Product Update: December'24

Highlights and major changes in Veza 2024.12.x releases

Welcome to the December product update! Releases this month included significant changes across the platform, including:

Access Intelligence: Scheduled report exports, enhanced report filtering, and design and usability improvements for NHI, Query Builder, and Separation of Duties.
Access Reviews: Digest notification customization and improved review exports.
Lifecycle Management: Support for Azure Directory Extensions, Schema Extensions, and Distribution Lists, draft mode for Access Profiles and Policies.
Integrations: New Artifactory integration, Azure enhancements including support for Secure Scores, Azure Identity Protection, and Entra ID Conditional Access Policies, and extended support for Privacera, Oracle Fusion Cloud, and Oracle JDE.
Open Authorization API: The Custom Identity Provider template now supports modeling IdP application assignments for IdP users and groups.
Veza Platform: Administrators can now configure event subscriptions and alerts for some or all platform activity.

Please read on for more details about specific changes in each product area, and contact your Veza representative with any questions or feedback.

Access Intelligence

Enhancements

Report Export Scheduling: You can now export any custom or built-in report on a schedule in PDF or CSV format. When enabled, the recipient will receive a secure link to access Veza and download the file.
- To schedule exports, open a report to view details. Click Export > Schedule export for later, and choose the recipient, date, and time for recurring emails.
- Veza administrators can manage allowed recipients by configuring the email domain whitelist on the Administration > System Settings page.
Report Filtering with AWS Account Groups: Account Groups now offer advanced options for filtering reports by AWS accounts to analyze and monitor specific segments within your organization. By defining groups of accounts with saved queries, you can streamline the process of analyzing data across large-scale AWS environments.
- Users can create and save custom queries to define sets of AWS accounts by applying the report_account_group label. Filter queries can use regex patterns, relationships, and account properties to define account groups.
- When viewing a report, you can now apply account filters using the Account Groups dropdown.
- Links to filtered report views are shareable to help manage AWS accounts across different teams.
Design and Usability Enhancements
- NHI and Entity Owners: Improved support for assigning owners for non-human identities (NHI):
  - You can now add owners in bulk on the NHI overview page by selecting multiple rows.
  - Veza can now suggest owners from those with the largest set of effective permissions on a resource.
  - Clicking an owner in Query Builder or on the NHI overview page shows user details, including a shortcut to open in Graph to search relationships.
- Summary Entities: When using the Summary Entities option to show intermediate entities in the path between a source and destination node, the column is now resizable and has a more readable default width.
- Enhanced Navigation: You can now quickly access Graph search or the overview of All Dashboards using a link on the Integrations page.
- Dashboard Filters: The All Dashboards overview now supports improved filtering by name, integrations, dashboard owner, or type.
- Separation of Duties: The last update time is now shown when reviewing queries on the Separation of Duties overview page.

Access Reviews

Enhancements

Digest Notification Templates: Administrators can now customize the contents of Access Review digest notifications using the Notification Templates API. These recurring emails provide consolidated notifications for all assigned reviews, with direct links to active reviews and an overview of the current status. Administrators can supplement digest emails with additional notifications by configuring notifications and reminders for individual reviews.
Export Customization: When exporting a review to CSV or PDF, the default export includes your currently selected and visible table columns (up to 12 columns for PDFs). You can now quickly add all columns to CSV exports using a Select All checkbox. When no columns are selected, the visible columns are exported by default.
Blank Attribute Filters: When filtering rows in the reviewer interface, you can now use Exists and Does Not Exist operators to show rows where the specified attribute has a value or is empty. This change helps identify identities or resources with missing or populated fields, including custom attributes.
Row Grouping (Early Access): In the reviewer interface, reviewers can now consolidate and organize rows in collapsible groups using the Group By option. This preview feature supports grouping by user (source ID), resource (resource ID), and status (rows changed since the last review).
Risk Scores in Access Reviews: Access Intelligence integration with Access Reviews now provides a more intuitive experience for risk scores in the reviewer interface. New review configurations have Access Intelligence enabled by default, automatically displaying Risk Score and Risk Level columns for rows under review. When disabled, risk columns are available but hidden by default.

Lifecycle Management

Enhancements

Azure: Directory and Schema Extensions: The Azure integration now supports Directory Extensions and Schema Extensions, providing both read and write capabilities for custom attributes in Azure AD environments. To gather these attributes and use them in Lifecycle Management workflows, review and update your Azure integration settings to specify custom properties to discover.
Azure: Distribution Lists: Access Profiles can now define entitlements on Office 365 Distribution Lists.
Draft Mode for Access Profiles and Policies (Early Access): Access Profiles and Policies now support draft mode for staging unpublished changes. When enabled, teams can create and review draft versions before publishing to validate updates and maintain a record of configurations.
- When editing a profile or policy, the editor shows when there are unpublished changes, with options to save, publish, or revert the current draft.
- Profile and policy details views include the publication date, most recent draft, and details about the user who made the changes.
- Administrators can control whether draft mode is enabled on the Lifecycle Management > Settings page.
- Each policy can have one active published version and one draft version, with retired versions automatically archived and retrievable via API.
Lifecycle Management Policies and Workflows: Administrators can now configure policies to sync only when there are changes in the source of identity. This option is enabled by default for new policies.

