Version: Cloud

Resolved Issues and Bug Fixes

Read more about resolved issues and bug fixes in this release.

Access request

Cancel Access Request fails due to missing DTC

We've fixed an issue where cancelling an access request failed when MS DTC was disabled. Access request cancellation now works correctly without requiring MS DTC.

INC-307873

Access Requests being Terminated

We've fixed an issue where pending access requests submitted for an identity's destination context were incorrectly terminated when the identity was transferred. Access requests in Pending state that explicitly target the identity's new context now remain open after the transfer completes.

INC-306705

Enterprise Server

The Event log fails to convert Azure Log Analytics entries

We've fixed an issue where the Azure Log converter method crashed with a KeyNotFoundException when processing an exception whose inner exception had a non-empty Data dictionary that did not contain the "REFNO" key.

INC-307838

Archiving DataObjectVersion stalls for hours due to AuditTrail archiving

Previously, the Archive process unnecessarily prevented the short and long archive cycles from running at the same time, even though they are independent operations. The cycles now run concurrently as intended, improving archive throughput.

INC-311618

spSystemDiagnostics fails to detected deprecated code methods

We've updated the spSystemDiagnostics stored procedure with deprecated code methods.

INC-304656

Not approved assignments are not revocable

We fixed an issue where the revoke action on the identity form was blocked for resource assignments that included ImplicitAssignment or ImplicitChild reason types, even when a valid reason type was also present. The revoke action is now available and works correctly for these assignments.

INC-302672

Horizons

Failing imports

There was an issue with the full data import failing due to a timeout caused by processing a large volume of data.

The processing of export queries and mappings, utilizing ResourceAssignment as a source, has been improved. For shared ResourceAssignment query filters, they are moved to a GraphQL level to limit the amount of fetched data.

INC-310993

Surveys

Unexpected provisioning triggered after Resource Owner survey “Keep” decision creates duplicate calculated assignment

We've fixed an issue where assignments whose resource type is configured with the AssignmentAttributeValueDifferentiator RoPE extension could receive a "Keep" (Approve) verdict during a survey and incorrectly result in a duplicate Calculated Resource Assignment (CRA) being generated. The duplicate CRA was treated by OPS as a new assignment, which triggered an unnecessary provisioning "create" operation for an assignment that had already been provisioned.

INC-311157

Survey Schedule settings fail to commit

We've fixed an issue in the Work Item dialog where property values passed through the query string were incorrectly split when they contained a comma. Property values are now preserved correctly regardless of the characters they contain.

INC-311181

Survey question submission experiences significant delays

We've fixed a performance issue affecting surveys configured with the Create verdict for multicontext assignments only if all decisions are identical setting enabled. Survey processing is now significantly faster in this scenario.

INC-305405

Survey download mail template has square brackets

We've fixed an issue with the Survey export completed email template, where square brackets around variables were not removed when the variables were replaced. The brackets are now correctly stripped from the rendered template.

INC-307385

UI and UX

Old Assignment Explorer fails to open CRAs for Exchange system

We've fixed an issue where Mailbox Calculated Resource Assignments (CRAs) could not be opened from the legacy UI. The CRA detail page failed to load when accessed from the legacy UI, although the same CRAs could be opened correctly from the new UI.

INC-304983

Perform resource owner approval doesn't work properly

We've fixed an issue in the Select Beneficiaries and Select Resources steps of the Access Request where pressing Enter while a search input was still being debounced could accidentally add or remove resources and identities. The Enter keypress is now disabled while the search is pending input.

INC-308193

Access approval: fixed incorrect Peer Access Analysis status for system owners

We have identified a visual issue where system owners performing access approvals always saw the Peer Access Analysis result as No risk, regardless of the actual evaluation outcome.
This caused inaccurate risk visibility during the approval process.

We have corrected the display logic so that system owners now see the correct Peer Access Analysis status during approvals.

Expire button in direct assignment view allows for revoke RA

We've fixed an issue where user permissions were not being correctly checked before allowing an identity to be expired. Permissions are now properly validated before the expiration action is permitted.

