Veza Product Update - October'23
Welcome to the latest monthly summary of the many changes in recent releases, intended to improve your experience on the platform and deliver additional product features and capabilities. Some highlights include:
Access Intelligence and Visibility
Search results now have Risk Scores enabling users to sort and compare risks and focus on the most important ones.
Access Reviews
Operators can now create more flexible Workflow queries with several destination entity types.
Operators can now periodically create Certifications with Access Review Scheduling.
Operators can now enable Access Review Intelligence to automatically act on results based on result attributes or prior certification data.
Veza Integrations
New integrations
New PingOne identity provider integration.
CSV Import for creating custom providers and publishing authorization metadata in a standard format.
The Microsoft Azure integration now supports Azure PIM.
Enhanced integrations
On-platform setup for Ramp, Google Drive, and DocuSign.
Improved capabilities for Okta, Microsoft SharePoint, Snowflake, and AWS RDS MySQL.
Veza Platform
Administrators can now create read-only API keys by scoping them to teams.
Please get in touch with your feedback and questions, and see the following sections for more details:
Access Intelligence and Visibility
New features
Tags in Query Builder: For improved filtering and review of entities with tags applied to them, you can now show tags in columns using Include all source tags and Include all destination tags options.
Enhancements
When selecting a Query Builder source entity type, you can now specify entities of multiple types with grouping types such as User. You can now specify relative date filters for hours or days in the future in Query Builder.
New Query Builder columns now show the System Permissions and the Effective Permissions equivalent for each result.
You can now select any nestable source or destination entity type as Summary Entities in Query Builder. This enables advanced search in scenarios where groups can belong to other groups, or when one role can assume another (such as showing intermediate roles between Snowflake Users and Snowflake Roles).
For improved Graph readability, "Service"-type entities are now hidden by default, along with some other entities such as Organizational Units, Accounts, and Domains. These are now optionally visible by enabling Relationship Options > Advanced View.
Query Builder exports now reflect any changes made to column ordering. The maximum length for saved query descriptions is now extended to 16,383 characters.
Access Reviews
New features
Multiple destinations in Workflow Queries: You can now choose a combination of several related entity types when creating a Workflow.
Scheduling: Access Reviews now support scheduling rules for automated Certification creation. To enable, go to Access Reviews, find a Workflow, and click Actions > Create Schedule. Veza will start new Certifications at the specified times weekly using the latest Authorization Graph data.
Enhancements
Certification exports now include additional columns:
decision_by_id
,decision_by_name
,decision_by_email
, anddecision_at
.Approve & Sign Off: This action is now universally available for certification reviewers.
Swipe mode is now enabled by default when opening Certifications on a mobile device.
Enhanced mobile support for Certification view, including landscape mode compatibility and iPhone 12 Pro support.
Veza Integrations
New Integrations
Azure PIM: Added support for Azure Privileged Identity Management (PIM), revealing temporary role assumptions based on scheduling rules.
New "Role Eligibility Schedule Schema" entities can now connect Users and Roles.
You can filter on properties such as scope, status, or start and end time of eligibility.
To collect PIM metadata, you must enable the option by editing the Azure integration and choosing Extract PIM Eligibility.
Connectors for Ramp, Google Drive, and DocuSign are now available on Veza in Early Access.
Enhancements
Microsoft SharePoint Online:
Added support for SharePoint Lists: These are now represented by a new entity type created by the SharePoint integration. -Added support for Sharing Capability: SharePoint Online entities now have the Sharing Capability property indicating the maximum-permitted sharing settings available to all children of the given tenant.
SharePoint Folder Library Type: SharePoint Folders now inherit the Library Type property from their parent Library:
personal
,business
, ordocumentLibrary
.SharePoint Folder Sharing Links: Sharing Links are now listed as properties on SharePoint Folders in the format
<scope>|<type>|<url>
.User Details: Veza now gathers additional attributes: Is Guest, Is Site Admin, User Principal Name, Is Deleted, Deleted Date, Last Activity Date, Viewed Or Edited File Count, Synced File Count, Shared Internally File Count, Shared Externally File Count, Visited Page Count, Assigned Products.
Snowflake role types: Added support for Snowflake Role types to help differentiate between custom, inherited, and system roles.
Okta timestamps: Timestamp-type entity attributes now include hours, minutes, and seconds (before, these rounded to the nearest day).
Veza Platform
New Features
Last updated