Migration Notes: Data Foundation or EDG 9.1 to 9.2

Removal of Microsoft 365 ROPC support

Support for Resource Owner Password Credentials (ROPC) flow for Microsoft 365 integration has been removed, due to Microsoft’s deprecation of this authentication method. Customers previously using ROPC flow must transition to Authorization Code flow and/or Client Credentials flow, depending on the Microsoft 365 integration features used. See Microsoft 365 Authentication Configuration Section.

Stricter role validation for OAuth2 Bearer token and LDAP authentication

The OAuth2 Bearer token (JWT) and LDAP authentication paths now validate the user’s roles against the configured securityRoles, matching the behavior of the OIDC and SAML2 authentication paths.

Previously, users from a trusted identity provider having at least one role could be admitted even if the role was not listed in securityRoles. After upgrading, such users will no longer be admitted.

Administrators using OAuth2 Bearer token authentication or LDAP authentication should verify that every role name expected to grant access for legitimate users is explicitly listed in the securityRoles configuration, case-sensitive.