INC-312747

Access Rights systems no longer collapse

We've fixed an issue in the Access Rights grid where the system expand/collapse button was unresponsive. The button now correctly expands and collapses the rows as expected.

INC-311286

Omada Provisioning Service

Fixed incorrect account removal across account types

We've fixed two issues that caused compliance status and remove verdicts to leak across account type boundaries when a Personal-type role has a child resource whose folder supports both Personal and Admin account types:

We fixed an issue where a ReviewOK verdict on a Personal-type role incorrectly caused the Admin account’s child group to become ImplicitlyApproved. The implicit assignment logic now skips parent resources whose AccountTypeId differs from the child resource.
We fixed an issue where a Remove verdict on a Personal-type role incorrectly disabled the Admin account’s child group. The disablement logic now skips child resources whose AccountTypeId differs from the parent assignment being disabled.

INC-289331

Idle state memory consumption

We've fixed an issue with the Omada Provisioning Service's excessive RAM consumption in the idle state. The underlying issue with the Omada Provisioning Service incorrectly loading system configuration has been resolved.

INC-307393

Manual provisioning tasks already processed get recreated

We've fixed an issue where already completed provisioning tasks were being recreated during RoPE calculations. This occurred when an assignment contained multiple reasons for the same resource, requiring provisioning attributes to be merged. In these cases, the attribute value was populated inconsistently between runs, causing OPS reconciliation to incorrectly detect changes and recreate provisioning tasks. Now, provisioning task handling ensures consistent values across calculations, preventing unnecessary recreation of completed tasks.

INC-314573

Role and Policy Engine

GetConfigurationObjectIds is not cached efficiently

We've improved the performance and memory efficiency of the internal configuration object cache. Previously, cached results were stored per exact lookup combination, preventing overlapping requests from reusing cached entries and causing memory usage to grow over time. The cache now stores configuration objects individually, allowing lookups to reuse previously cached results regardless of the original request context. This significantly reduces memory consumption and improves scalability in long-running production environments.

INC-310905

Omada Data Warehouse

Upgrade issue affecting configuration import jobs

We have identified an issue affecting some environments upgraded through the January 2026 release flow. In certain cases, the ODW updater tool and its dependencies were not deployed with matching versions, causing import configuration jobs to fail after upgrade and requiring manual package updates as a workaround.

We have corrected the ODW upgrade deployment process to ensure the appropriate updater components and dependencies are deployed consistently during upgrades. This ensures configuration import jobs complete successfully without requiring manual intervention.

Omada Identity Analytics

Fixed persistent dashboard tab translation issue

We have identified an issue in Omada Identity Analytics where dashboard tab titles remained permanently translated after the first language change. Once a translation was applied, the titles continued to display in that language even after switching to another language.

We have corrected the translation handling so that dashboard tab titles now update properly according to the currently selected language.

Documentation: clarified resource assignment handling in Access Intelligence

We have clarified the Access Intelligence documentation to explain how resource assignments are evaluated in widgets. Access Intelligence considers only direct resource assignments by design, while indirect assignments are excluded to preserve the quality and accuracy of generated clusters and analytics results.

The updated documentation now provides additional context about this behavior to help users better understand the data displayed in OIA.

INC-312479

Connectors

SCIM OPS connector not respecting the lookup failure strategy

The SCIM OPS connector did not apply the lookup failure strategy. This issue has been fixed.

SR-311636

Prolonged Exchange imports

We've resolved an issue where Exchange imports were taking an excessively long time to complete. The Exchange connectivity package was updated to utilize the Get-EXO cmdlets instead of the legacy PowerShell commands, resulting in a significant performance improvement.

INC-313955

Security

Resolved SQL security finding

A possible SQL query vulnerability has been resolved by implementing parameterized queries. No exposure or customer impact occurred before the fix.

INC-312778

Other

Account type name change not reflected in the Account rules for system summary

There was an issue with the change of the account type name not reflecting in the Account rules for system summary. The issue was resolved by improving the behavior of the summary to refresh not only when the classification rule is updated, but also when related account types are modified.

INC-312834

Unable to download identities from view

We've fixed an issue with data object exports by improving memory allocation, resulting in more stable export operations. Exports of up to 90,000 entries are now supported, with the following limitations: the export must use the CSV file format and must be run as a queued download.

