Powered by Algolia

    New in v2026.4.1

    OpenIAM version 2026.4.1 introduces important enhancements across workflows, access reviews, business rules, synchronization, and platform operations. This release focuses on improved stability, stronger compliance controls, better upgrade reliability, and critical fixes across UI, session management, and connector services.

    New features

    Workflow and automation

    OE-3695 – Post-revocation Groovy workflow hook
    Introduced support for executing a Groovy script after the revoked access workflow is completed. This enhancement enables automated post-processing actions such as creating ServiceNow tickets for privileged access removal during termination or entitlement expiration events.

    Additional capabilities include:

    • Automatic revoke-access ticket creation for terminated users.
    • Support for privileged role end-dating scenarios.
    • Inclusion of original questionnaire data in revocation tickets.
    • Assignment to the appropriate ServiceNow support group.
    • Separate ticket generation for each affected privileged role.

    Access reviews and compliance

    OE-3757 – Reviewer delegation for in-progress UAR campaigns
    Added support for delegating review tasks while a User Access Review (UAR) campaign is already in progress.

    This enhancement allows:

    • Manual reassignment by administrators or campaign owners.
    • Delegation during active certification campaigns.
    • Automatic transfer of pending review items.
    • Removal of pending tasks from the original reviewer.
    • Full auditability of delegation actions.

    OE-3919 – External framework health check protocol review
    Introduced improvements to the health check protocol used by external framework consumers, with a focus on exposing only the minimum required operational data.

    Platform and upgrade improvements

    OE-3806 – Command-line session token management
    Added backend CLI support for viewing and clearing active session tokens for both users and service accounts.

    Supported commands include:

    • Listing active sessions.
    • Viewing token ownership and expiration details.
    • Clearing individual or all active sessions.

    OE-3926 – Improved Windows service upgrade handling
    Enhanced the upgrade process to properly detect and stop running Windows connector services during upgrades, reducing file lock issues and improving upgrade reliability.

    Bug fixes

    UI and user experience

    OE-3663 – Log Viewer theme actions displayed as NOT_SPECIFIED
    Resolved an issue where UI theme-related log events incorrectly displayed the action name as NOT_SPECIFIED.

    OE-3665 – Webconsole user creation validation error
    Fixed an issue where user creation failed when page templates included organization fields or validation rules.

    Validation errors are now properly surfaced instead of causing backend save failures.

    OE-3807 – Organization and agency field template properties not applied
    Resolved an issue where required and non-editable properties were not correctly applied to Organization and Agency fields in page templates.

    OE-3872 – Groovy scripts cleared after save
    Fixed an issue in the Groovy Manager where saved script content appeared blank after refreshing the page.

    OE-3894 – Business rule group search field reset
    Resolved an issue where the search field was reset after selecting multiple groups in business rule actions.

    OE-3947 – Validation errors not shown in self-service profile updates
    Fixed UI behavior where field-level validation errors were not displayed during self-service profile updates.

    OE-3987 – Logout functionality failure
    Resolved an issue preventing users from successfully logging out from Webconsole and Selfservice applications.

    Synchronization and connectors

    OE-3767 – Response consumers not auto-created after upgrade
    Fixed an issue where RabbitMQ response consumers for connectors were not automatically initialized after upgrade, causing response queue backlogs.

    OE-3875 – Synchronization history delay after restart
    Resolved an issue where synchronization connectors entered an unbound state after restart, preventing synchronization history events from appearing until manual connector save.

    OE-3893 – Synchronization history details missing
    Fixed an issue where detailed user-level synchronization results were not visible in Synchronization History despite successful job completion.

    Business rules and metadata

    OE-3895 – Managed system filter missing in role and group selection
    Restored managed system filtering in business rule role and group selection workflows to prevent ambiguity across similarly named objects.

    OE-3902 – Metadata type reference usability improvements
    Resolved issues in Business Rule expressions where metadata types could only be referenced by internal ID instead of user-friendly names.

    Data integrity and lifecycle management

    OE-3900 – Graph rebuild incorrectly updating LAST_UPDATE fields
    Fixed /rebuildGraph behavior so internal metadata refresh operations no longer modify LAST_UPDATE timestamps for users, groups, roles, resources, and organizations.

    OE-3903 – Rehire related account handling fixes
    Resolved multiple issues affecting rehire workflows, including:

    • Incorrect activation of terminated historical accounts.
    • Failure to support multiple related accounts.
    • Exceptions during related account assignment.

    Historical accounts now retain their original status and multiple related accounts are properly supported.

    Security and vulnerabilities

    OE-3860 – Platform vulnerability remediation
    Addressed multiple reported vulnerabilities, including:

    • Spring Framework denial-of-service exposure.
    • JMX authentication configuration gaps.
    • outdated Node.js runtime detection.
    • legacy Log4j vulnerability exposure.

    OE-3951 – PCI security vulnerability fixes
    Resolved several PCI-related findings, including:

    • Session token exposure in URLs.
    • insecure browser storage of session data.
    • unauthenticated access paths.
    • username enumeration risks.

    Access reviews and SoD

    OE-3937 – SoD violation page rendering issues
    Fixed issues on the Segregation of Duties (SoD) Violation page where policy segments, affected roles, entitlements, and impacted users were not displayed correctly.

    OE-3965 – UAR performance degradation with large datasets
    Improved pagination and navigation performance in campaign review screens when working with large user and entitlement datasets.

    OE-3967 – Eligible users missing from UAR campaigns
    Resolved campaign filtering issues that caused certain eligible users to be excluded from User Access Review campaigns.

    OE-3977 – Missing entitlements in manager review
    Fixed an issue where not all assigned entitlements were displayed during manager certification review.

    Minor upgrades

    • Improved workflow automation and ServiceNow integration readiness.
    • Enhanced UAR delegation and certification performance.
    • Better connector recovery after restart and upgrade.
    • Improved CLI operational tooling for session management.
    • Security hardening and vulnerability remediation updates.
    • UI validation, logout, and business rule usability refinements.
    Previous
    New in 2026.3.3
    Next
    New in v2026.4.2