Powered by Algolia

    New in v2026.5.1

    OpenIAM version 2026.5.1 introduces improvements focused on User Access Reviews (UAR), SelfService usability, authentication reliability, reporting transparency, and administrative configuration.

    This release adds configurable labels for SSO applications, richer entitlement context in certification reviews and reports, better visibility into delegated review activity, and multiple reliability improvements across notifications, workflow processing, token management, integrations, and PostgreSQL deployments.

    New features

    Authentication and SelfService

    OE-3363 – Configurable labels for SSO applications

    Application tiles used the internal provider name as the visible label. This ensured alignment with system configuration, but limited flexibility when presenting business-friendly names in the user portal. Administrators can now define a friendly display name for SSO applications shown to end users in SelfService.

    • A separate display name for user-facing application tiles can be set.
    • Internal configuration names remain unchanged for system use.
    • Users see clearer, more meaningful application names in SelfService.
    • If no display name is configured, the system continues using the existing behavior.

    This improves usability in the application portal by making SSO applications easier to recognize and navigate.

    Access reviews and certification

    OE-4073 – Entitlement descriptions added to UAR User View

    Reviewers primarily saw entitlement names during certification. Additional contextual information existed elsewhere in the system, which meant reviewers sometimes needed to navigate away from the review screen to understand the purpose of an entitlement before making a decision. With the feature introduction, entitlement descriptions are visible directly in User Access Review screens.

    • Reviewers can see what each entitlement represents directly within the review flow.
    • Less context-switching is needed during certification campaigns.
    • Review decisions can be made with more complete information available at a glance.

    This improves clarity and helps reviewers make more informed access decisions.

    OE-4083 – Additional entitlement details added to UAR reports

    Exported reports focused on structured entitlement data such as identifiers and assignments, while descriptive context was available within the application UI when deeper understanding was needed. UAR reports now include entitlement descriptions to provide better context in exported review data.

    • Reports include descriptive context for each entitlement.
    • Auditors can interpret access decisions directly from exported files.
    • Exported data aligns more closely with what is shown in the UI.
    • Reports are more self-contained for offline analysis.

    This improves audit readiness and reporting clarity.

    OE-4120 – Delegated reviewer details added to certification reports

    There was an issue of reports reflecting the originally assigned reviewer, which provided a consistent view of ownership. In delegated scenarios, the actual execution details were available in the system but not always visible in exported reporting. Certification reports now clearly show who actually performed a review when tasks are delegated.

    • Reports show the actual person who completed delegated reviews.
    • Delegation activity is fully traceable in audit outputs.
    • Certification reports reflect both assignment and execution context.

    This improves accountability and audit accuracy in delegated review scenarios.

    Bug fixes

    Search and UI

    OE-3507 – Fixed search behavior for special characters

    Special-character handling required stricter processing during search operations to ensure safe and predictable filtering across datasets, which could affect certain search results. Search functionality now handles values containing special characters more consistently across administrative screens.

    • Searches containing special characters now return expected results.
    • Administrators can locate objects without needing to adjust search input formatting.
    • Search behavior is more consistent across different object types.

    OE-3688 – Improved readability of script error details

    Error details were rendered in an editable-style field, which made it possible to accidentally modify the displayed content while reviewing diagnostic information. Script validation error details are now displayed in a fully read-only format.

    • Error details remain fixed and cannot be modified during review.
    • Troubleshooting information is easier to copy and interpret.
    • Error dialogs provide a more consistent review experience.

    OE-3874 – Improved consistency of managed system name updates

    Updated names were applied in configuration, but some screens required additional refresh cycles or dependent updates before the change was fully reflected. Managed system name changes are now reflected more consistently across administrative screens.

    • Updated names appear consistently across the UI.
    • Role and search views reflect changes without additional actions.
    • Configuration updates are more immediately visible to users.

    OE-3948 – SelfService menu visibility now fully respects configuration

    Key navigation tabs were designed to remain visible to ensure consistent access to SelfService functionality, regardless of menu configuration changes. SelfService menu visibility settings are now applied on the My Info page.

    • Menu visibility settings now fully control tab display.
    • Administrators can tailor user navigation more precisely.
    • SelfService layout aligns with configured access policies.

    More on the feature and configuration details can be found in this document.

