Veza Product Update - April'23

Overview of major changes and enhancements in 2023.4.x releases

Veza Search and Insights

Salesforce SaaS Misconfigurations: A new Salesforce Misconfigurations report offers insight into common identity risks for SFDC. The queries in this report can be customized or used out of the box, including:

  • Salesforce Users not tied to an identity provider

  • Salesforce Organizations without organization-wide MFA enabled

  • Salesforce profiles that bypass organization-wide MFA

  • Salesforce Organizations with "poor" or worse Security Health Check Score

  • Salesforce security health check risks ranked high or medium risk

  • Salesforce Organizations without Setup Audit Trail enabled

  • Note: To enable the reports, you must update the permission set for the Salesforce integration to include the View Health Check permission.

Introducing risks and risk levels: Instead of marking queries as Violations, users can now set a Critical or Warning risk level for saved queries. Results of queries with a risk level (Queries with Risks) appear on the Access Intelligence > Risks page for tracking and remediation. With Risks, you can now:

  • Review all Queries with Risks and their results in Graph or Query Builder

  • Review all active Risks for all queries.

  • Sort by conditions such as time, total risks, and percent change.

  • Filter by query risk level, integrations, or labels.

  • View trending changes for the past week or past month.

Risks dashboard: The Veza landing page now includes an Access Risks Summary section with a trend chart and summary of all risks. Clicking a tile on the dashboard opens the Queries with Risks tab.

Risk exceptions: You can hide results that can't be acted on (such as built-in system roles) by adding exceptions. Marking a risk as an exception will prevent it from appearing as a risk in the future.

  • To manage exceptions for a single query on the Risks > Queries with Risks tab, click Manage Exceptions from the actions dropdown menu.

  • To manage exceptions for multiple risks, select one or more Risks and click Mark as Exception.

  • You can filter the Risks page to show entities marked as exceptions. A new column shows each risk's exception status.

Risks in Authorization Graph and Query Builder: Authorization Graph now highlights risks by default. Risks are highlighted yellow or red depending on the risk level.

  • You can toggle this setting under Display Options > Highlight Entities of Interest.

  • The Query Builder also now highlights risks by default. Results will have a Warning or Critical indicator next to their name to show the risk level.

  • Clicking on the risk level of a result in Query Builder now opens the Risks page with that entity selected.

Saved Query enhancements: You can now find built-in queries on the Saved Queries page with a filter on System Created: True or Created By: Veza.

Some pages and sections are renamed based on user feedback:

  • The Home page is now Dashboards.

  • The Access Intelligence > Reporting page is now Reports.

  • The Reports Library is now All Reports.

  • My Reports are now My Bookmarked Reports.

  • Report categories are now Collections.

Integrations

GitHub Enterprise (Early Access): A new Veza-built integration enables the discovery of user, repository, team, and role entities and attributes for GitHub, with support for GitHub Enterprise Cloud and Server. Built-in Saved Queries for GitHub are now provided for customization and use in reports.

Snowflake: Azure AD Users are now automatically mapped to Snowflake Local User accounts they can assume.

NetSuite: A new Veza-built connector enables the discovery of Users, Roles, and Role permissions for Oracle NetSuite with the Open Authorization API.

Veza Workflows

Tags in certification results (Early Access): Workflow creators can now include extra certification columns showing tags on source or destination entities. When enabled, reviewers can filter results by tag key and click on a tag key to see the value.

Single-action Approve and Sign Off (Early Access): When enabled, reviewers can now approve and sign off on certification results with a single action. Users can apply the combined decision using a Smart Action, the row actions dropdown, or a Bulk Action on a selection of results.

Saved Filters (API Preview): Reviewers can now pick from filters created using the Quick Filters API.

Notification Templates (API Preview): A new preview endpoint is available for testing Workflow reminder email templates.

Veza Product Design

We're excited to announce that we are onboarding a new design team to enhance visual appeal and usability across our product. We have significant improvements planned over the coming months and want your input to ensure we are making changes to improve your experience.

We will be reaching out for user feedback sessions, user experience suggestions, and more. Your feedback is greatly appreciated, and we couldn't do this without you. Thank you for your continued support.

Last updated