Identity Manager 9.1.1 - Release Notes

If data imported via a CSV connector uses an application server connection, the default values of properties cannot be removed.

In the Schema Extension, a summary of the changes is no longer shown.

Using the emergency stop to halt the DBQueue Processor can result in a time delay if a lot of DBQueue Processor processes are being handled quickly.

WebView2 is not installed on administrative workstation if only Workstation | Configuration or Workstation | Development & Testing machine roles are selected.

The Form Editor generates an empty form definition when a new interface form is inserted in the form overview's root level.

Permissions required on new tables are not granted for end users if the Database Transporter imports the schema extensions.

The QBM_PTriggerDrop procedure logs entries in the system journal even though no triggers were deleted.

An error occurs in the Manager using the context menu to run a task is run on an object.

An error occurs updating statistics during maintenance tasks. Therefore, the statistics are not up-to-date.

Error message: User does not have permission to perform this action.

The Manager does not reliably save the column selection in a filter.

An error occurs when the Software Loader imports a new file.

Error message: Number of primary key columns does not match.

An error occurs using OAuth2.0/OpenID Connect to log in to the application server or the Job server, to display the status, for example.

The Job Queue Info does not display the change information for the CausingEntityPatch parameter correctly.

Hierarchically structured changes labels are not displayed correctly in the Database Transporter when transporting by change label.

If the functionality for read access distribution in a cluster is used, a message appears stating that the Database Agent Service is not running although it was started.

Some SQL statements that only query data still require a database connection with write access. Under certain conditions, errors can occur when read access distribution is used in the cluster.

The QBMColumnLimitedValue.KeyValue column is too short.

The Process Editor cannot restore the default layout.

Schema extensions do not populate existing data records with default values. This causes errors.

Rule violations are not identified in the simulation.

After ending a simulation, the data is not fully displayed in the report.

Special change labels are not displayed when changes are committed in the Designer.

An error occurs on saving in the Designer if a change label was selected that already contains references to objects.

Running the ExecuteTemplates method on a multi-select object does not return a result.

Entries in a list of permitted values may not be translated correctly.

Error running the Check uniqueness of alternate keys consistency check.

The ProcID parameter is not taken into account in triggered processes with the FireGenEvent process task of the HandleObjectComponent process component.

The Database Transporter does not display each transport of a cumulative transport correctly.

Multiple start times for a schedule are not taken into account correctly when calculating the run times and while running.

The Schema Extension creates indexes for object keys (XObjectKey) whose names are more than 30 characters long and therefore do not comply with the naming convention.

Machine roles are not correctly applied in the Docker container for the API Server.

If the server function for a process step changes, the system does not notice that the process needs to be recompiled.

If a schedule is supposed to run on a certain day of the week, an error occurs when calculating the next run.

An error occurs loading collections with an empty where clause.

An error occurs when an export definition that is saved in the user settings is deleted in the Manager.

Filter queries for menu items that contain objects with certain starting characters are run too often.

The Job Queue Info throws an error when the number of retries is set.

Under certain conditions, such as when the network is interrupted, the Database Agent Service plugin stops and does not start again.

Under certain conditions, the Database Transporter compiles web projects too often when it imports a cumulative update.

Columns that do not exist in certain tables are queried in the transport condition.

The Configuration Wizard does not process calculation tasks for the DBQueue Processor when a database is restored.

Auxiliary tables are not included in consistency checks.

The One Identity Manager Service status page is not always shown.

Error running the QBM_PJobCreate_HOInsert procedure if a WhereClause property changes.

Process steps in the Job queue sporadically have an inconsistent state and cannot be processed.

Custom triggers might be deleted when the One Identity Manager database is updated from version 8.1.x to version 9.1.

The import of custom schema extensions checks references to columns before the columns themselves are imported.

If a column was marked for recording historical data in the source database but is removed again before it is transferred to the History Database, the History Database transfer fails.

In certain cases, an error occurs sending subscribed reports.

HTTP-HEAD requests to the One Identity Manager Service website cause the following error: "Bytes to be written to the stream exceed the Content-Length bytes size specified.".

Processes on the DialogDatabase table can no longer be started manually. This also affects the ATT_DialogDatabase_Trigger_AttestationCase_VerificationMail process.

In the database query with the Historical assignments query module, the user shown as the CreateUser is not the one that created the assignment.

Permissions filters are modified by code processing.

Error creating a generating condition or a script for a process using dollar ($) notation if a foreign key column is selected by double-clicking the right mouse button.

