Version: Cloud

Resolved Issues and Bug Fixes

Read more about resolved issues and bug fixes in this release.

API

OData API - AccountResourceType field wrongly mapped

We have updated the payload of the GET endpoint for OData/Builtin/CalculatedAssignments to enable retrieval of Resource and Account Resource information. We have also prepared the endpoint for the deprecation of several confusingly named properties.

INC-305943

Enterprise Server

Caching issue for CodeEditingService

We've fixed the caching issue for CodeEditingService. Now, we add the build version to JavaScript files loaded dynamically.

INC-307426

UpdateSearchData executable does not exclude deleted DataObjects

We’ve fixed an issue where UpdateSearchData.exe did not honor the ExcludeDeletedDataObjectsFromSearchData setting and attempted to process deleted DataObjects during search data updates. The utility now correctly excludes deleted DataObjects as configured.

INC-306265

Approve all assignments creating duplicate resource assignments

The Approve all assignments feature has been updated to prevent concurrent duplicate operations on the same target scope.

Previously, multiple users, or multiple sessions, could trigger the approve-all process simultaneously for the same system or resource type. This could lead to duplicate verdicts and the creation of duplicate Direct Resource Assignments (DRAs) for the same calculated assignments.

We've introduced a concurrency guard. If an approve-all operation is already in progress for a given system or resource type, any subsequent attempt to start the same operation is immediately rejected with a clear error message. Operations targeting different systems or resource types can still run in parallel as expected.

SR-306393

Event Definition fails for deleting Process data object with Purge option set

We've fixed an issue where deleting a Process data object with the Purge option enabled would fail if the process had associated activities or user/user group references.

The purge operation did not remove all related entities, resulting in foreign key constraint errors that prevented the object from being deleted. The deletion logic has now been updated to ensure that all related entities are properly removed.

INC-303342

Issue with timers not working

We've fixed an issue where importing a changeset that contains a filter expression update (switching from property-to-property mode to value mode) caused all right-side DB columns to be set to NULL.

INC-307889

Username is shown as changed despite different data in tblDataObjectVersion

We've fixed an issue where the user history page incorrectly marked the username as changed even when the value remained the same, while the underlying tblDataObjectVersion data correctly showed Modified="false". The history page now only displays username changes when they actually occur.

INC-309858

AuthRole Update for Administrator Role is not imported correctly

We've fixed an issue where updates to the Administrator AuthRole were not imported correctly. As a result, changes to Administrator permissions made in the source configuration were not consistently reflected after import.

With this fix, Administrator AuthRole updates are now imported reliably and applied as expected, ensuring correct role configuration and permission consistency across environments.

INC-308533

Not approved assignments are not revokeable

We fixed an issue where the revoke action on the identity form was blocked for resource assignments that include ImplicitAssignment or ImplicitChild reason types, even when a valid reason type is also present. The revoke action is now available and works correctly for these assignments.

INC-302672

Role and Policy Engine

RoPE removing AD account even though identity is in an active context

We've fixed an issue where policies incorrectly evaluated invalid context assignments when determining whether they should apply to a given identity.

INC-303500

Application Onboarding – Get System Owners fails after Identity Governance installation

We've fixed an issue where System Owners were not returned in the assisted Application Onboarding workflow after SelfManagement attribute values were converted to GUIDs in RoPE.

INC-307167

RoPE throws InvalidCastException for invalid ReferenceValues during type conversion

We've improved the error message for RoPE calculations related to type conversion of direct assignment attributes. The message now includes the name of the affected attribute, making it easier to identify and resolve the issue.

INC-306016

Unresolved Identity calculation is failing due to OdsIntegrationQueueController timeout

We've fixed an issue where calculating the Unresolved Identity could fail with a timeout when publishing assignment data to the ODS integration queue. A new configuration setting, BulkOperationTimeout, is now available (Cloud only) to control the timeout duration for this operation.

For more information, refer to the Integration (ODS) section in the RoPE - Standard extensions documentation.

INC-304529

Timeout while trying to remove identity historical calculations

We’ve improved the deletion of historical identity calculations. The previous implementation was inefficient - it first queried IDs and then performed the deletion using a temporary-table join. The new approach executes the deletion in a single SQL statement, reducing round trips and minimizing lock contention.

INC-304625

Automatic RoPE recalculation did not trigger after RA via Request access

We've fixed an issue where RoPE prevented processing of limited Omada Identity data object change events during non-initial-load ingestion retrieval.

INC-306856

Calculations with warnings still shows after recalculation when the new calculation is discarded

We've fixed an issue where warning comparison incorrectly treated calculations as identical when the previous calculation contained duplicate warnings.