    Connectors and integrations

    OE-4018 – Improved reliability of Google Directory connector startup

    Connector initialization required coordination during startup sequences in certain environments, which could delay readiness for synchronization activities. Connector startup behavior has been improved to ensure more consistent initialization during service restarts.

    • Connector startup is more stable across environments.
    • Synchronization begins more reliably after restart.
    • Integration behavior is more predictable.

    OE-4080 – Improved Redis connectivity in secure AWS environments

    Secure Redis environments required stricter connection handling to meet AWS ElastiCache security requirements. Its connectivity has been enhanced for secure AWS deployments using encrypted communication.

    • Redis works reliably in SSL-enabled AWS environments.
    • Secure deployments are fully supported.
    • Service-to-cache communication is more stable.

    User Access Reviews and workflow processing

    OE-4057 – Improved reliability of entitlement selection components

    Entitlement selection components required consistent response formatting to ensure reliable rendering across all supported screens. Pages using entitlement selection controls now load more reliably.

    • Entitlement selectors load correctly across all supported screens.
    • Role, group, and resource pickers behave consistently.
    • User workflows involving entitlement selection are more stable.

    OE-4065 – Improved UAR dashboard compatibility with PostgreSQL

    Database-specific differences in query behavior required alignment to ensure consistent execution across supported database platforms. User Access Review dashboards now work consistently across PostgreSQL environments.

    • UAR dashboards load correctly in PostgreSQL environments.
    • Certification screens behave consistently across database types.
    • Campaign visibility is stable after upgrades.

    OE-4076 – Improved flexibility for custom approval routing

    Approval routing followed a fixed system-defined model designed for consistent behavior across all workflows. SelfService access request approvals now support configurable routing logic through scripting.

    • Approval assignment logic can be customized per organization.
    • Administrators can adapt workflows without code changes.
    • Complex approval scenarios are supported more flexibly.

    OE-4097 – Improved accuracy of UAR escalation notifications

    Escalation scenarios required consolidation of multiple review actors and entitlement states, which could result in incomplete notification details. UAR notification behavior has been enhanced to provide more complete and consistent review information.

    • Notifications reflect all participants in the review lifecycle.
    • Delegated and escalated actions are clearly represented.
    • Entitlement information is consistently presented in emails.

    OE-4099 – Improved readability of temporary passwords in emails

    Email formatting could vary depending on rendering behavior across clients, which could impact readability of login credentials.Temporary passwords in credential emails are now formatted for easier reading.

    • Passwords are consistently easy to read.
    • First-time login experience is smoother.
    • Credential emails are more user-friendly.

    OE-4103 – Improved clarity of access request descriptions

    Request descriptions reflected the request initiation context, which could show the requestor instead of the intended access recipient in some scenarios. Access request descriptions now consistently display the user who will receive access.

    • Request descriptions clearly show the intended access recipient.
    • Reviewers have better clarity during approval.
    • Request context is easier to interpret.

    OE-4105 – Improved reliability of workflow reminder processing

    Reminder processing required alignment across different database behaviors to ensure consistent grouping and execution results. Workflow reminder processing has been improved for better consistency across database environments.

    • Reminder notifications are sent reliably on both MSSQL and PostgreSQL.
    • Manual execution behaves consistently.
    • Workflow reminders are more stable overall.

    OE-4121 – Improved accuracy of UAR campaign completion status

    Campaign completion tracking required evaluation of all review states before finalizing status updates. UAR campaigns now transition to completed status more consistently after all reviews are finished.

    • Campaigns correctly reflect completion state.
    • Status tracking is more accurate.
    • Administrative visibility into campaign progress is improved.

    Authentication and security

    OE-4110 – Improved reliability of OAuth token revocation

    Token validation relied on session-specific references that could change during token refresh operations. OAuth token revocation has been improved to ensure consistent behavior even after token updates.

    • The frontend sends the token ID (not the value) in the revoke request.
    • The backend looks up the user's current tokens by user ID, finds the ones matching the given IDs, and revokes those.
    • If no matching tokens are found, it returns a safe 200 OK with no error.
    • Tests updated to cover the new flow, including a no-match case and an empty list case.

    Token revocation now reliably revokes the right tokens regardless of refresh history.

    Previous
    New in v2026.4.2
    Next
    New in v4.2.1.5