the following features:
Simplified provisioning
- Automated manager provisioning. You can provision managers directly into Entra ID, eliminating manual configuration.
- Resource owner management. You can map resource owners in Omada to group owners in Entra ID and assign users in both environments. This feature simplifies user assignments across both platforms, streamlining access control workflows for approvals and reviews.
Optimized group management
- Intelligent group mapping. The connectivity package intelligently excludes groups already synchronized from the on-premises Active Directory. It prevents duplicate entries and streamlines Entra ID groups.
- Enhanced group visibility. Create separate resource types for cloud-only groups within Entra ID. This provides a clear distinction between various group types (distribution groups, security groups, etc.) and allows you to easily exclude irrelevant groups from self-service access requests.
Teams and SharePoint support
- Centralized Teams governance. Manage your Teams directly within the Entra ID connectivity package (managing existing teams/access requests, requesting new teams).
- Simplified SharePoint management. Gain granular control over SharePoint site-level governance. Manage access and permissions without delving deeper into the SharePoint hierarchy.
Enhanced authentication and security
- Increased security with certificate authentication. Introduce an additional layer of security with certificate authentication for Entra ID, providing a more robust authentication method.
- Simplified cross-domain management. Manage multiple domains within Entra ID with ease thanks to our new default configuration support. Now, users in one domain can be members of groups in another domain, streamlining cross-domain collaboration.
We have also introduced an improved sign-in activity monitoring, allowing you to gain valuable insights into user activity with our new sign-in activity import feature (you can identify stale accounts and optimize your Entra ID environment accordingly).
Connectivity updates
We have introduced distribution/mail-enabled security groups management in Microsoft Exchange Online and Hybrid connectivity packages.
We have also added the support for the CreateIfNotExist operation in a range of connectors. The operation checks if the object already exists before attempting to create it.
New UI Actions
We have improved the UI actions for the following features: Access Request, Request Password, and Add Classification Tags in both form and list actions. These new UI actions will allow you to trigger either a new Access Request flow or the existing Reset Password flow with the selected identity already chosen.
This update includes actions such as Edit, Delete, and Recalculate in the new UI layouts. These actions can be displayed in a menu, toolbar, or row menu. You can find UI actions in List Views, which are located in the left main menu, under the List Views (Beta) menu item.
The functionality of UI actions has been standardized and is based on system configurations. So creating JavaScript events or using displayEvaluator has been deprecated from the form.
Refer to Forms and list actions documentation to know more.
Beneficiaries renamed to Identities in Access Request and Extend access features
We have updated the term beneficiary to identity in the Access Request and Extend Access flow to maintain consistency throughout our product.
Never expires in Details pane in Access Approval
We have updated the Details pane in Access approval to show Never expires instead of 12/31/9999.
Read more about this change in March Release notes.
Account types
We have enhanced the Account type feature for requesting access. Now it is possible to:
- View the account type for each beneficiary.
- Assign the appropriate account type if a beneficiary matches the resource account type.
New built-in user group for Omada Identity service account
We have introduced a new built-in user group: Provisioning users. This group is designed for managing users and user groups within the Data Object Security Model. By default, it has no authorization roles and a Medium authentication level.
For more information, refer to the Users and user group section in the Security documentation.
Enhanced mail delivery handling for connection errors
We've improved our mailing delivery system to prevent unnecessary retries when encountering connection errors to the email server. Instead, emails will remain in the mail queue until a successful connection is established, ensuring efficient and reliable delivery.
For more information on the Mail queue delivery retries setting, refer to the Mail section in the Customer settings documentation.
Enhanced Omada Identity Portal SSO with OpenID Connect Protocol
We have updated the internal components utilized for the Omada Identity Portal Single Sign-On (SSO) system, using the OpenID Connect protocol.
For more information on OpenID and OpenID Connect, refer to the Authentication and Single Sign-on configuration documentation.