Veza Product Update - Jan'24
Every month, the product team prepares a summary of major changes in recent releases. Below are some of the highlights from our 2024.1.x updates since the start of the new year.
We are always iterating to enhance our identity security tools and expand support across a wide range of software ecosystems. Additionally, we're focused on improving usability across the platform to provide a more intuitive experience for all users.
Please contact the Veza support team for more information, or to submit your invaluable feedback and feature requests.
Access Intelligence
Risk Scores for Authorization Graph: When showing Risks in Graph Search, a Risk Score now appears next to each entity's name for better visibility into relative risk across different entities in search results. The option to highlight risks in the Authorization Graph is renamed from Display Options > Risks to Display Options > Risk Scores.
Enhanced Filters for Lists: Filters on list-type attributes now support additional operators for matching based on the contents of any element in the list. For these attributes (such as Okta User MFA Factors or GitHub User Emails), you can now conditionally filter results where one list item Contains / Does Not Contain / Starts With / Ends With the input string or matches a regular expression. This enhancement complements the pre-existing Equals and Not Equals operators, which filter for exact matches across any list element.
Snowflake Data Governance Dashboard: A specialized dashboard is now available for customers using the Snowflake integration. The page offers a range of out-of-the-box insights, including visibility into changes and trends for:
Total inert users and superusers
Inert roles and super roles
Role access to data objects (schema, database, table)
Deactivated IdP users with Snowflake Access
Vulnerabilities and least-privilege anti-patterns
Salesforce Access Security: Customers using the SFDC integration can now access a dashboard of dedicated insights. The page contains pre-configured queries showing:
Salesforce Users & Their Mapping to Identity Providers
Users with Privileged Access
SFDC Profile and PermissionSet Analysis
Top Profiles mapped to Users, and top Profiles with privileged PermissionSets connected to users
Set Resource Managers for Any Entity Type: All entities can now be assigned Resource Managers that can be auto-assigned as access reviewers. The option to Set Resource Managers is now available on the graph actions sidebar, regardless of entity type. Previously, only resource-type entities could be assigned "Owners."
Access Reviews
New Workflow Builder: The Access Review creation modal is now a step-by-step wizard for adding a description, specifying the query, and configuring email notifications and orchestration actions.
New Pages for Access Review Management: The landing pages are updated and modularized to simplify creating, viewing, and administering Access Reviews. The new UX includes a Review Actions dashboard similar to the previous access reviewer landing page, containing all active and completed certifications the active user can access. A new Reviews Configurations dashboard replaces the main page listing all configured Access Review Configurations. Opening a Configuration now shows a details page for managing individual Reviews, similar to the old View Certifications interface.
Attribute Filter Enhancements: You can now apply the Not Contains filter operator on attributes containing lists of values.
Export Decision Columns: You can now include decision-related columns when exporting a review, including the ID, Name, and Email of the user who made the update and the Decision Date.
Sign-off on rejected rows can now trigger Jira ticket creation using orchestration actions.
You can now sort Reviews based on the contents of the Summary Entities column.
Improved Usability For Authorization Entities Sourced From OAA Integrations: Entities created with Open Authorization API (OAA) no longer have generic types such as
Custom UserorCustom Group. You can now create Access Reviews involving these entities as though they were sourced from a built-in integration (e.g.ZenDesk User,Trello User).
Lifecycle Management
Dry Run Enhancements: Using the Dry Run option to preview changes based on the active Lifecycle Management policies now shows the changed attributes and the applicable provisioning rules.
Date-Based Provisioning Rules: User Mapping Rules now support new operators to enable conditions based on attributes containing timestamps, for triggering actions in relationship to a date. You can now use
On or After,On or Before,After, orBeforeto create rules that only (for example) provision users hired after a certain time.
Veza Integrations
Jira Enhancements: The outbound for Jira now provides more flexibility when creating tickets due to an Alert Rule or Access Reviews decision:
Default Assignee: The Jira Orchestration Action no longer requires a Default Assignee to enable the integration. Leaving this value blank will set
Unassignedon created issues.Configurable Fields: Jira orchestration actions can now create issues with additional system and custom fields. Tickets can have user-defined values for a limited set of System Fields (e.g.
Component) and custom fields based on the specified field, type, and value.These optional, additional fields are enabled in a new tab when configuring the Orchestration Action. The orchestration action detail page now includes an Additional Fields tab, displaying the configured System Fields and Custom Fields. Please contact our team if your use case requires additional system fields or field types.
Custom Identity Mapping for OAA Apps: Custom identity mappings for specifying relationships between local accounts on different platforms or apps can now use custom properties for Open Authorization API-based integrations.
Okta: Added support for integrating with Okta using OAuth 2.0 client credentials, as a more secure alternative to user API keys.
Okta: Okta Apps are now included in Graph views when connected to an Okta user in search results (previously, these were hidden unless explicitly searching for Okta Apps).
Google Drive: Added an integration option to use OAuth 2.0 credentials for a Google Workspace user, enabling the discovery of drives with external sharing disabled or that cannot be shared with the integration service account.
Veza Platform
Teams: Non-root teams can now access the Overview page and Analysis section, restricted to integrations in the team scope.
Audit Log API: The maximum page size when exporting events is now 10,000 (increased from 1,000 events per page).
System Settings: Added a user-managed option to toggle visitor redirection from the Veza home page to your Single Sign-On provider for log-in. This option appears when using SSO Auto-Redirect (Early Access).
Product Design and Usability
New Access Reviews Builder and Landing Pages: Re-designed landing pages and wizards simplify the creation of Access Reviews, providing more natural flows for administrators, operators, and access reviewers.
New Governance Dashboards: We've introduced built-in landing pages with new queries and visualizations for better out-of-the-box insights, providing intuitive access to information without the need for custom search.
Dry Run Enhancements in Lifecycle Management: Additional details for Dry Runs help Administrators better anticipate and understand the impact of changes while planning and configuring provisioning rules.
Enhanced Filters for Lists in Access Intelligence: New operators for list-type attributes improve user ability to precisely filter search results, enhancing usability by allowing more granular control over data views.
Dashboard View Enhancements: Dashboards now use a 2-column view for year-long durations, making it easier to digest and analyze data over longer time periods.
Last updated