Chat now with support
Chat with Support

Identity Manager 8.1.2 - Release Notes

Release Notes

One Identity Manager 8.1.2

Release Notes

February 2020

These release notes provide information about the One Identity Manager release, version 8.1.2. You will find all the modifications since One Identity Manager version 8.1.1 listed here.

One Identity Manager 8.1.2 is a patch release with new functionality and better behavior. See New features and Enhancements.

If you are updating a One Identity Manager version older than One Identity Manager 8.1.1, read the release notes from the previous versions as well. You will find the release notes and the release notes about the additional modules based on One Identity Manager technology under One Identity Manager Support.

One Identity Manager documentation is available in both English and German. The following documents are only available in English:

  • One Identity Manager Password Capture Agent Administration Guide

  • One Identity Manager LDAP Connector for CA Top Secret Reference Guide

  • One Identity Manager LDAP Connector for IBM RACF Reference Guide

  • One Identity Manager LDAP Connector for IBM AS/400 Reference Guide

  • One Identity Manager LDAP Connector for CA ACF2 Reference Guide

  • One Identity Manager REST API Reference Guide

  • One Identity Manager Web Runtime Documentation

  • One Identity Manager Object Layer Documentation

  • One Identity Manager Composition API Object Model Documentation

  • One Identity Manager Secure Password Extension Administration Guide

Topics:

About One Identity Manager 8.1.2

One Identity Manager simplifies the process of managing user identities, access permissions and security policies. It gives control over identity management and access decisions to your organization, freeing up the IT team to focus on their core competence.

With this product, you can:

  • Implement group management using self-service and attestation for Active Directory with the One Identity Manager Active Directory Edition
  • Realize Access Governance demands cross-platform within your entire concern with One Identity Manager

Each one of these scenario specific products is based on an automation-optimized architecture that addresses major identity and access management challenges at a fraction of the complexity, time, or expense of "traditional" solutions.

Starling Cloud Join

Initiate your subscription within your One Identity on-prem product and join your on-prem solutions to our One Identity Starling cloud platform. Giving your organization immediate access to a number of cloud-delivered microservices, which expand the capabilities of your One Identity on-prem solutions. We will continuously make available new products and features to our Starling Cloud platform. For a free trial of our One Identity Starling offerings and to get the latest product feature updates, visit cloud.oneidentity.com.

New features

New features in One Identity Manager 8.1.2:

Basic functionality
  • Support for SQL Server 2019 with the compatibility level for databases SQL Server 2016 (130).

  • As from One Identity Manager version 8.1.2, a new method is available for updating customer databases faster. This method is only implemented for updating the schema in the context of service packs. For initial schema installation and updating the schema to a new main version, the conventional method is still used.

    NOTE: This method is applied to schema updates as from One Identity Manager version 8.1.2 assuming version 8.1.1 is installed. Updating of older One Identity Manager versions to version 8.1.2 uses the conventional method.

  • Support for custom staging levels for the One Identity Manager database. This information is shown in the status bar of the programs in the database connection tooltip and in the installation overview in the Launchpad.

Web applications
  • In the Web Portal, you can display and request products that other people from your vicinity have already requested. As a manager, you can also see products from your team’s peer groups.

  • In the Web Portal, you can specify how dates and numbers are formatted. You can configure this in the My Profile | Contact Data | Language for value formatting field.

  • You can configure the Password Reset Portal such that you can log in using user accounts other than the central user account with help of password questions or a passcode (for example, with the name of the Active Directory user account). Use the QER | Person | PasswordResetAuthenticator | DisabledBy, QER | Person | PasswordResetAuthenticator | EnabledBy, QER | Person | PasswordResetAuthenticator | SearchColumn, and QER | Person | PasswordResetAuthenticator | SearchTable configuration parameters to configure this. For more detailed information, see the One Identity Manager Web Application Configuration Guide.

Target system connection
  • One Identity Safeguard Version 2.8, Version 2.9, Version 2.10, and Version 2.11. are supported.

  • Microsoft Exchange 2013 with cumulative update 23 is supported.

  • TECH PREVIEW ONLY: A new LDAP connector LDAP Connector (Version 2 - Tech Preview) is available. Project templates are made available for OpenDJ, Active Directory Lightweight Directory Services (AD LDS), and Oracle Directory Server Enterprise Edition (DSEE) as well as a generic project template. The connector can be tested in a test environment. You must definitely not use the connector in a live environment.