The Database Transporter does not show data that causes a conflict correctly in the Merge conflict dialog box.

Error saving requests if processes are already in the Job queue that can trigger events to send mail for other requests.

Error message: String or binary data would be truncated in table 'OneIM.sys.TT_QBM_YParameterList_6A941822', column 'Parameter1'.

Under certain conditions, exporting to the History Database fails.

It is only possible to install a module with the Configuration Wizard later if another module is selected for update at the same time.

If parallelization of process handling is intensive, the Job queue can enter an inconsistent state when processes are restarted.

Processes that are not run because the IsExclusivePerObject process task is enabled, can stop other processes from running.

Replacing variables from the navigation in element descriptions on overview forms does not work.

You cannot upload a profile image in the Web Portal.

In the Web Designer Web Portal, it is not possible to request a multi-requestable/unsubscribable resource for an identity more than once.

The wrong information is shown when logging in to the Web Designer Web Portal.

Under certain conditions, the scrollbars are missing in the Password Reset Portal.

Under certain conditions, the Web Designer Web Portal always prompts that too many search results were found.

Under certain conditions, the Web Portal search function does not return the expected result.

In the Web Portal, the shopping cart implies you can send a subset of the requested items.

The modified Display pattern property does not affect the request or request parameters in the Web Portal.

If you enter a date for a product property in the Web Portal's shopping cart, under certain conditions the value is deleted when the shopping cart is submitted.

The Web Designer Web Portal does not display all the tiles correctly.

The Web Portal search does not return the correct results if an asterisk (*) is included as a placeholder.

In the Web Designer Web Portal, you must enter a product's request parameters for each request recipient although the product is configured such that the request parameters only have to be entered once.

Under certain conditions in the Web Designer Web Portal, you cannot export the request history data.

Too many database connections are established in the Web Designer Web Portal for unauthorized queries.

The Web Portal does not display new requests immediately in the respective tile.

The Web Designer Web Portal does not check renewal requests and cancellations correctly in the shopping cart.

Under certain conditions, dependencies of multiple request parameters to one another are not taken into account in the Web Portal.

Code highlighting and auto completion of variables does not work in the Web Designer.

An error can occur when the Manager web application is automatically updated.

Under certain conditions, the Web Designer Web Portal does not show a change icon when values are added or changed.

Under certain conditions, selecting requests and displaying the request history in the Web Portal, can lead to long response times for administrators of organizations and business roles.

In the Web Portal, it is only possible to manage directly subordinate identities.

Under certain conditions, the Web Portal's request history shows request properties with the incorrect values.

Under certain conditions in the Web Portal, it is not possible to create service items for system entitlements.

In a customized Web Portal, you cannot add a product renewal as a request to the shopping cart.

In the Web Portal, the request workflow displays withdrawal of an additional approver incorrectly.

In the Web Portal, the shopping cart uses the wrong product names.

In the Web Portal, the Request details pane does not appear anymore once products are added to the shopping cart that require more information.

The Web Portal displays some untranslatable text when the terms of use are being accepted.

The Web Portal displays the wrong message when selecting requestable products if a product was already assigned.

The Web Portal does not display memberships that were added or deleted in system roles in an identity's history.

If you make a new request in the Web Portal using a peer group, the products selected by organizational structure are each put in their own shopping cart.

Under certain conditions, installing the Web Portal fails.

In the Operations Support Web Portal a column title is not translated correctly in the process overview.

Under certain conditions, instead of the display name the Web Portal displays only the ID of the selected object when conditions for automatic membership are created.

The Web Portal does not always show the correct results when grouping and filtering in tables at the same time.

Under certain conditions, the Web Portal shows the splash screen all the time.

Under certain conditions, the Password Reset Portal shows the splash screen all the time.

In the Web Portal, when you reset objects to their previous state you can switch to the second step in the wizard without entering data. This causes an error.

The Operations Support Web Portal leaves the queue list empty, and no data appears.

In the Web Portal, it is not possible to search by compliance rules and to filter the respective search results.

In the Web Portal, no recipient must be selected if requesting for others.

In the Web Portal, no system role memberships are displayed.

The Web Portal uses the wrong identifiers in the details of an attestation case.

Under certain conditions, after clicking Assign/Change in the Web Portal, no objects can be selected for property fields.

It is not possible to create new user accounts in the Password Reset Portal.

