Omada Identity Governance
We've introduced the Omada Identity Governance feature to efficiently manage the users and user group memberships of the Enterprise Server.
Users are now imported to the warehouse as accounts, and user group memberships are imported as permission assignments for history tracking.
The modelling of resources in the RoPE has also changed. The model is based on the existing Omada Identity system. There is now a permission resource for each user group and the account resource for the users. These new resources are part of the feature package, and custom ones are created for custom user groups as part of the installation.
The Group member resource is no longer used. The direct assignments of the resource are migrated to the permission resource for the user group, indicated in the attribute of the Group member assignment.
The provisioning service, in conjunction with the policy engine, is now responsible for provisioning and deprovisioning accounts and group memberships.
The RoPE self-management extension managed specific group memberships through XML configuration on the self-managed resource types. Group memberships were provisioned directly from the RoPE extension. Similarly, there were previously built-in event handlers to manage the Service Desk group.
When the feature package is installed, the event-driven logic is disabled and the provisioning of users (accounts) and user group memberships (permissions) is handled entirely by OPS.
For more information, go to Omada Identity Governance feature documentation.
Only Personal accounts will be linked to the identity record. Administrator accounts, service accounts, and similar others can be assigned to the identity, but the IDENTITYREF property remains empty. In result the assignments to workflow activities, as well as object ownerships (assigned by a Self-Service Resource) are granted to the Personal account regardless of the level of authorization required for the task to be performed by the grant.
As a result of Omada Identity Governance feature, all code methods that automatically handle user operations are marked as obsolete. Consequently, these code methods will no longer be accessible for use in any new functionality, even if Omada Identity Governance is not yet enabled. However, despite their unavailability for new functionalities, they will continue to function as expected for existing ones. Following the activation of Omada Identity Governance, they will become redundant, prompting their classification as obsolete.
For more information, refer to the Omada Identity Governance interdependencies section in the documentation.
We are actively working to streamline the deployment process for the Omada Identity Governance feature, making it automatic and accessible through release updates, thereby eliminating the need for support involvement.
However, currently, to activate the Omada Identity Governance feature, you must contact our support team by submitting a request through the form available on the Omada Service Desk.