Identity and Access Governance
  • Use the QER | Person | UseCentralPassword | CheckAllPolicies configuration parameter to specify if an employee’s central password is checked against all the target system’s password policies of the employee’s user accounts. Checking is only carried out in the Password Reset Portal.

  • Approvers that are registered for Starling Two-Factor Authentication, can also use the Starling 2FA app for approvals. This option is available if you use Starling Cloud for multi-factor authentication. Use the QER | Person | Starling | UseApprovalAnywhere and QER | Person | Starling | UseApprovalAnywhere | SecondsToExpire configuration parameters to configure the required behavior.

  • Support for peer group analysis for attestation.

    There is a new PeergroupAnalysis event for the AttestationCase table that you can link into the approval workflow with an EX step. In this approval step, whether the attestation case is automatically granted or denied approval depends on a peer group analysis of the employee connected to the attestation object. The peer group analysis is determined through the manager or department of the employee connected to the attestation object.

    To configure peer group analysis for attestation, use the QER | Attestation | PeerGroupAnalysis configuration parameter and its subparameters.

See also:

Enhancements

The following is a list of enhancements implemented in One Identity Manager 8.1.2.

Table 1: General

Enhancement

Issue ID

Improved performance transferring deleted Job queue entries to the process history.

31103, 32402

Improved performance of DBQueue Processor tasks for shrinking records from process monitoring and the process history.

31954

Improved performance processing DBQueue Processor tasks with large amounts of data.

32146

Improved performance processing DBQueue Processor tasks during synchronization. To prevent possible blocking of DBQueue Processor task processing during synchronization, a DBQueue buffer (QBMDBQueuePond table) is implemented. The time period for deferring remaining entries is defined in the QBM | DBQueue | BufferTimeout configuration parameter (default 120 minutes).

32525, 32577

Improved performance deleting objects including all their dependencies.

32223

Improved performance executing deferred operation with large amounts of data.

32373

Improved performance updating current UTC offsets of all timezones.

32567

Columns that need to be in a defined display pattern in the table are given implicit viewing permissions.

31143

Improved compilation of HTML applications in the Configuration Wizard.

32050

Improved documentation for applying scripts about conditional displaying and editing of columns. For more detailed information, see the One Identity Manager Configuration Guide.

32540

Improved how to determine the current version of the database server to display in the system configuration report.

32139

Improved accessing the One Identity Manager History Database when connected through an application server.

When you install an application server, you can enter the connection data to one or more One Identity Manager History Databases. You can also enter an One Identity Manager History Database‘s connection data at a later date. To do this, change the application server’s configuration file (web.config).

For detailed information, see the One Identity Manager Installation Guide and the One Identity Manager Operational Guide.

32317

New consistency checks test whether or not there is a deferred operation that has already been triggered but does not have a process in the Job queue.

32218

Improved the Objectkey references to non existing object and Objectkey references to non existing object (tolerated) consistency checks.

31898, 32197, 32333

You can specify a priority for registering a customizer method. If serveral methods of the same name are found, the method with the highest priority is selected. Therefore, methods from other customizers can be overwritten, if permitted.

32355

The Fallback connection option (QBMConnectionInfo.IsFallBackAppServer) for the process generation connection data can only be enabled for one application server.

32414

Improved identification of expiring sessions on the application server.

31719

Improved reestablishing connections to the application server.

32485

Improved protection against damaging SQL statements.

31768, 32102, 32285

Improved error messages when transporting changes if an error occurs while implementing them in the target database.

32022

New MergeAction parameter in the DBTransporterCMD.exe command line program for handling merge conflicts during a transport.

32027

The ScriptComponent process component has two new process functions available to it, ScriptExecExclusive and ScriptExecExclusive32, for executing scripts exclusively for one object.

32562

Improved accessibility in the Manager.

32157

Improved how permitted and not permitted character classes for password policies are displayed on forms in the Manager and the Designer.

32205

Improved how translations are displayed in the Edit translation dialog.

32216

Table 2: General web applications

Enhancement

Issue ID

Improved security for dealing with column filters in the Web Portal.

32192

Improved performance making approval decisions for request and attestations in the Web Portal.

32220

Improved performance of certain database queries in the Web Portal.

