Looking for a bug fix list for all versions of Identity Manager (On-Prem)?
All bug fixes will automatically be added here!
6.3 Updates
Patch Version 6.3.3 On-prem Released
April 7, 2026
| Component | Description |
|---|---|
| Access Control and Workflows | In a workflow, ending a contract while at the same time denying (or deleting) a role caused an error. Now, these actions can be done at the same time with no errors. |
| Configuration | Fixed an issue where importing a configuration could incorrectly classify items as inserted or deleted, depending on the content of the ud_configurationfileitems table causing an error related to a violation of primary key constraint. |
| Connectors and Integrations | The EasyVista connector formats the END_OF_CONTRACT date using the invariant culture (MM/dd/yyyy), which EasyVista may interpret as dd/MM/yyyy, causing incorrect archival dates when deprovisioning users. A new DateTimeToString: expression is now supported in the EntityPropertyMapping format field for EasyVista resource type mappings, allowing the date format for date attributes such as END_OF_CONTRACT to be specified explicitly. |
| Connectors and Integrations | Database views can now be created when using the NIM Profile connector. |
| Connectors and Integrations | Google Workspace refresh schema was hardcoded and did not correctly fetch the attributes. Now when you refresh the schema, all attributes are correctly fetched. |
| Connectors and Integrations | When creating a user in EasyVista too many permissions were required causing errors during provisioning if all permissions were not granted. Now, the necessary permissions have been recalibrated. NOTE: The agent needs to be updated to benefit from this correction. |
| Connectors and Integrations | With the ServiceNow connector, clearing a scalar or mono-valued property would send null instead of an empty string in the provisioning payload, causing ServiceNow to silently ignore the change and leave the existing value unchanged. Now, the empty string expected by ServiceNow is correctly sent and the property is cleared. |
| Jobs and Policy | When executing a workflow via API which modified the end date of a locked assignment, no error was thrown. Now, modifying the end date of a locked assignment via API is not allowed. |
| UI / UX | When selecting a role model category, only the top 500 categories were shown. Now, all available categories will be displayed. |
| UI / UX | On the Assigned Roles page, once the right panel has opened displaying an identityâs details, an eye icon link has been added which opens a new tab showing the identityâs page. |
| Other | Fixed a database migration failure (20260226.sql) occurring on non-Enterprise SQL Server editions caused by the unsupported ONLINE index option. The migration now detects the SQL Server edition at runtime and applies ONLINE = ON only when supported. |
Minor Version 6.3 On-prem Released
March 3, 2026
| Component | Description |
|---|---|
| Access Control and Workflows | A 500 error occurs when the subject exceeds 442 characters in the workflow finalize step. |
| Access Control and Workflows | Form controls with InputType set to hidden are copied when cloning a record. |
| Access Control and Workflows | Workflow fields exceeding 442 characters are flagged as too long, even though the target column index supports 4000 characters. |
| Access Control and Workflows | Filtering by requestor on the Workflow Overview page shows results only for the first page; subsequent pages appear blank. |
| Certifications and Risks | A resource type is marked as missing a required parameter even when the parameter is optional. |
| Certifications and Risks | Certification campaigns using the ânot certified sinceâ filter do not work as expected. |
| Certifications and Risks | Risk filters applied to roles in certification campaigns are not reflected in the campaign description after creation. |
| Configuration | When using IGA Core solution configuration, the User Type criterion does not appear in the administratorâs advanced search bar. |
| Configuration | When using a lowercase âc#â prefix in C# expressions within XML configuration, the expression is not recognized and no error message is displayed. |
| Connectors and Integrations | Running âRefresh Schemaâ from the connectors page does not consistently work. |
| Connectors and Integrations | Refreshing the schema for the Microsoft EntraID connector fails. |
| Jobs and Policy | A resource type cannot be updated in a workflow even when configured to allow modification. |
| Jobs and Policy | In exclusively incremental jobs, provisioned accounts are not marked as verified after synchronization. |
| Jobs and Policy | If the redundant assignment job encounters an error, it cannot be restarted. |
| Jobs and Policy | On the Assigned Roles page, the Excel download displays EntityType as â[object Object]â instead of its display name. |
