# Release Notes: 2025-03-19 ### Non-Human Identity Security #### Enhancements * **EAC-45004, EAC-44959**: The NHI Accounts page now includes the "Type" column to indicate what entity is listed and options to filter by integration and integration type. * **EAC-44949**: The NHI accounts page now contains a "view details" button for each line item which brings you to a query details page for the specific result. * **EAC-43200**: Enrichment rules are now supported for all integrations that use custom application templates (e.g., Terraform, DocuSign, PagerDuty, and Zoom). ### Access Intelligence #### Enhancements * **EAC-28997**: The Graph search home page now includes your customer name, e.g., "Welcome to Evergreen Trucks Access Graph." Contact your Veza Customer Success Manager to customize this setting for your tenant. #### Bug Fixes * **EAC-44927**: Fixed an issue where scheduled export links could appear as expired before reaching their 28-day limit. * **EAC-44219**: Some legacy reports could contain private queries despite being a public report, a condition that is no longer permitted. Veza now filters out all private queries from public reports to unify this behavior. * **EAC-34937**: Fixed an issue where the user was unable to attach a webhook when editing an existing rule. ### Access Reviews #### Enhancements * **EAC-45381**: In the reviewer interface, display options to Include Other Reviewers' Decisions, Include Signed-Off Rows, and Compare With Prior Review are now contained in the View dropdown menu above the results. These were previously under the "Filters" menu, which has been relocated for better visibility. * **EAC-45426**: A "help" link is now shown when configuring digest notifications. * **EAC-44466 New Iconography for Effective Permissions**: Reviewers can now more easily scan reviews to identify access permission differences with new visual indicators that highlight variations in Effective Permissions. These indicators use color and icons to distinguish permission states, making pattern recognition across multiple rows faster. This Early Access feature is now enabled by default. * **EAC-44467**: In-column actions are now enabled by default in the reviewer interface, providing an easier way to rename, hide, filter, sort, or group by individual columns. * **EAC-43560**: Administrators and Operators can now customize column names, order, and visibility in the reviewer interface and publish these settings for all reviewers. A new "Admin" button allows administrators to set the current column settings as the default for all reviewers, manage renamed columns, or edit the review configuration. Any customizations made will apply to all reviews using the same configuration. * **EAC-40094**: Administrators can now configure predefined approval, rejection, and custom decision notes directly in the Veza UI. This ensures consistency in the review process by providing standard note options for reviewers. * **EAC-43220**: When using alternate lookup settings for review auto-assignment, auto-assignment now functions for rows that include users in the main IdP. * **EAC-42732**: PDF exports now include completed, approved, rejected, and unactioned row percentages. * **EAC-45240**: When using the *Group By* option in access reviews, reviewers can now sign off with a single click once all rows in a group have a decision. Additionally, reviewers can use the *Clear Decision* row action to reset any item that has not yet been signed off. A *Signed Off* badge now indicates when all rows in a group are final. ### Lifecycle Management #### Enhancements * **EAC-44703 In a "Mover" Lifecycle Management Policy workflow, it is now possible to configure a grace period before removing entitlements**: When a user changes job roles the organization may want to allow them continued access to the previous job role's entitlements for some time. You can now configure this in a Lifecycle Management Workflow in the "Manage Relationships" action. * **EAC-44063 Retired and Draft Access Profile Versions**: If Access Profile versioning is enabled, it's now possible to view retired or draft versions of the Access Profile in addition to the currently published version. * **EAC-45090**: Workflows now support "Password Reset" actions, enabling you to create identities in advance of an employee's start date and then automatically set their password on an actual start date. #### Bug Fixes * **EAC-44674**: Fixed an issue with custom property validation in attribute formatters. ### Access Requests #### Enhancements * **EAC-45025**: You can now select how user identities are uniquely identified when logging into the Access Hub using SSO, either by email address (default) or employee ID. * **EAC-44386**: Access Profiles now allow adding customer-defined properties to add more metadata to the Access Profile. This enhancement also includes the ability to search on the customer-defined properties and their values. ### Veza Integrations #### Enhancements * **EAC-44726 Microsoft Azure**: The integration now discovers groups assigned to Azure AD (Entra ID) roles, and supports search for users within those groups. * **EAC-45125 Active Directory**: Adds support for Kerberos authentication when binding to LDAPS. * **EAC-45299 Active Directory**: You can now choose to exclude disabled users from extractions when configuring the integration. * **EAC-44076 Exchange Online**: The Azure integration can now discover Exchange Online Role Groups. * **EAC-45418 Open Authorization API (OAA)**: The Custom Identity Provider template now supports setting the `identity_type` property during user submission, allowing identities to be designated as either `human` or `non-human` within the payload. * **EAC-45138 Okta**: Both `STAGED` and `PROVISIONED` user statuses are now considered as `isActive = false` (no activity). #### Bug Fixes * **EAC-45144 SharePoint**: Adds support for skipping discovery of SharePoint sites with identical GUIDs. * **EAC-45234 Active Directory**: Fixed handling of surname attribute in Active Directory integration. * **EAC-44993 Teleport**: Fixed a "Connection Refused" error when configuring the Teleport integration. * **EAC-44858 AWS KMS**: Adds error handling for `UnsupportedOperationException`. * **EAC-44395 AWS Redshift**: Invalid database names are now skipped during extraction. * **EAC-43517**: Integration names in Veza now support additional characters (such as `()`, `-`). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/release-notes/release-notes/2025-03-19.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.