Identity Manager 9.1.3 - Release Notes

An update migration from One Identity Manager versions 8.1.x or 8.2.x with granulated permissions to versions 9.0, 9.1, or 9.2 leaves behind permissions for the msdb database that are no longer required.

Using single sign-on to log in to the Manager does not work if the web application is connected via an application server.

Token authentication on the application server using OAuth2.0/OpenID Connect on the /api/script/... endpoint does not work.

An error occurs logging in to the Launchpad via OAuth.

Errors can occur when process history records are transferred to the History Database.

Error message: Cannot insert duplicate key in object 'dbo.HistoryJob'.

An error sometimes occurs when a session is discarded in the application server client.

Error message: System.ObjectDisposedException: The session is already disposed.

If the SQL Server name contains special character (such \, ?, or :), the Database Transporter generates an invalid name for the transport file. Special character are replaced with an underscore (_).

In certain constellations, schedules are started twice within a minute.

Incorrect calculation and evaluation in reports depending on whether historical assignments are in effect or not.

An error occurs transporting change labels that contain delete operations on schema data.

Error message: Object of type Additional view definition does not exist in database or you do not have the relevant viewing permissions.

After reactivating process steps, warnings are recorded in the system journal.

Clicking elements in the result list sometimes triggers a drag and drop event that might result in subsequent errors.

The DBQueue Processor task for creating database server permissions fails if the schema name contains a backslash (\).

If the Address parameter in a process that sends an email notification is empty, the process does not fail.

If a failed process step is manually forwarded to the error branch or the success branch, the information is logged in the subsequent process step.

If the top process step in a process is moved, the necessity to compile is not detected.

Performance issues running the maintenance task to reduce the process history.

Under certain conditions, deleting entries from the system journal causes performance problems or blocks the database.

Under certain conditions, an error occurs when running the SQL Clause Executable (QER) consistency check.

The English country code for the Republic of Türkiye has been corrected (Türkiye).

In the Web Portal, the search sometimes stops and displays an error.

The list of approvers and attestors in the Web Portal is not complete.

When a manager selects their employees' compliance violations, the queries can take a long time.

In the Web Portal, an error occurs when checking the shopping cart if the requested product has a request parameter that contains a list of permitted values.

In the Web Portal, request properties for products in a service category are not inherited correctly by the products in the child service categories.

Under certain conditions, the search for devices does not work in the Web Portal.

The Web Portal does not update the number of pending requests, attestations, and rule violations.

In the Web Portal, it is possible to create a delegation although the mandatory field Valid until is empty.

The Web Portal does not transfer all the request parameters for products to the shopping cart.

In the Operations Support Web Portal, process steps that are not at root level cannot be run again.

In the Web Portal, an error occurs if you open the shopping cart containing a product that is not assigned to a service category.

Under certain conditions, it is not possible to login to the Password Reset Portal with a passcode.

Under certain conditions, you cannot display logs in the Web Designer Monitor.

In the Web Designer, it is possible to select the Extended properties options on a Warning node.

Hyperviews of system entitlements cannot be displayed in the Web Designer Web Portal.

The Web Designer Web Portal incorrectly displays a time picker for the Disable until property in identity main data.

In the Web Designer Web Portal, editing properties of multiple products in the shopping cart does not work properly.

Editing or deleting view settings in the Web Designer Web Portal causes an error.

In the Web Designer Web Portal, pressing the Enter key in the filter dialog does not always work.

Error provisioning outstanding cloud user accounts.

When testing the connection settings in the project wizard, the SCIM connector cannot establish a connection to the cloud application if OAuth authentication is used and the connection parameter contains special characters.

An error sometimes sporadically occurs when evaluating a synchronization simulation.

Error message: Object not set to a reference of an object.

An error occurs loading LDAP groups with a lot of members.

Error message: Invalid data. Data of type (System.Object[]) is not supported.

Error loading a PostgreSQL database schema.

Error message: [System.OverflowException] Arithmetic operation resulted in an overflow.

After changing the membership in a system entitlement, the DBQueue Processor task for updating the XDateSubItem column is not reset, even though there are processing tasks for the same object in the Job queue.

Group memberships of Azure Active Directory user accounts are deleted when the corresponding memberships in Exchange Online are enabled.

When synchronizing SAP authorization objects, not all objects in the USOBHASH table are read into the One Identity Manager database if SAP BASIS version 7.57 (SAP S/4HANA 2022) or later is in use in the synchronized SAP R/3 environment.

Import the current SAPTRANSPORT_70.ZIP transport into the SAP R/3 system you want to synchronize. This uses the /VIAENET/LISTUSOBHASH function module instead of the AUTH_TRACE_GET_USOBHASH SAP module. When accessing SAP R/3, the SAP R/3 connector checks whether the /VIAENET/LISTUSOBHASH function module is available and uses it. This synchronizes all objects in the USOBHASH table. The synchronization log records whether the /VIAENET/LISTUSOBHASH function module is used.

Some of the PAM asset group and PAM account group columns are too short.

Error writing data to tables in a PostgreSQL database if the table contains a column whose value is incremented automatically.

Under certain conditions, an error occurs when synchronizing Exchange Online.

Error message: You must call Connect-ExchangeOnline before calling any other cmdlet.

A system user who has read-only permissions can still delete, reset, and publish objects on the form for target system synchronization objects.

Error requesting a cloud group if a cloud permissions control is assigned to this group.

Error setting up synchronization with the generic database connector for the generic ADO.NET provider, SAP HANA databases, and DB2 (LUW) databases if the connection configuration is loaded from a UDL file.

Error message: DistributionConnector: Error connecting the system. Unable to load the UDL file.

If several synchronizations are run in parallel from a start up sequence and at least two synchronizations are completed at the same time, it is possible that the start up sequence never completes.

Error connecting to a cloud application using the SCIM connector if authenticating via the OAuth protocol 2.0.

A patch with the patch ID ADO#444262 is available for synchronization projects.

In the Manager, an account definition cannot be selected on the main data form when creating a new Active Directory contact.

Target system objects that are loaded in the One Identity Manager database via a remote connection sometimes have incorrect display names.

Some steps are missing in the report on simulating a synchronization with revision filtering.

One Identity Safeguard users who use Active Directory as their identity provider cannot be removed from local One Identity Safeguard user groups.

Occasionally, when re-enabling a failed process for creating Active Directory user accounts, a user account might be created without a password although the password was originally set.

Performance issues deleting an IT Shop shelf.

Under certain conditions, email notifications about a request approval are not sent, even though email notifications are configured correctly.

If a product is canceled while the request renewal process is running, the renewal workflow is run instead of the cancellation workflow.

For the XM, CM, and PW approval procedures, attestors are not recalculated if an attestor has delegated the approval.

Performance issues loading the list of attestation cases.

The SAC_FTProfileInSAPFunction function returns incorrect results if an SAP function consists of more than one transaction. This leads to unexpected results, depending on the order of the transactions within the SAP function.

Incorrect recalculation of the attestors if a regular attestor is initially also a member of the chief approval team and is later removed from this group.

Sometimes IT Shop requests are canceled if a shelf is moved to another shop, even though the Retain service item assignment on relocation option is enabled on the service item.

If an approval step is escalated, the request is automatically canceled under the following conditions (and not submitted to the escalation approvers):

• An approver from the next escalation approval step escalates the request manually.

• The QER | ITShop | AutoDecision configuration parameter is set.

The product owners of system roles, subscribable reports, and software cannot see the overview forms of the responsible product.

Occasional performance problems when processing the DBQueue Processor QER-K-PWOHelperFillMakeProc task.