New in v2026.6.2

OpenIAM version 2026.6.2 delivers a substantial expansion of the Access Certification platform and continued progress on the SelfService v2 portal redesign.

This release introduces campaign preview — a dry-run mode that lets administrators validate scope, reviewers, and configuration before committing to a live campaign — alongside a full campaign launch history, extended user search for defining campaign populations, and bulk approval mode for reviewers. The SelfService v2 redesign gains eight additional screens, bringing the portal closer to feature parity with the legacy interface. In addition, several stability and UI fixes are included across provisioning, reporting, and the Webconsole.

New features

Access certification

OE-4131 – Campaign preview
A new Preview mode lets administrators run the full scope and reviewer calculation for a certification campaign against real identity data — without creating a campaign, review items, or workflow tasks. The preview runs asynchronously with a live progress indicator and surfaces every user and entitlement that would be included or excluded, together with the precise reason for each exclusion and the reviewers resolved for each item.

Key capabilities:

  • Fix-and-re-run loop: inspect exclusions, correct the underlying configuration or data, and re-run the preview until the campaign looks right.
  • Promote-from-snapshot launch: once satisfied, launch the campaign directly from the preview snapshot — no recomputation, so what you previewed is exactly what launches.
  • Scheduled certifications now produce a preview for administrator review instead of launching a campaign directly.
  • Each preview carries a configurable validity window; stale previews cannot be launched.
  • Certifications whose scope is defined through Extended User Search (OE-4257) can also be previewed — the Preview tab is shown for all user certification types, not only target-list scopes.

See Campaign preview for full usage details.

OE-4257 – Extended User Search for Access Certification
A new advanced user-search tool lets administrators build complex, reusable user queries for defining certification campaign populations without writing SQL.

Key capabilities:

  • Compose nested include/exclude rule groups combining any user attributes, roles, groups, or organizational criteria.
  • Save named searches and reuse them across campaigns.
  • Preview the users a search will return before saving.

OE-4263 – Campaign launch history
A new History tab on Access Certification campaigns records every campaign launch and its full outcome. It lists each launched campaign in reverse-chronological order with status and execution date.

OE-4333 – Bulk approval mode for reviewers
A new per-certification administrator toggle enables bulk approval mode, letting reviewers certify or revoke all access items for a user or entitlement in a single action.

Key capabilities:

  • Certification configuration includes a new Allow Bulk Approval toggle with a risk disclaimer; the campaign dashboard shows a Bulk Approval Enabled danger chip when active.
  • Reviewers see a Bulk Approval Mode panel with Certify all, Revoke all, and Submit Review controls, plus a live count of marked items.
  • Decisions made through bulk actions are recorded as BULK in the audit trail and flagged in the certification Results report (BULK_APPROVAL_RISK column), so bulk-approved items can be reviewed separately from individually-approved ones.

See Bulk approval for configuration and reviewer experience details.

SelfService portal redesign

OE-4219 – Directory Lookup on SelfService v2
The Directory Lookup and View User screens have been rebuilt on the new SelfService portal. Role and Group pickers are scoped by Managed System so results are filtered to the system in context.

OE-4224 – Manage Users (Direct Reports) on SelfService v2
The Manage Users screen — where managers work with their direct reports — is now available on the SelfService v2 portal, including working start-date and end-date filters.

OE-4227 – New User Registration on SelfService v2
The New User / Registration form has been migrated to SelfService v2, including CAPTCHA and one-time-passcode confirmation support assembled from the configured page template.

OE-4228 – Bulk Upload on SelfService v2
The Bulk Upload screen for CSV-based user synchronization has been rebuilt on the SelfService v2 portal.

OE-4231 – Edit Profile on SelfService v2
The Edit Profile screen is now wired into SelfService v2, assembled from the configured page template.

OE-4232 – Challenge Response security questions on SelfService v2
The Challenge Response (security questions) screen has been rebuilt on SelfService v2. Repeated saves now persist correctly rather than showing stale state.

OE-4235 – FIDO Authenticator (Security Keys) on SelfService v2
The FIDO Authenticator enrolment screen has been migrated to SelfService v2, allowing users to register and manage hardware security keys through the modernized interface.

Reporting

OE-4361 – Segment Description added to the SOD report
The Segregation-of-Duties report now includes a Segment Description column, giving compliance reviewers descriptive context for each SOD segment directly in the report output.


Bug fixes

Access certification

OE-4362 – Certification User View fails on Microsoft SQL Server with large campaigns
Fixed an issue where the Certification User View failed to display users on Microsoft SQL Server-backed deployments when a campaign contained a large user population, because the query exceeded SQL Server's query-size limit. The User View query now stays within the limit regardless of population size.


Provisioning and infrastructure

OE-4249 – User provisioning status stuck in multi-instance deployments
Resolved a concurrency issue in multi-instance deployments where a user's account provisioning status could become stuck in a pending update state after an update, blocking further updates for that account. Provisioning-status updates now settle correctly under concurrent activity from multiple instances.


UI and user experience

OE-3551 – Page Template deletion now removes its associated resource
Fixed an issue where deleting a Page Template left its underlying resource behind in the system. Deleting a Page Template now also removes the associated resource.

OE-3869 – Bulk Operations on Organizations: search and layout fixed
Fixed incorrect search results and incorrect panel sizing on the Webconsole Bulk Operations screen when the target entity type is Organizations.

OE-4143 – Synchronization History JSON view no longer freezes the Webconsole
Fixed an issue where opening the JSON details of a synchronization run from the Synchronization History screen could freeze the entire Webconsole tab.

OE-4207 – Audit report generation reliability fix
Resolved an issue where the Audit report could generate with incorrect formatting or fail to generate cleanly. The report now generates reliably with the expected fields and layout.


Minor updates

  • Campaign preview enables dry-run scope and reviewer validation before any certification campaign goes live.
  • Campaign launch history provides a permanent per-launch audit record with full drill-down into decisions.
  • Extended User Search enables complex, reusable population queries for certification campaigns.
  • Bulk approval mode gives reviewers a fast path through large campaigns with full audit traceability.
  • SelfService v2 redesign extended to cover Directory Lookup, Manage Users, New User Registration, Bulk Upload, Edit Profile, Challenge Response, and FIDO Authenticator screens.
  • Stability fixes across Certification User View, Extended User Search, provisioning status, and Webconsole UI.