The Web Portal shopping cart does not correctly display whether an identity is not entitled to request a product. The request can still be sent, but it has no effect.

The Web Portal marks all pending requests as compliance violations the moment just one of the displayed pending requests causes a compliance violation.

The Web Portal cannot display a compliance violation in the shopping cart and the respective shopping cart cannot be submitted.

A report is not subscribable in the Web Portal if it is not configured for PDF format.

It is not possible to edit identity main data in the Web Portal, even if you have all the necessary permissions.

In the Web Portal, it is not possible to publish application entitlements.

In the Web Portal, the Requests submitted by other users filter option in the request history does not work.

If you change the title of a web application is causes follow-up problems.

In the Web Portal, copying attestation policies causes an error.

Under certain conditions, errors occur when displaying potential rule violations in the shopping cart.

In the Web Portal, requesting a product causes an error if the product cannot be requested for at least one request recipient.

In the Web Portal, it is possible to add products in the shopping cart although the recipient does not have request authorization.

In the Web Portal, approval decisions about policy violations can only be made once.

The Web Designer Web Portal does not display all the tiles on the request page correctly.

The Web Portal does not translate the descriptions of the corresponding company policies correctly when it displays policy violations.

Under certain conditions, the View Settings menu in the Web Designer Web Portal is shown twice.

If you try to log in to the Web Portal with the wrong credentials, an empty page is displayed instead of an error message.

In the Administration Portal, the links to some of the web applications are incorrect.

Under certain conditions, the Operations Support Web Portal does not display provisioning processes.

Under certain conditions, it is not possible to add products to request templates in the Web Portal.

Under certain conditions the Web Portal does not load data correctly when requests for products with additional information are made.

Under certain conditions, an error occurs editing the date fields.

In the Web Portal, you cannot display the details of request templates.

The Web Designer Web Portal header is displayed incorrectly.

The Operations Support Web Portal does not translate all the user interface captions of the Pending provisioning processes function correctly.

In the Web Portal, it is not possible to assign new attestation policies to policy collections.

Renewed login to a web application again does not change the imx_sessiongroup cookie.

In the Administration Portal, it is not possible to disable the Service items without image inherit the image of the assigned service category configuration key.

Grouping attestation cases in an attestation run's details in the Web Portal causes an error.

Under certain conditions, password questions cannot be edited in the Web Portal.

Under certain conditions, the numerical values of the following configuration parameters are not read in correctly.

• QER\ITShop\Recommendation\ApprovalRateThreshold

• QER\ITShop\Recommendation\PeerGroupThreshold

• QER\ITShop\Recommendation\RiskIndexThreshold

• QER\ITShop\PeerGroupAnalysis\ApprovalThreshold

The API Server sometimes uses invalid connections to the application server.

It is not possible to log in to the Administration Portal using OAUTH authentication.

In the Web Portal, attestation cases offered to identities for approval although their approval is not required anymore.

The Web Portal displays a number instead of a string for the Gender property in the details of an attestation run.

The SCIM connector sets boolean and numerical properties to null if they do not contain a value. Error message: Cannot convert null to 'bool' because it is a non-nullable value type.

On Windows Server 2012, the Exchange Online connection fails to connect to the target system.

On the Define search criteria for employee assignment form in the Manager, the Google Workspace user accounts are not shown when a new search criterion is defined.

Error editing the endpoint configuration of a system connection to a cloud application.

The display values of multi-value properties are not shown properly in the target system browser.

Azure Active Directory synchronization generates too many processes.

An error occurs when an Azure Active Directory group is created without an alias.

Error connecting to a database via the generic database connector if the password for the database login contains double quotes.

Error copying synchronization projects.

Error creating a synchronization project for synchronizing Oracle E-Business Suite. Error message: An item with the same key has already been added.

Microsoft Exchange remote mailboxes are not included when determining the origin of entitlements.

The Active Directory connector writes structural objects classes for domains (ADSDomain.StructuralObjectClass) at every synchronization.

A patch with the patch ID VPR#35808 is available for synchronization projects.

User accounts (UNSAccount) without containers (UNSContainer) are ignored even if there are not any containers in the target system.

If Active Directory is synchronized using a special variable set, an error occurs when Active Directory SIDs are updated by the MaintainOtherSid process task.

Under certain conditions, an error occurs simulating synchronization:

• Simulation is run over a remote connection.

• Simulation is started several times for the same start up configuration.

Error saving a synchronization project if the connection goes through the application server and the target system connection has high network latency.