32253

Removed checkbox in front of the date field in the Web Portal. If you do not want a time restriction, do not enter anything in the field.

801120

When an API is compiled, it is tested to see if a ConfigureAwait(false) method has been used for each await keyword. This ensures that asynchronous code is applied correctly.

803817

Webauthn security keys: The RSTS version has been updated to version 2019.11.22.0. You can prevent the X-Frame-Options HTTP response header from being returned by setting the DisableAddingXFrameOptionsHeader configuration setting to true.

803934

Improved performance of grid controls. Less database queries are generated.

806371

The Web Portal monitor page has been reworked and now shows better information.

803262

Improved performance of database-bound grids.

32393

In the Web Portal, the system role’s Hyper View has been reworked.

20188

On the Web Portal's start page, assignment resources, multi-requestable/unsubscribable resources, and resources are now visible in the My Responsibilities tile.

31934

Improved performance displaying requestable products in the Web Portal.

32057

Improved performance requesting products in the Web Portal.

32255

Table 3: Target system connection

Enhancement

Issue ID

Only relevant project templates are offered in the project wizard.

25471

Synchronization of objects with incorrect object properties can be allowed if necessary.

31722

Improved performance synchronizing Microsoft Exchange recipient lists.

31163

The Oracle E-Business Suite connector recognizes on its own, which Oracle Database Editions are used in the target system.

A patch with the patch ID VPR#30464_1 is available for synchronization projects.

30464

Improved performance provisioning assignments of Oracle E-Business Suite entitlements to user accounts.

32498

During provisioning of G Suite user accounts, user accounts are prevented from being processed in parallel.

32320

During provisioning of Notes objects, the latency is increased after the index is refreshed to be able to reload object properties without errors.

32448

In the One Identity Safeguard connector, the version of the Windows PowerShell module in use is checked to see if it is supported and matches the appliance. If this is not the case, the connection is closed with an appropriate error message.

32425

Support for Telnet session request for PAM.

32544

The SAP connector now uses SAP code pages 6100, 6200, and 6500.

32118

Accelerated synchronization of personnel planning data from an SAP HCM system.

A patch with the patch ID VPR#32154 is available for synchronization projects.

32154

New USOBHASH schema type in the SAP connector schema to load permissions from the USOBHASH table in SAP R/3.

32292

The SCIM connector now allows parallel access 10 times max. to load single objects during synchronization.

32564

Improved performance using the SCIM connector for synchronization.

32599

The CSV connector now takes language settings into account when reading and writing.

32000

Table 4: Identity and Access Governance

Enhancement

Issue ID

When a passcode is created, it is logged in the system journal.

31945

Business roles that are used in assignments resources cannot be deleted anymore.

31806

Improved performance calculating QER_FTPWOVisibleForPerson.

32045, 32334

The Retain service item assignment on relocation option can now be set on default service items.

32588

See also:

Resolved issues

The following is a list of solved problems in this version.

Table 5: General known issues
Resolved issue Issue ID

The following error occurs while the One Identity Manager database is updating from version 7.0.x, 7.1.x, or 8.0.x to version 8.1.1:

Database error 41337: Cannot create memory optimized tables. To create memory optimized tables, the database must have a MEMORY_OPTIMIZED_FILEGROUP that is online and has at least one container.

31981

The schema update fails on QBM_PIndexDropRedundant if there are indexes with a lot of columns.

32569

In the Configuration Wizard, changing to a new login for an administrative user when installing a One Identity Manager database does not work correctly. This happens if the database connection was established with Windows authentication.

32074

In the Configuration Wizard, an error occurs selecting the directory for database files in the file browser if an installation user with granular permissions is used and the files are not stored in the database server’s default directories.

For more information about the required authorizations, see the One Identity Manager Installation Guide.

32274

Custom files are deleted during update installation of local assemblies.

28985

Backup files are sometimes generated in the wrong directory during an One Identity Manager update.

32232

Web application assemblies are not completely deleted during compilation.

32201

Errors when the RemoteConnectPlugin starts are not properly logged in the One Identity Manager Service.

32208

Error querying if the SQL Server Agent is running on an Azure SQL Database.

32371

In the search index, the change date is set even though a table is not indexed in a run.

32406

On a server with AlwaysOn availability groups, if a One Identity Manager History Database is not in an AlwaysOn availability group, data is not transferred to the One Identity Manager History Database.