INC-310783

Date inputs get marked as edited even though no change has been made

We've fixed an issue where editing an identity as a manager could fail with a validation error on fields restricted by the IdentitiesAccessModifier configuration (such as VALIDFROM or VALIDTO), even when those fields had not been modified. Only properties that have actually been changed are now submitted.

INC-307229

Heavy frequent SQL query

We've fixed a performance issue in RoPE calculation cycles. Previously, when no assignment policies had a context filter defined, each cycle triggered an expensive database query that scanned the entire objects table, causing the environment to slow down over time.

INC-314155

Operations Dashboard: improved error message when resending inconsistencies

We have identified that errors occurring during inconsistency resend operations displayed only a generic web service failure message, making troubleshooting difficult. This provided insufficient information when users lacked permission to execute the operation.

We have improved the error handling for the Resend action in Setup > Operations Dashboard > Analytics Processing > Inconsistencies. Now, users receive a clear permission-related error message instead of a generic processing error.

Revoke assignments does not save the action comment anywhere

We've fixed an issue where the comment provided when revoking a resource assignment was not preserved. The comment is now appended to the resource assignment's description, together with the revoker's name and the timestamp. For example: Resource assignment removed by "System Administrator [ADMINISTRATOR]" on 05/05/2026 9:02 (UTC+01:00) with comment: Revoked due to role change.

INC-307830

We've fixed an issue where the GraphQL query returned a parent MenuItem even when none of its child items were accessible to the user. Empty parent menu items no longer appear in the left menu.

INC-307400

Access rights system not collapsing when hitting the marked button

We've fixed an issue in the Access Rights view where the collapse button did not correctly collapse the listed access rights when clicked. The button now collapses the entries as expected.

INC-310810

Documentation

Implicit assignments cannot be revoked directly

We've added documentation clarifying that implicit assignments cannot be revoked directly, as they are derived from explicit assignments higher in the resource hierarchy (for example, app role - role - group).

To remove access driven by an implicit assignment, the explicit assignment at the root of the hierarchy must be revoked. For more details, refer to the Revoking implicit assignments section of the documentation.

INC-291650

Access request​

Cancel Access Request fails due to missing DTC​

Access Requests being Terminated​

Enterprise Server​

The Event log fails to convert Azure Log Analytics entries​

Archiving DataObjectVersion stalls for hours due to AuditTrail archiving​

spSystemDiagnostics fails to detected deprecated code methods​

Not approved assignments are not revocable​

Horizons​

Failing imports​

Surveys​

Unexpected provisioning triggered after Resource Owner survey “Keep” decision creates duplicate calculated assignment​

Survey Schedule settings fail to commit​

Survey question submission experiences significant delays​

Survey download mail template has square brackets​

UI and UX​

Old Assignment Explorer fails to open CRAs for Exchange system​

Perform resource owner approval doesn't work properly​

Access approval: fixed incorrect Peer Access Analysis status for system owners​

Expire button in direct assignment view allows for revoke RA​

Access Rights systems no longer collapse​

Omada Provisioning Service​

Fixed incorrect account removal across account types​

Idle state memory consumption​

Manual provisioning tasks already processed get recreated​

Role and Policy Engine​

GetConfigurationObjectIds is not cached efficiently​

Omada Data Warehouse​

Upgrade issue affecting configuration import jobs​

Omada Identity Analytics​

Fixed persistent dashboard tab translation issue​

Documentation: clarified resource assignment handling in Access Intelligence​

Connectors​

SCIM OPS connector not respecting the lookup failure strategy​

Prolonged Exchange imports​

Security​

Resolved SQL security finding​

Other​

Account type name change not reflected in the Account rules for system summary​

Unable to download identities from view​

Date inputs get marked as edited even though no change has been made​

Heavy frequent SQL query​

Operations Dashboard: improved error message when resending inconsistencies​

Revoke assignments does not save the action comment anywhere​

GraphQL query returns parent menu item as menu item​

Access rights system not collapsing when hitting the marked button​

Documentation​

Implicit assignments cannot be revoked directly​