The comparison relied on XOR-based hashing, causing duplicate warnings to cancel each other out. As a result, a previous calculation with duplicate warnings could be considered identical to a current calculation with no warnings.

The logic has been updated to perform a deterministic comparison of complete warning sets, ensuring duplicates are handled correctly and resolved warnings are properly detected.

RoPE SelfManagement triggers Access Modifier on configured DOTs

We’ve fixed the behavior of RoPE Self‑Management so that Access Modifiers are not taken into consideration. Self‑Management now works correctly for custom Data Object Types (DOTs) with Access Modifiers configured.

INC-306868

Database query timeout when registering large volumes of queue events

We've fixed a timeout issue affecting the database query responsible for registering a large number of queue events simultaneously.

#INC-309247

AttributeValueResolver: Fixed stale variable state issue

The AttributeValueResolver RoPE extension could return stale attribute values for other assignments.

This occurred when an attribute value resolver expression referenced a ROPE_ATTR_* variable that had already been resolved for an assignment of another resource type, but was not defined for the current assignment resource type. Because the expression interpreter was shared across the batch, it could, in some cases, use the previous value instead of failing. As a result, expressions silently used stale data, leading to incorrect attribute values for assignments.

Fix

The interpreter state is now cleared between assignments. Variables from one assignment are no longer reused for subsequent assignments.

When an expression references an attribute not defined on the current assignment's resource type, a clear error is now raised immediately:

Expression for attribute 'C_AD_DISPLAY_NAME' contains unknown identifiers: ROPE_ATTR_IDENTITYCATEGORY.

Previously, this error appeared only if the attribute was never set during the batch, making the root cause harder to identify.

Action required

Review AttributeValueResolver expressions that use ROPE_ATTR_* variables without a ResourceType filter in extraInfo.

If an expression applies only to a specific resource type, add ResourceType:<name> to extraInfo to avoid evaluation (and possible errors) for other resource types:

<add key="setting1"
     name="C_AD_DISPLAY_NAME"
     value="string.Format("Test_{0}", ROPE_ATTR_IDENTITYCATEGORY)"
     extraInfo="Type:Expression;ResourceType:My Resource Type" />

Single value attribute holding previous and new value

We have fixed an issue where single-valued attribute (for example, C_AD_DISPLAY_NAME) incorrectly retained both its previous and updated values after recalculation, instead of only the updated value. This caused stale attribute data to persist in scenarios such as identity recalculation, for example, when a terminated identity is recalculated.

INC-307177

Omada Data Warehouse

Role assignments were not marked as deleted after removal

We've fixed an issue where removed role assignments were not flagged as deleted in Omada Data Warehouse. Now, when actual assignments are disabled, the status is synchronized to ODW before the assignment is marked as deleted.

Inconsistencies in Analytics Processing

We have extended the documentation to explain the differences between inconsistency counts shown in widgets and detailed views in Analytics Processing. For details, see Handling inconsistencies.

INC-301063

UI and UX

Cannot save identity in the new UI

We fixed an issue where the access modifier was not correctly read when saving an identity in the new UI. The access modifier is now applied correctly.

INC-307229

New identity view filter expression

We fixed an issue where the filter expression was not correctly read. The filter expression is now applied as expected.

INC-304663

Alignment of fields in Identity details form

We fixed an issue where date control fields were not aligned. The fields are now properly aligned.

INC-308274

403 when saving changes to UI Action object

We fixed an issue where saving a data object fails with an HTTP 403 error when a text property contains a percent sign followed by hexadecimal digits. This issue affects both classic and React-based forms. Percent signs are now handled correctly during submission, allowing the data object to be saved successfully.

INC-307359

Access approvals

Approval not working as intended

We have fixed an issue where access approval submissions failed when the same approvals were submitted. This issue could leave requests in the Pending state. The system now provides clear feedback and ensures the workflow transitions correctly during concurrent submissions.

INC-305789

New approval columns contains duplicate on grouped column

We have fixed an issue where grouped columns show duplicate values. The grouped column is no longer hideable, and its name now updates based on the Group by column.

INC-304979

Norwegian translation of new approval flow does not show

We fixed an issue where the approval card title did not use the translated text when available. The title now displays the correct translation.

INC-307151

Access request

Filter systems and applications from request access process

We fixed an issue where resources marked as Prevent self-service did not appear in the access request process but were still available as filter values. These resources no longer appear as filterable values.