31721

Error if the name of the connection server for transferring data to the One Identity Manager History Database contains special characters.

32163

When a connection server is created, data transfer to a One Identity Manager History Database fails if the is_rpc_out_enabled option is not set.

32492

Error describing the SPML test front-end configuration.

31728

In certain circumstances, the compiler dialog box is not displayed when transporting change labels, even though compilation is required.

31868

Importing the transport package sometimes does not complete.

32025

If a process step fails, the execution status of the following process step is correctly set to False however subsequent steps retain the execution status Loaded. This means that no more process steps are handled for this process.

32020

It is not possible to create schedules with a long interval because the start date is skipped.

32047

If a script being executed over the Execute Script process task of the PowerShellComponent process component fails, passwords contained in the script are written out in the One Identity Manager Service's log.

32089

Error adding objects to change labels.

32159, 32160

Errors in the SDK_IPasswordManager_CreatePassword and SDK_IPasswordManager_ValidatePassword scripts. The scripts determine password policies without a base object.

32193

Changing an MVP column that is configured for logging changes, does not generate a recalculation task for Watch* trigger.

31989

Blockages of the QBMDBQueueCurrent table cause performance problems during processing of certain DBQueue Processor tasks. In this context, there is a new consistence check called Custom defined Z-Procedure without corresponding R-Procedure.

32087

In certain circumstances, post-processing are not generated.

32194

In certain circumstances, an error occurs in the QBM_PDBQueueProcess_Del procedure.

32332

The dialog for editing report master data in the Report Editor can be opened twice at the same time.

32202

Internal temporary table for determining historical data for reports is created with the wrong sort order.

32555

Identity providers (QBMIdentityProvider table) cannot be created in the Designer.

32209, 32431

Error opening the process plan editor if the Designer is running in quick edit mode.

32230

The ResolveImportValueHashed function cannot handle dynamic foreign keys.

32214

Error evaluating scripts about visibility (DialogColumn.CanSeeScript).

32239

The QBM_PUserDetectByGroupList procedure removes too many permissions groups.

31601, 32068

During migration of One Identity Manager version 8.0.x to 8.1.x, the foreign key columns’ edit permissions are not cleared up if they come from custom permissions groups.

29031, 32270, 32352

Permissions missing during process simulation.

32495

The DynamicGroup.Displayname column is too short.

32273

Error passing the entity in the script (LineScriptName parameter) in the ScriptComponent process component’s CSVExport process task.

32409

 

In the Schema Extension, permissions for database view are not tested correctly.

32065

The Schema Extension wizard does not display all the error messages that occur when custom schema extensions are deleted.

32413

Custom table of ReadOnly type are not generated correctly.

32464

The _Old suffix causes errors during bulk updating of column names.

32488

In the Manager, error loading historical data in the TimeTrace view.

32283

An error occurs in a date field if the value larger than 31.12.9998 is entered.

32368

In certain circumstances, objects in the Manager are opened as read-only.

32417

Incorrect sorting of date values in the Manager if English (USA) is set as the language.

32441

In the Filter Designer, searching with Ctrl + F does not work properly.

32552

Inaccurate calculation of the memory required on a server.

32199

In certain circumstances, table relations are incorrectly identified as errors in the consistency check.

32443

In certain circumstances, entries in QBMElementAffectedByJob are not processed.

32534

In the DBTransporterCMD.exe command line program, background processes are not correctly taken into account during testing to see if single user mode can be enabled.

32601

In certain circumstances in the DBTransporterCMD.exe command line program, single user mode is not exited.

32620

Insufficient references in certain scripts.

32644

Table 6: General web applications

Resolved issue

Issue ID

In the Web Portal, you cannot delete bookmarks referencing objects that no longer exist. Now you can delete bookmarks in a tile on the Web Portal‘s start page.

31912

In the Web Portal, on the employee history page, it is not possible to sort the table without setting a filter beforehand.

31938

In the Web Portal, an error occurs if, within one session, a new subgroup is added to an Active Directory group and another subgroup is added under the first subgroup.

31940

In the Web Portal, the Back button on the Pending attestations page only works if there are no attestations.

31963

In the Web Portal, if you temporarily deactivate an employee, an error occurs if the current date is selected in Temporarily disabled until.

31967

In the Web Portal, you can sort by columns with hidden content.

