Release highlights
We've just released Omada Identity Cloud update! What's new?
UI and UX
Revoking assignments - UI and functional update
You can now revoke assignments using the Access rights tab in the Identities view. We introduced a new panel that summarizes the changes you make, allowing you to specify the revoke date. Color-coded messages will provide you with quick feedback whether the revoke was successful. See Revoking assignments for details.
Support for Portuguese language version in Omada Identity
Portuguese is now supported in Omada Identity. This is an initial release, we will be updating this language continuously over the course of subsequent releases.
Suggested filters in Access request
We restored the option to display suggested filters when using the search field in the access request process. The performance of suggested filters has been improved, but it may still impact the resource search. This option is disabled by default, you can activate it through the Access Request: Enable filter suggestions for resource types and systems customer setting. For more details, see Suggested filters.
New technical preview feature: Approval process launched by timer service
A new feature in technical preview introduces a customer setting, LaunchApprovalProcessWithTimerService, which allows the approval process to be launched by the timer service instead of during the request access process. This enhancement aims to improve the performance of the access request process, enabling faster completion as users no longer have to wait for the approval process to launch. For more details, see:
- Customer settings, row Launch approval process with timer service
- Approval process launched by timer service – Technical preview
Connectors
We have introduced new connectivity packages:
- LDAP RACF that allows you to manage users and groups within the IBM z/OS using the RACF LDAP interface.
- The Salesforce connector was updated and it now supports Salesforce REST API v61.
- A new version of the SAP SuccessFactors connector that allows you to read accounts/groups and manage group assignments using SuccessFactors SCIM API v2.
Support for shadow data objects
Shadow data objects are supported as resource types in provisioning task mappings. See Shadow data objects for details.
Provisioning-only systems
You can now onboard systems to perform provisioning only (using a new checkbox in the general settings). See Provisioning-only systems for details.
REST connectivity - JSON array supported in request template
The request template feature in REST connectivity has been extended, you can now use JSON arrays. See Request templates for details.
Configuration of the Risk analysis in SAP GRC data object
We have implemented a new feature that allows you to modify the configuration data of the Risk Analysis data object in SAP GRC. This enhancement enables you to create mappings between a system and one or two web request configurations, providing greater flexibility and control over your risk analysis processes.
You can read more about how to configure the SAP GRC in the Policy & Risk check documentation.
Deprecation of ReportFormat configuration object
The configuration property ReportFormat has been deprecated, and is removed from the configuration object.
Automated handling of Application accounts
We have introduced an option for logical application accounts to be managed in the backend, which can help reduce administrative effort in application onboarding.
Virtual reference properties (VRPs)
We have updated two virtual reference properties ($EffectiveManager and $ActualManager) and added a new one ($EffectiveServiceDesk).
For more details on these and other VRPs, see Virtual reference properties.
$EffectiveManager
We have extended the functionality of the $EffectiveManager VRP by adding two new optional parameters: OWNERPROPERTY and MEMBERSHIPPROPERTYONLY.
By using the new OWNERPROPERTY parameter, you can specify an alternative manager property for the context, apart from the one configured for the context type object. This can help, for example, when an approval task or a mail notification is only destined for one manager (for instance, the HR manager, included in the EXPLICITOWNER field) and not the others (for instance, delegated managers, included in the MANAGER field, which is the default manager property calculated in organizational units).
Using the new MEMBERSHIPPROPERTYONLY parameter can help to avoid having tasks assigned during grace periods, as this VRP does not include or traverse direct context assignments.
$ActualManager
We have extended the $ActualManager VRP with a new functionality: it now supports the same two parameters as the $EffectiveManager VRP, that is, OWNERPROPERTY and MEMBERSHIPPROPERTYONLY.
Moreover, when there are multiple managers configured on an organizational unit level, this property returns the lowest ID.
$EffectiveServiceDesk
We have added a new VRP named $EffectiveServiceDesk that allows to retrieve the effective service desk for your primary context.
This VRP also supports the OWNERPROPERTY and MEMBERSHIPPROPERTYONLY parameters. This can help if, for instance, you want to resolve the service desk without including direct context assignments.
Unlike $EffectiveManager and $ActualManager, this VRP returns the identity or the user itself if it is the closest Service desk agent in the context tree.
Code methods
We have added two new code methods. Their functionality is extended with the use of reference paths:
-
RecalcDisplayNameForRefpathObjects– recalculates display name for objects from reference path. -
CopySourcePropertiesToTargetPropertiesOnRefPath– copies values from an action object to target object references in a reference path, using a supplied copy rule.
Other
Assignment Explorer and calculated assignments - navigation options
The Assignment Explorer can be opened through the RoPE Operations Dashboard widget, and the calculated assignments can be opened from the system page.