Veza Integrations

New Integrations

Artifactory: New integration with support for repositories and projects, users and groups, and role-based access controls in JFrog Artifactory.

Enhancements

Azure Identity Protection: The Azure integration now supports monitoring security baselines with Azure Secure Score tracking and Azure Identity Protection. The latest current and maximum Azure Secure Score is now shown as a searchable attribute on Azure AD Users. You can also filter Azure AD Users by new attributes for risk level, risk state, risk details, and last update time based on Microsoft's threat intelligence sources.
Entra ID Conditional Access Policies: The Microsoft Azure integration now supports Conditional Access Policies for Entra ID, providing visibility into both raw system configurations and effective access:
- System query mode shows the full relationships between users and CAPs, including direct user, group, and role-based inclusions/exclusions.
- Effective query mode calculates permission paths by aggregating all inclusion/exclusion paths defined in Conditional Access Policies.
- CAP evaluation requires the additional Graph API permission Policy.Read.All for the Veza integration.
Privacera: Improved integration performance and added support for policy IDs on Policy and Resource Definition entities. Unknown policy permissions are now processed as "Uncategorized."
Oracle Fusion Cloud: The Oracle Fusion Cloud integration now supports gathering the Person Number attribute as a local user custom property.
Oracle JDE: Added support for JDE deployments using Microsoft SQL as the backend database. You can now choose a non-Oracle database when configuring the integration.
Open Authorization API: The Custom Identity Provider template for the Open Authorization API now supports defining a set of applications available within the IdP. Users and groups can be assigned to apps for more precise modeling of entitlements.

Veza Platform

New Features

Event Subscription and Alerting: Administrators can now configure alert subscriptions for specific events using filters for severity, category, and event type.
- Veza evaluates events during the subscription interval and sends email alerts when events match your filters.
- You can manage subscriptions on the Administration > Subscription Management page.

Note: Individual releases can include additional bug fixes and performance improvements that are not detailed in these notes. For more information about any features or bug fixes, please contact your Veza representative.

PreviousProduct Updates NextProduct Update: November'24

Last updated 1 day ago

Was this helpful?

Product Update: December'24

Highlights and major changes in Veza 2024.12.x releases

Welcome to the December product update! Releases this month included significant changes across the platform, including:

Access Intelligence: Scheduled report exports, enhanced report filtering, and design and usability improvements for NHI, Query Builder, and Separation of Duties.
Access Reviews: Digest notification customization and improved review exports.
Lifecycle Management: Support for Azure Directory Extensions, Schema Extensions, and Distribution Lists, draft mode for Access Profiles and Policies.
Integrations: New Artifactory integration, Azure enhancements including support for Secure Scores, Azure Identity Protection, and Entra ID Conditional Access Policies, and extended support for Privacera, Oracle Fusion Cloud, and Oracle JDE.
Open Authorization API: The Custom Identity Provider template now supports modeling IdP application assignments for IdP users and groups.
Veza Platform: Administrators can now configure event subscriptions and alerts for some or all platform activity.

Please read on for more details about specific changes in each product area, and contact your Veza representative with any questions or feedback.

Access Intelligence

Enhancements

Report Export Scheduling: You can now export any custom or built-in report on a schedule in PDF or CSV format. When enabled, the recipient will receive a secure link to access Veza and download the file.
- To schedule exports, open a report to view details. Click Export > Schedule export for later, and choose the recipient, date, and time for recurring emails.
- Veza administrators can manage allowed recipients by configuring the email domain whitelist on the Administration > System Settings page.
Report Filtering with AWS Account Groups: Account Groups now offer advanced options for filtering reports by AWS accounts to analyze and monitor specific segments within your organization. By defining groups of accounts with saved queries, you can streamline the process of analyzing data across large-scale AWS environments.
- Users can create and save custom queries to define sets of AWS accounts by applying the report_account_group label. Filter queries can use regex patterns, relationships, and account properties to define account groups.
- When viewing a report, you can now apply account filters using the Account Groups dropdown.
- Links to filtered report views are shareable to help manage AWS accounts across different teams.
Design and Usability Enhancements
- NHI and Entity Owners: Improved support for assigning owners for non-human identities (NHI):
  - You can now add owners in bulk on the NHI overview page by selecting multiple rows.
  - Veza can now suggest owners from those with the largest set of effective permissions on a resource.
  - Clicking an owner in Query Builder or on the NHI overview page shows user details, including a shortcut to open in Graph to search relationships.
- Summary Entities: When using the Summary Entities option to show intermediate entities in the path between a source and destination node, the column is now resizable and has a more readable default width.
- Enhanced Navigation: You can now quickly access Graph search or the overview of All Dashboards using a link on the Integrations page.
- Dashboard Filters: The All Dashboards overview now supports improved filtering by name, integrations, dashboard owner, or type.
- Separation of Duties: The last update time is now shown when reviewing queries on the Separation of Duties overview page.