| Jobs and Policy | Deleting a resource type via the Access Roles page does not properly trigger cascade delete operations. |
| Logs / Performance / Security | The send-notifications command displays unclear error messages when required parameters are missing. |
| UI / UX | The permission basket page displays as blank when there is a cyclic relationship between categories. |
| UI / UX | When viewing a permissions basket with an âAs of dateâ specified, the permission details show the current state instead of the state at the specified date. |
| UI / UX | Pagination buttons are not always correctly displayed on the Workflow Overview page when navigating back to the first page. |
| Other | A file encrypted with the Usercube-Encrypt-File tool is sometimes not correctly decrypted. |
Minor Version 6.3 On-prem Released
March 3, 2026
| Component | Description |
|---|---|
| Access Control and Workflows | A 500 error occurs when the subject exceeds 442 characters in the workflow finalize step. |
| Access Control and Workflows | Form controls with InputType set to hidden are copied when cloning a record. |
| Access Control and Workflows | Workflow fields exceeding 442 characters are flagged as too long, even though the target column index supports 4000 characters. |
| Access Control and Workflows | Filtering by requestor on the Workflow Overview page shows results only for the first page; subsequent pages appear blank. |
| Certifications and Risks | A resource type is marked as missing a required parameter even when the parameter is optional. |
| Certifications and Risks | Certification campaigns using the ânot certified sinceâ filter do not work as expected. |
| Certifications and Risks | Risk filters applied to roles in certification campaigns are not reflected in the campaign description after creation. |
| Configuration | When using IGA Core solution configuration, the User Type criterion does not appear in the administratorâs advanced search bar. |
| Configuration | When using a lowercase âc#â prefix in C# expressions within XML configuration, the expression is not recognized and no error message is displayed. |
| Connectors and Integrations | Running âRefresh Schemaâ from the connectors page does not consistently work. |
| Connectors and Integrations | Refreshing the schema for the Microsoft EntraID connector fails. |
| Jobs and Policy | A resource type cannot be updated in a workflow even when configured to allow modification. |
| Jobs and Policy | In exclusively incremental jobs, provisioned accounts are not marked as verified after synchronization. |
| Jobs and Policy | If the redundant assignment job encounters an error, it cannot be restarted. |
| Jobs and Policy | On the Assigned Roles page, the Excel download displays EntityType as â[object Object]â instead of its display name. |
| Jobs and Policy | Deleting a resource type via the Access Roles page does not properly trigger cascade delete operations. |
| Logs / Performance / Security | The send-notifications command displays unclear error messages when required parameters are missing. |
| UI / UX | The permission basket page displays as blank when there is a cyclic relationship between categories. |
| UI / UX | When viewing a permissions basket with an âAs of dateâ specified, the permission details show the current state instead of the state at the specified date. |
| UI / UX | Pagination buttons are not always correctly displayed on the Workflow Overview page when navigating back to the first page. |
| Other | A file encrypted with the Usercube-Encrypt-File tool is sometimes not correctly decrypted. |
Minor Version 6.3 On-prem Released
March 3, 2026
| Component | Description |
|---|---|
| Access Control and Workflows | A 500 error occurs when the subject exceeds 442 characters in the workflow finalize step. |
| Access Control and Workflows | Form controls with InputType set to hidden are copied when cloning a record. |
| Access Control and Workflows | Workflow fields exceeding 442 characters are flagged as too long, even though the target column index supports 4000 characters. |
| Access Control and Workflows | Filtering by requestor on the Workflow Overview page shows results only for the first page; subsequent pages appear blank. |
| Certifications and Risks | A resource type is marked as missing a required parameter even when the parameter is optional. |
| Certifications and Risks | Certification campaigns using the ânot certified sinceâ filter do not work as expected. |
| Certifications and Risks | Risk filters applied to roles in certification campaigns are not reflected in the campaign description after creation. |
| Configuration | When using IGA Core solution configuration, the User Type criterion does not appear in the administratorâs advanced search bar. |
| Configuration | When using a lowercase âc#â prefix in C# expressions within XML configuration, the expression is not recognized and no error message is displayed. |
