User Guide
Release Notes

2022.6.1

Welcome to the latest Veza release! Some highlights in this month's update include:

  • New dashboards for Authorization Risks on data access and privilege access

  • New support for Azure Blob Storage

  • New support for GCP Labels and Tags

  • New support for identity correlation across identity providers (Okta, Azure AD, etc.)

  • Enterprise improvements and extended functionality for Veza Workflows

  • Open Authorization API: custom icons and template enhancements

Please see below for the complete release notes, and please reach out to your Veza Sales and Customer Success team with any requests and feedback:

Insights: Authorization Risks Dashboard

  • Data access and privilege access authorization risks are now shown on the main Veza dashboard: Identities With Full Admin Access, Dormant Entities, and Identities That Can Circumvent MFA. For any given authorization risk, the total number of results can be filtered by an individual identity provider, cloud provider, or data source. A complete list of entities in each risk assessment is available in a table view, with the option to open individual row results in Authorization Graph.

Integrations

  • Added support for Azure Blob Storage, including new pre-built queries such as Storage Accounts that allow public access, Storage Accounts with shared key access, and Storage Accounts with HTTPS-traffic-only enabled. Blob Storage resources are discovered automatically for connected Azure tenants.

  • Google Labels and Tags are now discovered and available along with Veza and AWS tags when searching and filtering entities in the data catalog. All discovered tags and labels are shown under the Configuration section. Additional service account permissions are required to extract this metadata.

  • BigQuery tables can now be included or excluded from discovery using the Google Cloud provider configuration panel.

  • When configuring an AWS integration, you can now specify the name of the IAM policy used to grant permissions for discovery. If provided, Veza will validate that the policy contains all required statements when connecting for the first time.

  • Identity Correlation: starting with this release, you can now define custom mappings between identities in different identity providers, to better support environments that utilize multiple IdPs or federate access ways Veza can't detect (such as Okta -> Custom IdP).

  • A new API operation is now available to check if the service account role used for Google Cloud integration has sufficient permissions for discovery.

Workflows

Enterprise enhancements to access reviews, certification, recertifications, etc.

  • When reviewing a certification, decisions can now be made across all rows in the filtered view. After applying a condition-based action, reviewers can now choose to show only the affected rows.

  • Reviewers are now prompted to add custom notes when making decisions on certification results. A note is required when rejecting one or more rows (optional when approving).

  • When hovering over a reviewer's name, the user's email address is now included in the tooltip.

  • The navigation sidebar is no longer visible to users with the Access Reviewer role.

Improvements for administrators and workflow management:

  • To enable an audit log of previous notes and reviewer changes on certification rows, List Certification Results now includes action_log_entries containing a record of notes and reviewer changes, along with details of the user who initiated the change. Only the most recent note is shown when viewing certifications in the Veza UI.

  • Certification auto-completion: Added a support-enabled option for in-progress certifications to change to CERTIFIED status when all rows are signed-off.

    Auto-complete can be configured to happen when:

    • All rows have a non-REJECT decision (signed off as approved or fixed)

    • All rows have a decision (which may include rejections)

  • Prevent self-review and self certifications: Added a support-enabled option to prevent users from being assigned to review their own access. When enabled, the subject of a certification result can't be selected when reassigning reviewers for that row.

Open Authorization API

  • Local users and groups in custom applications can now be assigned unique_ids for identity-to-permission mapping purposes. The group or user name is now only shown as a display name.

  • Custom icons are now shown throughout the Veza UI for data sources added using OAA.

  • Entity name length requirements have been reduced so that 2-character names are now supported (previously, labels had to be >3 characters).

  • Custom application permissions can now be assigned according to the resource_types they apply to.

  • Custom Identity Provider payloads can now include an identity_mapping_configuration to connect identities to users in other data sources.

Previous2022.6.2Next2022.5.1

Last updated