Access Reviews

Enhancements

Digest Notification Templates: Administrators can now customize the contents of Access Review digest notifications using the Notification Templates API. These recurring emails provide consolidated notifications for all assigned reviews, with direct links to active reviews and an overview of the current status. Administrators can supplement digest emails with additional notifications by configuring notifications and reminders for individual reviews.
Export Customization: When exporting a review to CSV or PDF, the default export includes your currently selected and visible table columns (up to 12 columns for PDFs). You can now quickly add all columns to CSV exports using a Select All checkbox. When no columns are selected, the visible columns are exported by default.
Blank Attribute Filters: When filtering rows in the reviewer interface, you can now use Exists and Does Not Exist operators to show rows where the specified attribute has a value or is empty. This change helps identify identities or resources with missing or populated fields, including custom attributes.
Row Grouping (Early Access): In the reviewer interface, reviewers can now consolidate and organize rows in collapsible groups using the Group By option. This preview feature supports grouping by user (source ID), resource (resource ID), and status (rows changed since the last review).
Risk Scores in Access Reviews: Access Intelligence integration with Access Reviews now provides a more intuitive experience for risk scores in the reviewer interface. New review configurations have Access Intelligence enabled by default, automatically displaying Risk Score and Risk Level columns for rows under review. When disabled, risk columns are available but hidden by default.

Lifecycle Management

Enhancements

Azure: Directory and Schema Extensions: The Azure integration now supports Directory Extensions and Schema Extensions, providing both read and write capabilities for custom attributes in Azure AD environments. To gather these attributes and use them in Lifecycle Management workflows, review and update your Azure integration settings to specify custom properties to discover.
Azure: Distribution Lists: Access Profiles can now define entitlements on Office 365 Distribution Lists.
Draft Mode for Access Profiles and Policies (Early Access): Access Profiles and Policies now support draft mode for staging unpublished changes. When enabled, teams can create and review draft versions before publishing to validate updates and maintain a record of configurations.
- When editing a profile or policy, the editor shows when there are unpublished changes, with options to save, publish, or revert the current draft.
- Profile and policy details views include the publication date, most recent draft, and details about the user who made the changes.
- Administrators can control whether draft mode is enabled on the Lifecycle Management > Settings page.
- Each policy can have one active published version and one draft version, with retired versions automatically archived and retrievable via API.
Lifecycle Management Policies and Workflows: Administrators can now configure policies to sync only when there are changes in the source of identity. This option is enabled by default for new policies.

Veza Integrations

New Integrations

Artifactory: New integration with support for repositories and projects, users and groups, and role-based access controls in JFrog Artifactory.

Enhancements

Azure Identity Protection: The Azure integration now supports monitoring security baselines with Azure Secure Score tracking and Azure Identity Protection. The latest current and maximum Azure Secure Score is now shown as a searchable attribute on Azure AD Users. You can also filter Azure AD Users by new attributes for risk level, risk state, risk details, and last update time based on Microsoft's threat intelligence sources.
Entra ID Conditional Access Policies: The Microsoft Azure integration now supports Conditional Access Policies for Entra ID, providing visibility into both raw system configurations and effective access:
- System query mode shows the full relationships between users and CAPs, including direct user, group, and role-based inclusions/exclusions.
- Effective query mode calculates permission paths by aggregating all inclusion/exclusion paths defined in Conditional Access Policies.
- CAP evaluation requires the additional Graph API permission Policy.Read.All for the Veza integration.
Privacera: Improved integration performance and added support for policy IDs on Policy and Resource Definition entities. Unknown policy permissions are now processed as "Uncategorized."
Oracle Fusion Cloud: The Oracle Fusion Cloud integration now supports gathering the Person Number attribute as a local user custom property.
Oracle JDE: Added support for JDE deployments using Microsoft SQL as the backend database. You can now choose a non-Oracle database when configuring the integration.
Open Authorization API: The Custom Identity Provider template for the Open Authorization API now supports defining a set of applications available within the IdP. Users and groups can be assigned to apps for more precise modeling of entitlements.

Veza Platform

New Features

Event Subscription and Alerting: Administrators can now configure alert subscriptions for specific events using filters for severity, category, and event type.
- Veza evaluates events during the subscription interval and sends email alerts when events match your filters.
- You can manage subscriptions on the Administration > Subscription Management page.

PreviousProduct Updates NextProduct Update: November'24

Last updated 1 day ago

Was this helpful?