Error message: Application server returned an error.

If an object filter was defined for a root entry in the scope definition, there might not be an object in the scope.

Synchronization with OneLogin fails if there are self-registered users.

Error: Null object cannot be converted to a value type.

The target system alignment uses an incorrect formatter option.

If there are several redundant entries in SAP R/3 for an authorization object, only one authorization definition is read into the One Identity Manager database when SAP authorization objects are synchronized. All other instances are ignored. In particular, the instance with the highest value is missing.

A patch with the patch ID VPR#35944 is available for synchronization projects.

Error loading SharePoint Online objects if an object filter is defined.

Access to the RemoteConnectPlugin does not work across machines.

The HTTP server registration has been adjusted and can be set up using the HttpAuthentication and HttpBindAddress parameters in the plugin's configuration.

An error occurs loading the list of all Active Directory user accounts with the Active Directory connector if one of the user accounts contains a mistake.

Synchronization with OneLogin might possibly report ambiguous keys in the reference resolution to the OLGUserHasOLGCustomAttribute table.

References that cannot be allocated because the OneLogin objects no longer exist, are saved in the synchronization buffer.

A patch with the patch ID VPR#35969 is available for synchronization projects.

You cannot select an account definition on the OneLogin user account's master data form.

Processing conflicts between synchronization and other system processes (for example, provisioning) are not always reliably detected.

In the StdioProcessor configuration file, the rate of updating the processing information can now be configured. By default, the data remains in the cache for 60 seconds. Only change this value if there is an issue.

If you are affected by the issue, add the following entries to the StdioProcessor.exe.config file:

The OLG_4_NAMESPACEADMIN_ONELOGIN permissions group has too many edit permissions on OneLogin applications (OLGApplication table) and OneLogin roles (OLGRole table).

An error occurs if a synchronization project is created for Azure Active Directory and provisioning of subscription assignments (AADUserHasSubSku table) is disabled.

The schema provided by the Domino connector might be incomplete or individual properties might not have the correct data type.

There is no recalculation of the effective assignments of target system-specific system entitlements if the inheritance settings defined in the manage level are overwritten. The following assignments are affected:

• Subscription assignments to Azure Active Directory user accounts (AADUserHasSubSku table)

• Entitlement assignments to Oracle E-Business Suite user accounts (EBSUserInResp table)

• Role assignments to SAP R/3 user accounts (SAPUserInSAPRole table)

• Structural profile assignments to SAP R/3 user account (SAPUserInSAPHRP table)

There is no recalculation of the effective assignments of system entitlements for cloud target systems if the inheritance settings defined in the manage level are changed.

The O3SWeb.Description column is too short.

Provisioning processes in a target system go into a Frozen state if a password containing special characters is transferred with encryption.

There is no recalculation of the effective assignments of system entitlements for custom target systems if the inheritance settings defined in the manage level are changed.

An error occurs in the One Identity Safeguard connector if tags are used in object filters.

Error changing an employee's default email address if they have an Azure Active Directory user account with an Exchange Online mailbox.

When a synchronization project is created over a remote connection, an error can occur during deserialization.

A synchronization simulation quits unexpectedly if a remote connection is used.

PATCH operations generated for schema extension properties cause an error in the SCIM connector.

A patch with the patch ID VPR#36108 is available for synchronization projects.

In the Synchronization Editor, the timeout for a remote connection is too short. For example, this can cause errors when creating a synchronization project over a remote connection.

The timeout has been increased to 3 minutes to solve the issue. If this timeout is not sufficient, you can adjust the following value in the SynchronizationEditor.exe.config file.

When a synchronization project is created over a remote connection, an error can occur if the volume of data is too big.

If the One Identity Manager database is encrypted, the system mistakenly encrypts the ExpirePassword connection parameter in synchronization projects with the LDAP connector for IBM RACF.

A scope filter configured hierarchically in a connected LDAP target system with a Microsoft implementation (Active Directory Lightweight Directory Service (AD LDS) or Active Directory) has no effect.

Ineffective memberships in cloud groups or system entitlements are provisioned.

A patch with the patch ID VPR#36150 is available for synchronization projects.

The Manager does not display the menu item for user accounts and groups of cloud target systems correctly.

In the UNSAccount proxy table, the AccountName column for the EX0MailBox, EX0MailContact, and EX0MailUser tables is empty.

An error occurs when the Synchronization Editor performs a consistency check on schedules with multiple start times.

Errors can occur when writing the synchronization log.