INC-306848

A non-mandatory attribute is being treated as mandatory during access requests

We fixed an issue where non-mandatory attributes of type reference were treated as mandatory. Additionally, when a required reference attribute was corrected, the error state did not reset. The system now correctly handles optional reference attributes and clears the error state when values are provided.

INC-303614

Access request cancel feature texts are faulty

We have fixed several issues. We corrected multiple instances where Canceled was used instead of Cancelled, along with a few incorrect capitalizations. We also added the missing username in brackets in the description, together with the quotes around the name, and removed the stray <br> tag that was being rendered in the UI. Finally, we fixed the timeline behavior so that when the approval status is Cancelled, the request status is no longer shown as Pending.

INC-307922

Connectors

Configuring an alias with a JSON path

There was an issue with configuring an alias with a JSON path in the REST connector. This issue has been fixed. Additional documentation has been provided in Alias mappings.

INC-307617

SAP SuccessFactors - support for the `Headers` configuration parameter

Headers configuration parameter has been added to the SAP SuccessFactors data import (collector). The SAP SuccessFactors data import documentation has been updated.

INC-309346

SalesForce connector - path not added to the resource paths

The February 2026 Cloud Update introduced a change that caused an issue where the path provided in the path for Salesforce objects was no longer added to the resource paths provided in the data model. This issue has been fixed.

INC-309388 INC-308203 SR-309039

Active Directory connectivity - domain controller selection

The automatic detection of the closest domain controller in the Active Directory connector has been improved. Until this point, in some scenarios the closest domain controller was not selected correctly.

INC-293466

Active Directory not handling large date values

We fixed an issue where unusually large date values from Active Directory could lead to unexpected errors. These values are now handled correctly.

INC-307704

REST connector - log requests

The debug‑level request logging was enhanced in the REST connector to ensure more consistent handling of sensitive information.

Surveys

The survey schedule is not displaying the list of resources or timer details

We have fixed an issue where special characters in the Name and Description fields caused the Edit survey schedule URL to be built incorrectly. The values are now encoded using the encodeURIComponent, ensuring a safe URL transmission and correctly opening the created survey schedule instead of redirecting to the survey schedule initiation step.

INC-299888

System owner approval doesn't work on STG environment

We have fixed an issue where using survey activities with unsupported activity types, for example, voting, caused an error when submitting survey questions. Survey activities now only support the All must complete activity type.

INC-305294

Omada Identity Analytics (OIA)

Duplicated dashboard titles

In Omada Identity Analytics, dashboard titles could appear duplicated, causing various dashboard components to malfunction. Users previously needed to manually refresh the page to restore correct behavior. This has been fixed through improvements in the dashboard library, ensuring stable and consistent rendering.

Dashboard loading under concurrent access

OIA dashboards could fail to load or load incorrectly when accessed by multiple users simultaneously. The problem was related to platform limitations and synchronization delays affecting data availability. We have now fixed it: dashboards now load reliably under concurrent usage following platform updates and improvements.

INC-301414

Many-to-many relationship issue in data model

There was an issue caused by an incorrect many-to-many relationship introduced when adding artificial resource assignments for identities without resources. The data model has been updated to correct this behavior, eliminating inconsistencies without requiring changes to existing widgets or dashboards.

INC-307252

Access Navigator: Applications not visible due to missing System Type

We have resolved an issue where applications were not visible in Access Navigator, and only systems could be selected. The problem was caused by a missing System Type field, which is required to distinguish applications from systems. With this field now included, applications are correctly displayed, restoring parity with SSRS reports.

INC-305581

Handling of pseudo accounts in Accounts never used report

Before, pseudo accounts were incorrectly included in the Accounts never used report. We have now fixed it: accounts that are pseudo or have no account type are now handled correctly and displayed as N/A, ensuring more accurate data quality reporting.

INC-303449

Assignment display for terminated accounts

Previously, accounts in Terminated status incorrectly displayed resource assignments in dashboards. This was caused by default assignment values (for instance, -1 or 0) being interpreted as valid assignments. Dashboards have now been updated to filter out these values, ensuring that terminated accounts no longer show resource assignments and that data is displayed accurately.

INC-303295

Query performance and memory usage in reports

We have resolved an issue where generated queries returned an excessive number of records, leading to high memory consumption. The data model has been updated to extract a value calculation into a dedicated table, reducing query load and improving performance.

Access Intelligence: fixed process stuck in running state

We have resolved an issue where Access Intelligence (previously Role Insights/Mining) processes could remain stuck in a Running state. The problem occurred when the system was unable to update the process status in the database for users without a configured email address. The process now completes correctly regardless of email configuration.