31969

In certain circumstances in the Web Designer, an object is loaded without the mandatory column XObjectKey.

31971

In the Web Designer, if the value of Minimum number of characters is set to less than 1025 characters in the copy or extension of a particular component (for example, VI_UNS_RequestNewGroup), then only a maximum of 1024 characters can be entered in this field in the Web Portal at a later date.

31980

In the Web Portal, the Send a reminder mail dialog does not have a scroll bar.

31992

In the Web Portal, an error occurs if a report is shown that requires input of a value for a parameter.

32004

In certain circumstances in the Web Portal, filtering requesters in the request history causes an error.

32006

In certain circumstances in the Web Portal, an approver of an attestation case cannot analyze the removal of permissions.

32012

In certain circumstances, single sign-on does not work for the API Server.

32017

In the Web Portal, displaying request queries takes a long time.

32018

In the Web Portal, if a filter is applied to both the Request column and the Product column, the results do not correspond to the filters anymore and too many results are displayed.

32019

In the Web Portal, the Pending requests page takes too long to show the pending requests.

32023

In the Web Portal, if you search while system entitlements are displayed, an error occurs.

32024

In the Web Portal, an error occurs while searching for products for a new request.

32066

In the Web Portal, searching on the Auditing - Requests page does not return all the results.

32069

When business roles are displayed in the Web Portal with Internet Explorer 11, the manager and deputy are missing.

32140

If the Hardware configuration parameter is not set, no more requests can be made in the Web Portal.

32144

In the Web Portal, displaying entitlements for staff, takes a long time.

32178

In the Web Designer, if a logo is selected for the login screen, an error occurs.

32269

In the Web Portal, an error occurs if several requests are selected and approved at the same time.

32312

If the Web Portal login through OAuth 2.0/OpenID Connect fails, the browser hangs.

32316

In the Password Reset Portal, the View settings | Select all option is not applied to all the lists shown.

32340

In certain circumstances, the Web Portal shows unsaved changes to user data until the user logs in again.

32358

In the Web Designer, an error occurs if a project is compiled that contains a combobox (node) that does go through any iterations.

32366

In the Web Portal, selecting an employee for a new request can take a long time.

32372

In the Web Designer, some Web SQL functions cannot be used in conditions in column lists.

32374

In the Web Portal‘s mobile view, dialogs and their content as well as button texts are not completely displayed.

32379, 32386

In the Web Portal, the Disabled until field shows the wrong date in the employee’s master data.

32440

In certain circumstances in the Web Portal, multi-select buttons (without any function) are sometimes displayed for pending attestation cases.

32445

Use of the | character in the password of the SQL user who was used to install a web application causes and error.

32461

In certain circumstances in the Web Portal, the shopping cart check shows incorrect results.

32483

In the source of an export file created by the Web Portal, you can see a full path.

32523

In the Web Portal, an error message wrongly displays an HTML tag when the shopping cart is being checked.

32529

In the Web Portal, dependent applications are not sorted in the menu.

32639

In certain circumstances in the Web Portal, an attestor does not have sufficient permissions to analyze the removal of permissions.

206529

In the Manager web application, an error occurs selecting an assigned object on a system role’s overview form.

31949

In the Manager web application, the icons in the menus are not shown correctly.

31960

In the Manager web application, an error occurs displaying rule violations.

32304

Table 7: Target system connection

Resolved issue

Issue ID

Synchronization projects cannot be opened after importing because dependencies are missing.

31876

Error synchronizing if the value of a schema property for resolving keys contains more than one $ character. The connector handles this value as a variable.

31964

In the synchronization log, objects that are marked as outstanding, are not logged.

32011

Incorrect result if account definition assignments are deleted for an employee and then added again shortly afterward.

32063

Error provisioning group memberships if there are schema properties that are not mapped in the mapping to be executed.

32077

Provisioning processes are not generated if the mapping in use references a base map and the base map is not used in the provisioning workflow.

32152

Error during synchronization: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.

32177

When you close a synchronization project, the password for logging in to the target system is saved incorrectly if it contains the dollar ($) character.

32226, 32311

Objects with a combined primary key with a value of timestamp, cannot be reloaded.

32266

If single provisioning of memberships is disabled, changes to memberships are not provisioned if a value comparison rule is used.

32280

Special characters are not masked correctly in custom project templates.