Connecting to an Azure Active Directory tenant with schema extensions for types that are not currently supported by the Azure Active Directory connector ("device" for example) causes an error.

Error message: Object reference not set to an instance of an object.

Dynamic memberships of Azure Active Directory user accounts in Office 365 groups that are marked as outstanding cannot be deleted by target system synchronization.

A conversion error occurs for Oracle.ManagedDataAccess.Types.OracleDecimal' when objects in a table are added in a sequence.

If a scope file was defined, an error occurs adding new objects with the SCIM connector because of an incorrect query.

Single roles contained in collective roles cause errors with double entries in the One Identity Manager database when synchronizing SAP role assignments to user accounts in a CUA.

In the Synchronization Editor, the start up configuration list that can be assigned to a start up sequence is empty.

It is not possible to select an account definition for the Active Directory domain on the Microsoft Exchange mailbox or the Exchange hybrid remote mailbox forms.

It is not possible to delete a SharePoint Online site collection with an assigned administrator (O3SSite.UID_O3SUserPrimaryAdmin).

No OneLogin user accounts can be assigned to employees.

Certain SAP communication data such as preferred telephone numbers or preferred email addresses that are marked as outstanding, cannot be deleted during target system synchronization.

Error displaying schema types in the target system browser of a SAP HCM system's synchronization project if a hierarchy is defined that contains a circular reference.

No passwords are transferred to the LDAP target system if the LDAP connector V2 is being used.

A patch with the patch ID VPR#36271 is available for synchronization projects.

It is possible that new objects do not display meaningful values if they were incompletely mapped.

An error occurs updating LDAP synchronization projects.

Error message: Error running the Apply' script of patch (VPR#33513 - Support multiple domains with the same DN)!

The ADS_PersonHasTSBAccountDef_Autocreate_ADSAccount/Contact process goes into a Frozen state in the Wait until dependent objects recalled process step.

If errors occur loading target system objects, synchronization quits even though the workflow has the Continue on error option enabled.

Using the O3S_CreateO3SSite script to add SharePoint Online site collections does not work if modern authentication with a certificate is used.

The DBQueue Processor removes Active Directory user accounts from Active Directory groups that have the Read-only memberships property (ADSGroup.HasReadOnlyMemberships).

The target system browser for Exchange Online objects sometimes displays GUIDs instead of readable values.

The Azure Active Directory connector sends unnecessary (empty) patches after a group is updated where only members or owners have changed.

The filters generated in the SCIM connector for resolving references are not formatted correctly.

LDAP user accounts and groups cannot be deleted if they are connected to a SharePoint user account.

Active Directory user accounts and groups cannot be deleted if they are connected to a SharePoint user account.

Unnecessary updates are triggered by the LDAP connector if there are empty values.

Filters in the SCIM connector may not contain sufficient data to query objects in the target system.

Virtual properties for resolving references attempt to use the synchronization buffer in target systems.

Error provisioning object changes if the DPRProjectionObjectState table contains object references with the System.Byte[] object type. Error message: The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters.

It is not possible to enter multiple lines of encrypted data in the Synchronization Editor.

The User account is disabled property for user accounts (LDAPAccount.AccountDisabled) is not taken into account in the LDAP connector V2.

A patch with the patch ID VPR#36450 is available for synchronization projects.

Process steps for setting permissions and publishing are not carried out if the home directory of Active Directory user accounts with unknown home directory paths is moved.

Provisioning assignments of SAP BI user account to BI analysis authorizations takes a very long time and sends a lot of RFC queries to the SAP application server.

An error occurs creating the Send as and Full access mailbox permissions for Microsoft Exchange remote mailboxes.

An error occurs when multiple custom target system user accounts or groups are selected in the Manager.

Authentication via WindowsHttpAuthentication does not work in the One Identity Manager Service.

Under certain conditions, processes that should be exported together to a History Database are not grouped into a process group.

Error during delta synchronization of Azure Active Directory group memberships.

The target system's own cross-site scripting tokens are not sent to the SCIM provider in the header of a write operation.

If the InternetAddress schema property is empty, a warning is written in the system journal when HCL Domino is synchronized (not initial synchronization).

A patch with the patch ID VPR#35816 is available for synchronization projects.

The value in the AADUser.ThumbnailPhoto column is not provisioned in the target system.

Changes to the Microsoft Exchange mailbox databases in One Identity Manager are overwritten by old values.

A patch with the patch ID VPR#36151 is available for synchronization projects.