| Connectors and Integrations | Running âRefresh Schemaâ from the connectors page does not consistently work. |
| Connectors and Integrations | Refreshing the schema for the Microsoft EntraID connector fails. |
| Jobs and Policy | A resource type cannot be updated in a workflow even when configured to allow modification. |
| Jobs and Policy | In exclusively incremental jobs, provisioned accounts are not marked as verified after synchronization. |
| Jobs and Policy | If the redundant assignment job encounters an error, it cannot be restarted. |
| Jobs and Policy | On the Assigned Roles page, the Excel download displays EntityType as â[object Object]â instead of its display name. |
| Jobs and Policy | Deleting a resource type via the Access Roles page does not properly trigger cascade delete operations. |
| Logs / Performance / Security | The send-notifications command displays unclear error messages when required parameters are missing. |
| UI / UX | The permission basket page displays as blank when there is a cyclic relationship between categories. |
| UI / UX | When viewing a permissions basket with an âAs of dateâ specified, the permission details show the current state instead of the state at the specified date. |
| UI / UX | Pagination buttons are not always correctly displayed on the Workflow Overview page when navigating back to the first page. |
| Other | A file encrypted with the Usercube-Encrypt-File tool is sometimes not correctly decrypted. |
6.2 Updates
Patch Version 6.2.12 On-prem Released
December 16, 2025
| Component | Description |
|---|---|
| Access Control and Workflows | Ending a contract and denying a role at the same time in the same workflow caused an error. |
| Access Control and Workflows | On the certification overview screen, the button to send a reminder notification was displayed even if the connected userâs profile does not allow sending notifications. |
| Configuration | The RiskRuleItems are duplicated after deploying an exported configuration with mark-for-export. |
| Connectors and Integrations | SCIM provisioning orders for deletion were erroring out because of a second â/v2â in the delete call. |
| Connectors and Integrations | For an Excel connection, doing an incremental synchronization and removing a date treated with TransformDate didnât remove the date. |
| Connectors and Integrations | For an Excel connection, the âDownload template with dataâ does not apply the inverse connection transformation for TransformDate, leading to AddedDays being added each time the Excel file was retrieved. |
| Jobs and Policy | To improve performance, database locking behavior was modified when using the bulk functionality and the manual provisioning functionality. |
| Logs / Performance / Security | Some queries for calculating workflow approvals were not optimized. |
| UI / UX | A role with the End Date Locking set to âExplicit, by default context boundâ that is manually added as a suggested permission was not defaulting to locked or context bound. |
| UI / UX | In the permission basket, if a category was collapsed by default, with child categories that were collapsed by default, roles in the parent category were not displayed. |
| UI / UX | Popup notifications for administrators in the SaaS environment were truncated if the message to display was too long. |
| UI / UX | In the standard certification job, âAdministration/Trigger Access Reviewsâ, the send notification task has a typo in the French description. |
| Other | Reduced the number of occurrences of the error âORDER BY items must appear in the select list if SELECT DISTINCT is specified.â |
| Other | NIMâs internal query engine did not filter properly with Int32 and Int64 properties. |
Patch Version 6.2.11 On-prem Released
November 11, 2025
| Component | Description |
|---|---|
| Configuration | After modifying a resource type in the UI, exporting the configuration with âmark for exportâ returns an error. |
| Logs / Performance / Security | To improve performance, database locking behavior was modified when fulfilling internal resources. |
Patch Version 6.2.10 On-prem Released
October 16, 2025
| Component | Description |
|---|---|
| Access Control and Workflows | Notification emails are sometimes not sent correctly if the title contains a C# expression. |
| Certifications and Risks | When deleting a category that is used in a certification campaign, the campaign behaves differently depending on whether the category is deleted via the UI or via XML. |
| Configuration | Unable to export the configuration when the scaffolded parent item is not accessible. |
| Configuration | Only one rule is loaded after deploying multiple Composite Role Rules with different parent roles. |
| Configuration | An exported configuration can not be reimported. |
| Connectors and Integrations | A server error occurs when using Password Reset or Change Password if the agent version is 6.2.7 or 6.2.8. Note: The agent must be updated for this correction. |