32474

Error during synchronization: The connection does not support MultipleActiveResultSets.

32604

Error creating synchronization projects with the Synchronization Editor Command Line Interface if there is a special character in the connection parameter.

32496

On the form for defining search criteria for employee assignment, the allocated base object’s UID is display instead of the user account’s UID. This happens if the display pattern for the user account table is made up of several columns.

32612

If an error occurs loading the object list, the SCIM connector returns an empty list as successfully loaded. The error only occurs in One Identity Manager version 7.1.x and 8.0.x.

32646

In certain circumstances, Active Directory objects are marked as outstanding or deleted during synchronization but the marker is immediately removed again.

31908

On the form for assigning Active Directory groups to an Active Directory user account, groups are shown that are marked as only for use in the IT Shop.

31944

When an Active Directory user account is added, it is possible to enter a different primary group to that of Domain Users.

32061

If only upper and lower case changes in the display name of an Active Directory object, the change is not provisioned.

32091

If a double s changes to sz (ß) changes in the display name of an Active Directory objects, the change is not provisioned.

32112

The LDAP search filter for finding Active Directory objects is set up incorrectly. This means it finds too many objects. Only after the objects from all object classes have been loaded does the filter run again with the correct object classes, effectively recalculating the object list correctly. However because too many objects were loaded in the first place, synchronization takes longer.

32166

If a container is deleted from an Active Directory user account, verification of the object properties fails after provisioning.

A patch with the patch ID VPR#32258 is available for synchronization projects.

32258

The formatting script for ADSDomain.ADSDomainName causes an error.

32275

Some assignment forms for Active Directory objects can be opened with multi-select.

32438

Error provisioning Oracle E-Business Suite objects.

32430

E-Business Suite request groups are not synchronized if the REQUEST_GROUP_ID is identical.

A patch with the patch ID VPR#32667 is available for synchronization projects.

32667

The G Suite connector cannot load more than 1000 G Suite product and SKU assignments.

32128

Error loading the Notes schema when setting up synchronization if there is a Notes group that apparently has corrupt attributes.

32237

Setting up and executing synchronization with IBM Notes fails if Notes Views are saved with a different name in the Domino directory.

32471

The Notes connector returns the wrong value for AdminRequest,Type.

32589

Error changing the certificate of a Notes user account.

32605

Error publishing changes to Exchange Online mailboxes in the Calendar Processing (User/Shared) synchronization step.

A patch with the patch ID VPR#31928 is available for synchronization projects.

31928

Exchange Online objects with a single quote (’) in their name cannot be synchronized.

32514

Single object synchronization of a One Identity Safeguard appliance marks the appliance as outstanding if the cluster that the appliance belongs to was swapped to another node in the preceding synchronization.

A patch with the patch ID VPR#32031 is available for synchronization projects.

32031

If a domain with subdomains is connected to One Identity Safeguard, the PrimaryAuthenticationProviderId is determined incorrectly.

A patch with the patch ID VPR#32423 is available for synchronization projects.

IMPORTANT: Data in the One Identity Manager database goes missing when you apply this patch.

To restore the data, start a full synchronization immediately after the automatic patches have been applied.

32423

Error loading objects that were not logged during synchronization if the Continue on error synchronization workflow is configured.

32099

Display names for HREmployee_Active are only shown in debug mode.

32130

Migration of the One Identity Manager database fails in large customer bases if the HelperSAPUserInSAPRole is updated.

32265

The system connection to SAP R/3 cannot be established if the synchronization user’s password contains dollar ($) characters.

32298

Adding and deleting SAP user accounts does not trigger the recalculation task for the SAPBWUserInSAPBWP table.

32482, 32486

The option to login with user name and password is missing from the configuration for the system connection to SAP R/3 with SNC login.

A patch with the patch ID VPR#32415 is available for synchronization projects.

32415

Parameters used to call a BAPI function to delete an SAP object are incorrectly populated.

32469

SAPTitle.DistinguishedName is not unique.

A patch with the patch ID VPR#32584 is available for synchronization projects.

32584

Provisioning processes for different SAP user accounts are not processed simultaneously by the Job queue. This happens if the same reference user is assigned to the user accounts.

32318, 32638

Error accessing the target system with the SCIM connector for One Identity Starling Connect.

31228

Patches for synchronization projects that use the SCIM connector are provided by the wrong One Identity Manager module.