Error synchronizing a cloud application with the SCIM connector when filters are defined in the synchronization project.

Error loading objects if a schema extension for an SAP R/3 synchronization project has a key property defined that is longer that 70 characters.

Error provisioning assignments of SAP BI analysis authorizations to BI user accounts if assignment is across clients.

Sometime the calculation of assignment from cloud user accounts to cloud groups fails.

Error generating the synchronization log if a new value contains a very long string.

Error loading objects lists via remote connections.

Error provisioning a new Microsoft Teams team.

Under certain conditions, entries in the PWOHelperPWO table are not recalculated.

Duplicate entries in the AttestationHelper table. Sporadically, entries are created twice in the auxiliary table for attestation cases (AttestationHelper). This means the number of email notifications is doubled. If the approval workflow contains an approval step for external approval, the process for external approval is generated twice.

Permissions missing from the vi_4_ITSHOPADMIN_OWNER permissions group for the columns ADSGroup.HasReadOnlyMemberships and AADGroup.HasReadOnlyMemberships.

Application entitlements that are created automatically might not have a display name.

The CreateITShopOrder method for creating assignment requests for memberships in Exchange Online mail-enabled distribution groups is missing.

The TSBVPersonAndGroups view can contain duplicates. For example, this can cause errors generating reports about the origin of entitlements.

If the display pattern for the Person table is customized such that the InternalName column is not used anymore, errors occur when generating email notifications for the next approver.

Office 365 groups are not taken included when determining the origin of entitlements.

The Analyzer cannot run an analysis after the database connection has changed.

If the QER | ITShop | ExceededValidUntilUnsubscribe configuration parameter is set, unsubscribing processes quit unexpectedly with an error.

Under certain conditions, those responsible for organizations are not deleted.

• An application role is assigned to a department as an additional manager.

• An employee becomes a member of this application role by assignment request.

• The assignment is canceled.

However, the employee remains manager of the department (entries in the HelperHeadOrg table with XOrigin = 8 are not deleted).

End users are missing edit permissions for the AttestationHistory table.

If an approval decision is made when a request is created, no email notification is sent to the requester.

Error attesting objects with properties that are disabled by a pre-processor conditions.

Too many recalculation tasks are generated by removing the mutually exclusive entry from Active Directory groups.

The Analyzer does not run without an error.

Attestation procedures are loaded too often if users have limited permissions.

An error occurs if multiple attestation runs are created simultaneously for an attestation policy. Only one attestation run is created. The processes to generate further attestation runs fail.

Error attesting if the attestation was delegated and the length of the text in the reason for the approval decision is longer than 400 characters.

If identifiers were issued manually in the working copy of a rule, incorrect identifiers are formed for compliance rules and subrules (UID_ComplianceRule and UID_ComplianceSubRule) when compliance rules are enabled.

DBQueue Processor requests CPL-K-ComplianceSubRuleFillPersonS block each other, are reset repeatedly, and are not processed.

An error occurs running the System entitlement ownership attestation default attestation policy.

Given values are not in permitted in the approval sequence for the affected approval's type (PWODecisionHistory.DecisionType).

If there is no employee assigned to the product owner application roles, they will be deleted even if they are assigned to a service item or service category.

If a shopping cart with request parameters is sent off and the request is automatically approved because the QER | ITShop | DecisionOnInsert configuration parameter is set, the request parameters are missing from the request procedure.

If request parameters are given for a request, the UIDs are displayed in the request history instead of the parameters' display names.

When requests are canceled because the requested product has been removed from the IT Shop, the request recipients are not notified, although a mail template, Cancel, is stored with the approval policy.

Sporadically, there are double entries in the auxiliary table for request procedures (PWOHelperPWO).

Error assigning service items to Azure Active Directory groups marked with the Read-only memberships property(ADSGroup.HasReadOnlyMemberships).

Approval procedures stop responding when the number of approvers is set to -1.

In the Manager, multiple pending requests cannot be canceled at the same time.

Error calculating memberships in dynamic roles: The current transaction cannot be committed and cannot support operations that write to the log file.

If the product owner of a service item in an Azure Active Directory group changes, the members of the originally assigned application role remain as group owners. If the product owner of a service item in an Exchange Online e-mail enabled distribution group changes, the members of the originally assigned application role remain administrators of the distribution group.

Events on the Person base object are not generated properly if management of an employee's role memberships (like the primary department) is automated via IT Shop requests.