Release highlights
We've just released Omada Identity Cloud update! What's new?
With the August 2025 Cloud Update, the refresh behaviour of the Operations dashboard was changed – now it updates every 5 minutes if the browser tab is active.
UI and UX
The following changes and updates were implemented:
- The character limit for the identity's first name (
FirstName) was removed. Now the values exceeding 20 characters are accepted.
Violations count in Policy and Rick Check
To ensure clarity when investigating access requests for potential policy violations, the message in the side panel has been changed from the [number] violations found to Policy violations found: [number].
Access request overview through the Assignment Timeline
You can use the Assignment Timeline to verify the progress of the access request, allowing you to review the steps that have already been completed, steps remaining, users/groups involved, and also the status of the background processes for this request. Color-coding will assist you in identifying the details quickly.
Access request streamlined account selection
In the request access second step, the Attributes column has been divided into Attributes and Accounts column. It simplifies the account selection for the chosen resource.
For more information, go to Access request.
Extending multiple resource assignments in one request
You can now select more than one resource assignment in the extension request. See Extend access for details.
Maximum validity period
This release adds support for a configurable Maximum validity period property, which helps to set term limits on resource assignments.
This property can be configured for resources, resource folders, and systems. When defined with a value greater than zero, it limits the duration of resource assignments during Access Request, Approval, and Extend Access flows. The system automatically shortens the requested validity period if it exceeds the configured maximum, using the most specific value available (Resource > Resource Folder > System).
In the new UI, affected validity fields are visually highlighted, and users are shown a warning of a potential restriction if there are any resources or assignments in the basket for which a maximum validity period restriction applies.
Access approval: expand history (description) field into a text timeline
Approval history logs will now show the most recent events on top and the earlier events at the bottom of the logs on both new UI and old UI. Each step will represent the action and the state:
Access request: new dynamic filter in identity search
We have added new dynamic filters to the identities dropdown in access request step 1, similarly to those implemented in step 2 for the resources dropdown.
While filtering by organizational units is active by default, you can add other properties through a new customer setting with the key AccessRequestIdentitiesPropertyFilters. For more details, look up this setting in Customer settings and in Access request.
Cloud Application Gateway
To enable more efficient resource allocation and improve the overall Cloud Application Gateway performance we are introducing the instance groups capability. Instance groups allow you to organize your systems based on shared characteristics such as infrastructure, for example Azure-hosted systems.
You can add or edit instance groups in the Connectivity configuration settings.
You can allocate a system to a instance group by configuring the Cloud Application Gateway instance setting in the General setting of a system.
For more information, go to the Additional configuration section of the Cloud Application Gateway Configuration.
Connectors
Omada Management Portal connectivity
A new connectivity package provides support for governing and managing Omada Management Portal environments. See Omada Management Portal for details.
OAuth2 custom - support for nested token structure in REST connectivity
The REST data import/provisioning (collector/connector) now supports nested token structure (JSONPath) in the OAuth2 custom authentication option.
Cloud Management Portal
New authentication type for email delivery
While configuring your environment, you can now choose Entra ID Client Credentials as a new authentication type in the Email Delivery section. See Client credentials and Email notifications for more information.
Omada Identity Analytics Platform (OIA)
As part of our continued commitment to enhancing the analytics experience in Omada Identity, we are transitioning away from legacy Reports (classic) in favor of the more modern and interactive Dashboards & Analytics (Omada Identity Analytics Platform).
SSRS reports will be fully deprecated starting from the August 2026 Cloud Update. Until that date, both the classic reports and the new dashboards will remain available. However, only Dashboards & Analytics will continue to receive updates and improvements.
For more information on the equivalence between legacy reports and new dashboards, see Legacy reports vs. Omada Identity Analytics Platform.
Since the OIA Platform is only available in Omada Identity Cloud, the deprecation of legacy reports is also only relevant to cloud customers. The Reports (classic) page will continue to be available and maintained for on-prem customers.
Surveys
Direct Resource Assignments (DRAs) from surveys - Technical Preview
With the latest enhancements to survey handling, organizations can now streamline access reviews, reduce compliance risks, and simplify identity lifecycle management.
Survey decisions like (Keep or Remove) made during access reviews now trigger the creation or update of Direct Resource Assignments (DRAs). This means that:
- Keep decision automatically generate DRAs, ensuring access is retained with a clear, auditable trail.
- Remove decision deactivate existing DRAs, triggering deprovisioning actions where needed.
Why it matters
-
Smart context and origin tracking: Each DRA now includes metadata about its origin—whether it came from a survey, access request, or Approve all assignments feature. This enables fine-grained filtering and reporting, custom event definitions based on assignment origin, and a better traceability for compliance and audits.
-
Seamless migration and compatibility: Existing surveys continue to function without disruption, while new surveys automatically adopt the improved behavior. Customers can easily add context fields to survey templates to enrich DRAs.
-
Compliance and audit-readiness: Survey verdicts are still created for audit trails. DRAs replace survey verdict as the primary desired state, improving clarity and reducing the risk of silent expirations. All actions are timestamped in UTC and include approver details for full transparency.
For more technical information, see section Technical Preview Feature: Approve survey questions create direct resource assignments of Survey verdicts.
API
Omada Identity Graph API 3.0
The GraphQL API has been updated to version 3.0 with the following changes:
-
The API response code for error conditions in the GraphQL API has been updated to OK (200) in internal processing errors that previously returned a Bad request (400) status code inappropriately.
-
The logic for the Reason field in the access request configuration type has been updated from a simple Boolean (required/not required) to a more flexible enum-based configuration with three possible values: Required, Optional, and Hidden.
-
A resource assignment with no violations will now correctly have
NoViolationassigned as its violation status.
For more details, see GraphQL API Changelog.
OData page size
In Q4 2025, the default value and upper limit of the ODataPageSizeLimit customer setting are scheduled to be changed to 100 and 1000, respectively. This change is intended to optimize data handling.
The new page size will only be applied to new environments and those existing environments whose current page size value is unset or 0.
You should review and update your scripts to ensure they implement pagination when retrieving data, helping maintain optimal performance and prepare for upcoming changes.
For more information, look up ODataPageSizeLimit in Customer settings - Standard application and OData documentation.