| Connectors and Integrations | For a fulfill operation with the SCIM connector, there is an error when the headers option is not provided. |
| Connectors and Integrations | On the connector pages, a white page was shown when trying to create a Usercube/Workflow connection. |
| Jobs and Policy | Bulk role reconciliation fails in some cases. |
| Jobs and Policy | Long-running job tasks may be incorrectly cancelled. |
| Jobs and Policy | Inefficient jobs in the SaaS environment lead to performance issues. Now, new jobs that do not meet the criteria indicated in our documentation will not run in the SaaS environment. |
| Jobs and Policy | Slow performance related to hash collisions during the calculation of correlation keys. |
| UI / UX | An incorrect error message is displayed when unlocking accounts via the Manage Accounts screen. |
| UI / UX | Incorrect tooltip shown for non-conforming or pre-existing assigned resource types without any resource on the permissions display page. |
| UI / UX | In some cases, a workflowâs subject field is not built correctly. |
| UI / UX | Pre-existing and non-conforming roles are shown as given by policy in the history overview. |
| UI / UX | In C# expression fields, users can enter expressions that result in a null reference. |
| UI / UX | A success notification is sent even if an error occurs during an indirect password reset. |
| UI / UX | The permissions basket performs slowly, especially when a user has many entitlements. |
| Other | Resources not referenced by another resource cannot be deleted via API. |
Patch Version 6.2.8 On-prem Released
September 2, 2025
| Component | Description |
|---|---|
| Access Control and Workflows | Adding a new profile with a profile rule context would incorrectly remove some previously assigned profiles during profile computation. |
| Certifications and Risks | When approving risks in Role Review, the reviewerâs name, approval date, or comments would not be properly saved. |
| Configuration | The remote deployment tool would incorrectly report 401 unauthorized errors during configuration deployment, even when using valid authentication tokens. The deployment would still complete successfully, but users would see misleading error messages. |
| Connectors and Integrations | Errors were thrown in Invoke-SqlCommand task when targeting an Oracle database |
| Jobs and Policy | Provisioning orders were not generated when one or more resource types in the task had dependency properties configured (DependsOnOwnerProperty, DependsOnId, or different FulfillHoursAheadOfTime values). |
| Logs / Performance / Security | Owners would not be returned depending on the filter used |
| UI / UX | Permissions from filtered categories were still removed when using the Select All button |
Patch Version 6.2.7 On-prem Released
July 15, 2025
The following list contains a comprehensive overview of the updates and fixes released on July 15, 2025.
| Component | Description |
|---|---|
| Access Control and Workflows | The endpoint /api/PasswordReset/IndirectPasswordReset?api-version=1.0 would always respond with 403 when invoked via API. |
| Access Control and Workflows | When reviewing and approving a workflow, any added comment was not saved. |
| Access Control and Workflows | On workflows containing display tables with columns having a display binding that had no binding items, launching a workflow that allowed modification of several records would show a blank page. |
| Configuration | When updating attribute values for an existing scaffolding, the updates were not always taken into account. |
| Configuration | Some translation overwrites for the configuration were not taken into account. |
| Configuration | Fixes to the configuration export tool. |
| Connectors and Integrations | In the EntraID connector, the extension attributes (ExtensionAttribute1âŚExtensionAttribute15) are now managed as scalar properties. |
| Connectors and Integrations | The value `SystemRootPaths`, which serves to restrict the folders from which files can be uploaded to connectors, was sometimes being ignored. |
| Connectors and Integrations | Entities with properties having a `TargetColumnIndex` greater than 138 were incorrectly updated if an expression was updated via the Connector screen. |
| Jobs and Policy | When we resume a job that was previously blocked, we now resume the job at the correct task. Previously, it was sometimes restarted too early. |
| Jobs and Policy | Fulfillment via PowerShell now always displays booleans as true/false in provisioning orders. |
| Jobs and Policy | Composite role parameters were not being taken into account. |
| Jobs and Policy | Introduced a system that promptly stops running tasks when the user ends the job. |
| Logs / Performance / Security | Better logging for certificate errors |
Patch Version 6.2.6 On-prem Released
May 27, 2025
The following list contains a comprehensive overview of the updates and fixes released on May 27, 2025.