32032

Error applying the VPR#29844 patch.

32044

If you use the SCIM connector to synchronize a GitHub system, queries from GitHub are rejected because the user agent is not included.

32535

Error testing the connection to the cloud application in the system connection wizards if there is no authentication endpoint given.

32627

Error defining a database view if a system connection is configured through the generic ADO.NET provider.

32251

The native database connector executes the configured processing method of a synchronization step only for the first object of the object class although several objects need to be processed. This happens if a pattern-based strategy is defined for the data operation.

32307

Error updating the schema from a CSV file if the file has not been declared in the system connection wizard.

32391

Error adding memberships in the UNSAccountBInUNSGroupB table in the target system browser although the object are within the scope.

32532

If the revision property does not contain a value (NULL or empty string), the wrong data type is saved in the DPRRevisionStore table.

32222

Problems connecting to Microsoft Exchange Server 2016 if using SSL.

32362

The ThrottlingPolicy property is not loaded for Microsoft Exchange mailboxes.

32533

Table 8: Identity and Access Governance

Resolved issue

Issue ID

The task  QER-K-OrgAutoChild blocks the DBQueue.

31567

In certain circumstances, assignments on assignment forms are not saved.

32030

A potentially damaging SQL statement has been identified on different overview forms.

32170

Performance problems calculating system role assignment to business roles and organizations.

32546

The Identity Lifecycle Customer dynamic role has orphaned foreign keys if the QER | ITShop configuration parameter is not set.

31898

Email notification about pending requests are sent to members of the chief approval team.

31996

If a system entitlement does not have a container, the TO approval procedure cannot determine an approver.

32162

If the number of approvers is given as -1 (all employees found are approvers) in an approval step, the request is also presented for approval to the members of the chief approval team.

32172

Insufficient permissions for end users to delete or end a delegation.

32210

Escalation of an approval step does not take the QER | ITShop | ReuseDecision and the QER | ITShop | AutoDecision configuration parameters into account.

32318

New entries are created in the PWOHelperPWO table for requests with validity periods in the future that already have final approval.

32398

In certain circumstances, an employee can make an approval decision for a request that was questioned.

32465

If an additional approver was assigned to an approval step, the chief approval team’s approval decision has no effect.

32467

The Number of requestable products statistic element shows the number of all the products in the IT Shop instead of just requestable products.

32503

Error removing a service category (AccProductGroup table) from the hierarchy.

32171

The QER_ZITShopOrderAbort procedure user the wrong cancellation method.

32522

If an approver makes approval decisions for several requests because they are delegated, the delegator is only informed the first time.

32526

In certain circumstances, despite the QER | ITShop | DeleteClosed configuration parameter being set, not all columns that are marked to be logged on deletion are logged.

32559

Increased occurrences of deadlock during parallel processing of requests (bulk requests).

32630

If E-Business Suite permissions assignments to user accounts are attested and automatic removal of permissions is configured, denied assignments are not deleted.

30375

The condition for viewing the AttestationCase table of the VI_4_ALLUSER permissions group does not allow closed attestation cases to be displayed if the currently logged in user was involved.

31365

If memberships of Azure Active Directory user accounts in groups (ADDUserInGroup table) are attested and automatic withdrawal of system entitlements on attestation failure is configured, the wrong memberships are deleted if the group is an Office 365 group or an Exchange Online mail-enabled distribution group.

31955

If an approval step, for which a query was made, is escalated, the Hold status of the attestation case is not removed.

31991

If an attestation object is deleted during an attestation run, the entire attestation run is terminated.

32538

Automatic removal of permissions after attestation is not approved, does not taken into account if the assignment is marked for deletion.

32661

During synchronization of SAP authorization assignments to SAP groups, not all the objects are loaded. This means that rule violations are not found when SAP function compliance rules are checked.

32150

Error generating simple reports in CSV format.

32009, 32010, 32547

In certain reports about employees, the time period for assignments is not calculated correctly.

32389

Employees are shown on the Subscribable report overview form that do not subscribe to that report anymore.

32473

Table 9: IT Service Management

Resolved issue

Issue ID

The VI_Asset_ServerHasShares_MasterData form does not have a tab for custom columns.

32060

The Help desk employee option on an employee’s master data form, is not displayed correctly if you swap between employees.

32587

See also:

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents