We have introduced a new feature in Access Approval. You can now review the violations identified during the Policy & Risk check by clicking on the See More button. The summary will open, enabling you to assess the results of the Peer Access Analysis check, Segregation of Duties check, and General Risk check in accordion-style sections.
We have introduced a new change in the Access approval process, there has been a modification to the Submit button functionality. Previously, the button would be disabled when nothing was selected. However, with the latest update, the Submit button remains active regardless of whether any item is selected. Now, the button attempts to submit all rows that meet the validation criteria. If none of the rows pass the validation, a yellow message is displayed, indicating that 0 questions were submitted successfully.
We fixed a bug that displayed a warning message even when there wasn't any data modified. Now, the Access approval table resets when users perform actions like filtering, sorting, or changing the page. A warning dialog informs users about the data reset before they proceed, following a one-time acknowledgment pattern. The warning won't reappear until the page is refreshed.
The button to request access in the Access Requests and in the Extend Access Requests list views will now be hidden if the logged in user does not have permission to request access.
There was an issue when requesting access from the mobile phone that overlapped the fields. This is now have been fixed.
We fixed a bug that showed the same context multiple times. Now multiple context assignments with the same ContextId will no longer appear in the business context selection dropdown on the Access Request form.
We fixed a bug that slowed down the functioning of the access request process validation stage for resources with child resources. This was fixed by modifying the order of conditions and implementing a queries cache.
Resolved an issue where survey administrators were not assigned to the verify activity when the Confirm before launch flag was set on the survey schedule. Now, survey admins are correctly assigned to the activity upon survey launches.
We have enhanced the Application form by defaulting the fulfillment section to a hidden state. You can adjust the visibility of the section in the configuration.
Resolved a bug that shows irrelevant fields in the Application form. We fixed that by setting to hide the section. Go to Application form enhancement to know more.
There was a formatting issue that displayed unintended `` tag in Approval Status on Access List.
We have fixed the description of the CheckIfSetPropertyHasValue code method in the event definition, which previously contained methods with an obsolete status.
We have added a limitation to our documentation related to code methods and triggering event definitions if a code method action results in an update of a data object. Refer to Code methods for more information.
We resolved the issue where you had to select a compensating control after resolving a conflict. Now, you only need to choose a compensating control when a conflict actually occurs.
We fixed a bug that hid a context. Now, even when the context field is hidden, the default identity context is added to Access Requests.
We resolved a bug that was preventing the data object type property quickform from loading when the property is configured as a Set property with a Listbox control type. The default value is now displayed as a dropdown selection.
Assignments pending deprovisioning will no longer be included in the SoD violation evaluation process. The Assignments Explorer will display a message for each of the assignments excluded from the process.
Here, you can find a list of deprecated features in Omada Identity. The features are still available in the release in which they are deprecated. This 12-month notice period is designed to allow for the transition to new features.
There was an issue with duplicated UIDs in tblAppstr. We've changed the DataObjectType XMLSCHEMA Descriptions of property UID as it was duplicated with other one and the issue has been fixed.
We fixed some Dutch translations.
We're introducing a new option in the Access Request process. The identity details displayed will match what you configured in the Lookup view.
We have extended the available fields in version 2.6 of the Omada Identity Graph API to include CreatedBy and CreateTime in the following queries:
Fixed a bug that caused an error when submitting the Access Review Survey. This issue has been resolved through an update to the survey templates Calculated Assignment for Managers and Calculated Assignments for Resource Owners.
Resolved an issue where an unnecessary warning message was being triggered in the Service page.
There was an issue with initiating a new violation evaluation task after approving an SoD violation evaluation.
To improve handling of the REST connector failed jobs with multiple tasks, consuming extensive amounts of memory resulting in OutOfMemory issues the existing errorResponseFilter setting was enhanced and new responseFilter setting was added. They allow to provide JsonPath that are applied to responses limiting their size:
The Access approval flows supports now filtering and sorting.
We fixed some German translations in the Access Request process.
The HandleProxyAddresses feature in the Active Directory collector was supporting only the SMPT protocol. The feature was enhanced to support any protocol.
There was an issue when the highwater mark was missing in the master database for the master data import from RoPE. It resulted in the import not storing the new highwater mark. The issue has been resolved.
Here you can learn about newest additions and improvements to Horizons platform. You can find the newest entries on the top of the page, with changes from previous months grouped under an appropriate section.
We have improved the performance of the resource search in the Access Request process.
When attempting to exclude system objects using the reference property lookup view, the exclusion process failed to reset the reference property of system objects when the DOT number is greater than one. This has been fixed.
There was an issue with incorrect validation when attempting to input an invalid date range that resulted in inconsistent error handling. Initially, entering a valid from value that higher than the valid to value appropriately triggered a red border and displayed the following error message: Access to must be higher than Access from. However, upon subsequently entering a valid to value higher than the valid from value, the red border persisted, and the error message failed to disappear when it should.
We've fixed an issue within the RoPE Initial Password extension. Previously, only newly created account assignments would receive an initial password attribute value. With our recent fix, existing account assignments, without a direct reason, will now be assigned an initial password by the RoPE extension during the provisioning task. This adjustment ensures a seamless notification flow and successful completion of the process.
An issue has been solved in the OData API for calculated assignments. If the scope of the call contained an assignment for a deleted resource, the whole API call was failing. This is contrary to how the calculations look in the user interface. This has been improved.
An issue was identified where the cleanup import profile could lead to fact violation errors, such as: 3 ResourceAssignment objects have no fact row with IsRowLatest = 1. This problem occurred specifically when a referenced account or resource was deleted and recreated in the past.
Provisioning with the Active Directory connector configured resulted in some instances with the Current security context is not associated with Active Directory domain or forest or The RPC server is unavailable. The issue has been resolved and those errors should no longer be encountered.
An enhancement has been implemented in the calculation of the provisioning statuses Pending Deprovisioning and Deprovisioning Failed.
An issue occurred when working on a process that generates identities of the type "secondary." Upon requesting access to a custom resource through Legacy Access Request, an error occurred indicating that system id was missing from resource. This issue has been resolved, and Technical Identity Validation will no longer be triggered for custom Identity Types.
There was an issue with the Identity export from Omada Data Warehouse to the Enterprise Server. This problem has been resolved by making the extension attribute case-sensitive in the export mapping.
There was an issue with the Requested by filter in the Access Request. The problem has been resolved. Currently, the values searched for using the Requested by filter in the RequestedBy column align with those displayed in this column.
The preview service failed to multiply results when a multivalue source attribute was used in mapping for a single value target attribute. We have resolved this issue, and the preview service now functions as intended.
Read more about the issues that are known to still exist at the moment of introduction of the Omada Identity update.
We have fixed a bug that prevented paging from starting on the second page. Now, it resets the currentPage to the first page upon rendering a new data grid, ensuring that the data grid always starts from page one for every listView.
Resolved an issue in the AssignmentAttributeValueDifferentiator that was creating duplicate provisioning tasks due to an extra assignment when the differentiator value is empty, as it pertains to provisioning claim reasons.
There was an issue with a missing exception. The problem has been resolved by adding an app log for data exchange exceptions during unsuccessful imports.
There was an issue with information missing in the WWW-Authentication header and the StatusDescription. The issue has been resolved and for the REST-based systems, the test connection, when failed, error messages are available in both HTTP header and response body.
Some grids in the transfer ownership survey lacked translations. We have resolved this issue by adding translations for captions used in the grid and form fields in the Transfer ownership survey.
We introduce version 1 of the new UI Access approval for answering your survey questions. You find a dedicated tab in the navigation pane named Access approvals. This view has tabs for each approval step, such as manager approval, resource owner approval or system administrator. These tabs are always visible, even if you don't have any questions assigned. To check for assigned questions, click on each tab.
There was an issue with displaying long attribute names in the Access Request UI. This problem has been resolved, and we now fully support and accurately display unusually long attribute DisplayNames.
We have introduced a new option to close the Access Request process. A new button will display to close the request.
We have introduced the Children resources column to the Access Request list view. Now when there are children resources associated with a particular resources, the See more button displays in the row. You can click See more to open a secondary grid that presents all children resources that have been assigned to the given resource.
In the Account List (WAC001) report, the Account parameter now uses the Account Name for filtering purposes instead of the Account UID.
We have incorporated a direct link to Omada Academy within the Navigation pane. Clicking on the tab will promptly redirect you to our Omada Academy portal. This tab is initially visible exclusively to administrators, but it can be configured to be accessible to other roles as well.
We have introduced a new menu section that enhances the user experience for administrators. This section provides access to critical list views, such as Identities, Resources, Technical Identities, Applications and Surveys, each featuring an updated user interface. To access the menu, click on the List views (Beta) tab on the navigation pane. This menu item is available to Administrators and Service Desk users.
We have introduced new queries in the Graph API. policyCheckConfiguration to check if any policy and risk check is enabled for the approval survey and accessApprovalPolicyChecks to run a policy and risk check for the question assigned to the active user in the Access approval survey.
We have introduced a new Queue identity for recalculation authorization element. From now on, to queue identity for recalculation, you must have the QueueIdentityForRecalculation permission assigned.
We've fixed the OData viewId response to contain properties from View Displayed fields and basic DataObject properties, such as:
The OData API can now be used to manage (read and provision) all out-of-the-box and custom properties of users (accounts) and user groups (resources) entity types.
We've introduced the Omada Identity Governance feature to efficiently manage the users and user group memberships of the Enterprise Server.
We fixed a bug that was preventing to set a Valid to date from the past when requesting access.
An issue, where a duplicated preview request resulted in the preview service error has been resolved. In a situation when a duplicate request is registered, the existing preview query request is removed.
There was an issue with QueueIdentity Webservice that could be called by any authenticated user. We have fixed that by introducing a new Queue identity for recalculation authorization element.
In any email template using the built-in email properties, the [ReceiverFirstName] and [ReceiverLastName] were not replaced with the actual values.
ValueGenerator.GenerateUniqueValue code method failed if the expression contained a reference path with filters. This issue has been solved.
We've just released Omada Identity Cloud update! What's new?
We've just released Omada Identity Cloud update! What's new?
Upcoming changes to Approvals flow: We are excited to inform that starting from the August CU, the new Approvals flow will become the default one for all cloud customers. This change aims to enhance the experience with more streamlined and efficient approval processes. To help you prepare for this transition, we encourage you to familiarize yourself with the new Approvals flow and make any necessary adjustments ahead of time. Detailed information and resources about the new Approvals flow can be found in the Access section. If you have any questions or need assistance, please reach out to our support team.
We've just released Omada Identity Cloud update! What's new?
We've just released Omada Identity Cloud update! What's new?
We've just released Omada Identity Cloud update! What's new?
Upcoming changes to Approvals flow: We are excited to inform that starting from the August CU, the new Approvals flow will become the default one for all cloud customers. This change aims to enhance the experience with more streamlined and efficient approval processes. To help you prepare for this transition, we encourage you to familiarize yourself with the new Approvals flow and make any necessary adjustments ahead of time. Detailed information and resources about the new Approvals flow can be found in the Access section. If you have any questions or need assistance, please reach out to our support team.
We've just released Omada Identity Cloud update! What's new?
Upcoming changes to Approvals flow: We are excited to inform that starting from the August CU, the new Approvals flow will become the default one for all cloud customers. This change aims to enhance the experience with more streamlined and efficient approval processes. To help you prepare for this transition, we encourage you to familiarize yourself with the new Approvals flow and make any necessary adjustments ahead of time. Detailed information and resources about the new Approvals flow can be found in the Access section. If you have any questions or need assistance, please reach out to our support team.
We've just released Omada Identity Cloud update! What's new?
We've just released Omada Identity Cloud update! What's new?
We've just released Omada Identity Cloud update! What's new?
The Omada Identity Update releases bring exciting improvements and enhancements in a variety of the product areas. Read more about the changes and bug fixes introduced in each of the Releases.
Since we have consolidated target logs and stopped writing records to the tblServiceEvent table in the Role and Policy Engine database, this table is now removed.
There was an issue with removing objects during reconciliation from simple arrays. The issue has been resolved.
Read more about resolved issues and bug fixes in this release.
Read more about resolved issues and bug fixes in this release.
Read more about resolved issues and bug fixes in this release.
Read more about resolved issues and bug fixes in this release.
Read more about resolved issues and bug fixes in this release.
Read more about resolved issues and bug fixes in this release.
Read more about resolved issues and bug fixes in this release.
Read more about resolved issues and bug fixes in this release.
Read more about resolved issues and bug fixes in this release.
Read more about resolved issues and bug fixes in this release.
Read more about resolved issues and bug fixes in this release.
Read more about resolved issues and bug fixes in this release.
Read more about resolved issues and bug fixes in this release.
The REST connectivity has been enhanced with the following improvements:
Fixed an issue in the context of a Parent/Child relationship where no overlap existed in their validity periods. This problem resulted in calculations failing due to an invalid validity period.
We have enhanced RoPE for identities with a validity period starting after the PreValidity. Previously, the calculation of such identities could trigger a warning related to a missing account. With this update, the warning has been eliminated, and assignments are still not generated.
There were Omada Provisioning Service issues related to the way security protocols were implemented in the SAP connector. The issue has been resolved with the SOAP, Entrust, and MijnCaress connectors setting the TLS security protocol on the connection directly instead of using the global value.
We've introduced a new customer setting called Use new UI for approval. This setting enables you to switch all approvals to the updated Access Approval flow. This includes a Task card on the home page which will redirect to the relevant tab on the access approval page.
In some cases, a violating assignment with multiple reasons, including a ReviewOK reason, triggers an unhandled exception in the SoD evaluation feature. We've now fixed the underlying logic to ignore the order of reasons in an assignment.
Fixed a bug that triggered an exception when assignments were blocked in the SoD evaluation process and an expiration date was selected.
The grid will now display the name of the business process in conflict with another resource. If the process is a child of another process, the parent process will not be mentioned. This differs from the constraint, which only shows the parent business processes.
It is now possible to select Today as Expiration date in the Segregation of Duties evaluation process.
There was an issue with column names containing key words or special characters, causing the collector to break. Now to ensure that names are processed correctly the SQL queries generated by the SQL Query Collector for Generic databases encapsulates column names in special characters:
The Identity Delete query in Data warehouse to Cloud management portal has been fixed to exclude identities that are deleted after their ValidTo date, since such identities are deleted already by the Enterprise Server.
We have resolved a recent bug that was causing the Log Entries button to be hidden when opening the survey questions of a completed survey.
In Surveys, when applying a filter to the Status column and choosing the Missing answers option, the appropriate questions are now loaded.
We fixed an issue that was preventing the editing of transitions when creating a survey. Now, it is possible to create new transitions from the process designer and the list of transitions.
For CRAs with no actual state, a survey verdict will not extend its validity through the using the days before verdict expires field in the survey form. Instead, it will maintain the initial validity established on the direct assignment.
The Map null values setting in the Advanced settings section is enhanced with the possibility to set it for specific operations. It can be configured to true value for the combination of the following operations:
There was an issue with the Cleanup timing out during the rebuilding of XML indexes for the Identity table.
The Title, Description, and Estimate fields are no longer editable when modifying a published Transfer Identity Assignments survey template. You can make changes to these fields directly in the associated activity within the published survey process template.
The Manual Provisioning Extension had an issue where, upon disabling an Orphan Account, Omada Identity would check for the Previous Calculation of the Unresolved Identity and incorrectly assume that the Orphan Account Calculated Assignment also had a prior Calculated Assignment. We resolved this by fixing the logic, ensuring accurate handling in such scenarios.
We have introduced new updates to the survey templates: Calculated Assignment for Managers and Calculated Assignments for Resource Owners. These updated survey templates now incorporate the option Days before verdict expires in the post-action handler.
There was an issue with the changeset - it did not apply any changes to a view field title when it was supposed to be set to null. This has been fixed.
Some options were not disabled to modify when a user had no permission to perform actions on the View page. This has been fixed.