New
| Component | Description |
|---|---|
| Access Control and Workflows | Homonym detection in a workflow review step can now be configured in the AppDisplaySetting or via the settings page. |
| Access Control and Workflows | In a creation workflow, a new Resource Typeâs property values can show as âNo Valueâ in a situation where scalar rules are based on a navigation property that has not yet been calculated. Now, a tooltip explains this behavior. |
| Connectors and Integrations | The EntraID connector now manages all of the following: manager, members, assistants, roles. |
Bug Fixes
| Component | Description |
|---|---|
| Access Control and Workflows | Invalid contexts were sometimes created by the âSet Internal User Profilesâ task. |
| Access Control and Workflows | If a large number of profiles exist, they were not all shown in the dropdown list when trying to manually assign profiles. |
| Access Control and Workflows | In a workflow having a BuildUniqueValueAspect with SqlCheckExpression, the aspect would recompute a new value every time a value was changed â even if the value wasnât relevant to the calculation. |
| Access Control and Workflows | Incorrect SQL requests upon workflow completion if a resource link was deleted. |
| Certifications and Risks | Access Certification forwards didnât work if no PersonFilter was defined in the SelectPersonasByFilterQueryHandlerSetting. |
| Connectors and Integrations | EntityPropertyExpression could not be used for an Entity Property whose type was Int16. |
| Connectors and Integrations | Connections created for CyberArk, Salesforce, Slack, and Wallix through the UI reported an error. |
| Jobs and Policy | Dependent tasks didnât always launch after resuming blocked synchronization tasks. |
| Jobs and Policy | The âUpdate Property Expressionsâ task, when launched from the connectors page, would always run in the Complete mode even when launched from the âIncrementalâ sub menu. |
| UI / UX | The Query Module result grid did not respect the selected UI language. |
| UI / UX | Navigating to rules from the Access Roles pages could produce old popups. |
Patch Version 6.2.5 On-prem Released
April 1, 2025
The following list contains a comprehensive overview of the updates and fixes released on April 1, 2025.
New
Improved flexibility of SCIM connections: The SCIM connector now supports adding custom headers to API requests. This enhancement allows users to configure headers such as X-Custom-Header for specific endpoints like /Users.
Bugs Fixed
Access Control and Workflows
- Deadlocks during mass update workflows.
Configuration
- Improvements made to optimize configuration deployments.
Connectors and Integrations
- Connections for CyberArk, Salesforce, Slack, and Wallix added through the UI could not be verified or saved.
Certifications and Risks
- A completed certification campaign remained active even when all items were already reviewed.
Jobs and Policy
- Jobs were sometimes launched and completed successfully without running any tasks.
UI/UX
- Incorrect boolean values are shown in the query module grid.
- Role review section was invisible if no roles needed a role review but grace period reviews were still needed.
Patch Version 6.2.4 On-prem Released
February 28, 2025
- LDAP and SCIM connection enhancements.
- Reports now include role parameters for improved clarity.
- Reduced deadlocks during multi-user workflows.
- Improved isolation for cumulative policy simulations.
- Security thresholds in multi-connector jobs now restart all blocked connectors.
- Logging improvements.
- Small enhancements to the Assigned Roles page.
The following versions may have limited or no support. Please see the