Horizons

Faulty GraphQL extension properties filter

Attempts to use the GraphQL extension properties filter resulted in errors. Filtering extension properties is possible while using the lookup mapping. To do so, include the following filter:

extensionPropertiesFilter:  { key: "sAMAccountNameWH", value: "AAAA" }

The key attribute provides the name of the extension property, and value attribute defines value to filter by.

For more information, go to the Filtering extension properties.

Documentation

Customer setting DefaultAccountType in documentation but not in cloud demo

The documentation has been updated to clarify that DefaultAccountType is a hidden customer setting and is therefore not configurable by the customer.

INC-305940

Unclear documentation on Policy and Risk Check Options/Settings

The documentation about the Policy & Risk check has been updated with new information about configuration options.

Go to Policy & Risk check for more information.

INC-303638

INC-303684

Deep links don't respect the customer setting Website URL

We have updated the documentation to clarify how deep links are generated.

Go to Access request for more information.

INC-307260

Graph API documentation

We have updated the documentation with the missing information related to Graph API. Go to Omada Identity Graph API for more information.

INC-305491

App Onboarding - empty Owners (Business) field

We have updated the documentation with additional information about business owner roles and onboarding behavior. Go to Guided onboarding process for more information.

INC-302980

Other

Identity Display name in history is missing

We've fixed an issue where users with permission to view history (for example, managers or service desk agents) could not see the Display name in the history popup title. The Display name now displays correctly across all history windows without requiring additional permissions.

INC-302307

INC-305265

Old assignment explorer is not showing details for linked systems

We fixed an issue where the Assignment explorer did not display details for linked systems. The details now appear correctly.

INC-310248

API​

OData API - AccountResourceType field wrongly mapped​

Enterprise Server​

Caching issue for CodeEditingService​

UpdateSearchData executable does not exclude deleted DataObjects​

Approve all assignments creating duplicate resource assignments​

Event Definition fails for deleting Process data object with Purge option set​

Issue with timers not working​

Username is shown as changed despite different data in tblDataObjectVersion​

AuthRole Update for Administrator Role is not imported correctly​

Not approved assignments are not revokeable​

Role and Policy Engine​

RoPE removing AD account even though identity is in an active context​

Application Onboarding – Get System Owners fails after Identity Governance installation​

RoPE throws InvalidCastException for invalid ReferenceValues during type conversion​

Unresolved Identity calculation is failing due to OdsIntegrationQueueController timeout​

Timeout while trying to remove identity historical calculations​

Automatic RoPE recalculation did not trigger after RA via Request access​

Calculations with warnings still shows after recalculation when the new calculation is discarded​

RoPE SelfManagement triggers Access Modifier on configured DOTs​

Database query timeout when registering large volumes of queue events​

AttributeValueResolver: Fixed stale variable state issue​

Single value attribute holding previous and new value​

Omada Data Warehouse​

Role assignments were not marked as deleted after removal​

Inconsistencies in Analytics Processing​

UI and UX​

Cannot save identity in the new UI​

New identity view filter expression​

Alignment of fields in Identity details form​

403 when saving changes to UI Action object​

Access approvals​

Approval not working as intended​

New approval columns contains duplicate on grouped column​

Norwegian translation of new approval flow does not show​

Access request​

Filter systems and applications from request access process​

A non-mandatory attribute is being treated as mandatory during access requests​

Access request cancel feature texts are faulty​

Connectors​

Configuring an alias with a JSON path​

SAP SuccessFactors - support for the Headers configuration parameter​

SalesForce connector - path not added to the resource paths​

Active Directory connectivity - domain controller selection​

Active Directory not handling large date values​

REST connector - log requests​

Surveys​

The survey schedule is not displaying the list of resources or timer details​

System owner approval doesn't work on STG environment​

Omada Identity Analytics (OIA)​

Duplicated dashboard titles​

Dashboard loading under concurrent access​

Many-to-many relationship issue in data model​

Access Navigator: Applications not visible due to missing System Type​

Handling of pseudo accounts in Accounts never used report​

Assignment display for terminated accounts​

Query performance and memory usage in reports​

Access Intelligence: fixed process stuck in running state​

Horizons​

Faulty GraphQL extension properties filter​

Documentation​

Customer setting DefaultAccountType in documentation but not in cloud demo​

Unclear documentation on Policy and Risk Check Options/Settings​

Deep links don't respect the customer setting Website URL​

Graph API documentation​

App Onboarding - empty Owners (Business) field​

Other​

Identity Display name in history is missing​

Old assignment explorer is not showing details for linked systems​

API