# Release Notes: 2025-04-02 ### Access Intelligence #### New Features * **EAC-44833 Query Change Logs**: You can now review a complete change history for any query using the *Show Edit History* option when viewing *Query Details*. A sidebar now shows all changes to date, including modifications to risk level, query permissions, or query parameters. * **EAC-44131 Manager Assignments for Separation of Duties**: For improved governance, ownership and better delegation of Separation of Duties (SoD) queries, we've introduced new functionality and terminology specifically for delegating and managing SoD queries. * New **SoD Managers**: The term "SoD Manager" now replaces "Owner", creating a clear distinction between query creators and those responsible for managing SoD policies * You can now assign and change SoD Managers. * Multiple SoD managers can be assigned * You can now select multiple SoD queries and assign one or multiple managers to all items. SoD Manager assignment options are available on the **Separation of Duties** overview page. Look for the new "Assign SoD Manager" button. #### Enhancements * **EAC-45672 Veza Actions**: To provide greater clarity when configuring outbound actions (such as webhooks for alert rules, email notifications, and Access Review automation), **Orchestration Actions** are now referred to as **Veza Actions** throughout the product interface. The new terminology should more intuitively communicate that these are actions originating from the Veza platform. * **EAC-45501 Email Alerts**: Emails sent for alert notifications now show the friendly entity `name` instead of the entity `unique id`. * **EAC-45096 Enrichment Rules**: Enrichment rules now have a *Priority* field. This defaults to 0.0 and has a maximum of 10.0. The higher the priority, the later it will run, meaning that higher priority rules will override values set by lower priority rules. * **EAC-39274 VQL Autocomplete**: The VQL editor now provides autocomplete suggestions, for improved user experience with faster and more accurate query completion. ### Non-Human Identity Security #### Enhancements * **EAC-45008 NHI Account Summaries**: There is now a banner above the *NHI Security* > *Accounts* page, indicating how many total NHI accounts are detected, and which integrations they come from. ### Access Requests #### New Features * **EAC-45655 Access Request Approvals with Veza Groups**: Veza Groups can now be added to an Access Request Policy when selecting other approvers, in addition to individual users. * **EAC-45028 Application/Integration Owner Approvals**: It is now possible for the Application/Integration Owner to be designated as an approver within an Access Requests Policy. * **EAC-45027 Access Requests Digest Notification**: Access Request digest notifications are now available, showing the recipient user a summary of requests created and completed during the selected time range. #### Enhancements * **EAC-45534 Custom Property Value Constraints**: Specific values can be defined in Access Profile Settings as constraints for custom property values. When these specific values are set, the value of a custom property is limited to the preconfigured value. * **EAC-45533 Custom Properties for Entitlements**: Entitlements can now have custom property values applied to them, differing from custom properties associated with the Access Profile. ### Access Reviews #### Enhancements * **EAC-45059 Prevent Reviewer Reassignment**: Administrators can now prevent individual reviewers from reassigning review rows. This setting can now be configured globally on the *Access Reviews* > *Settings* page or per Review Configuration (via API). * **EAC-44730 Integration Parsing Warning for Reviews on Active Graph Data**: When creating an access review, a warning message has been added to the "From the moment the review is created" option to illustrate that it will temporarily pause all active data source parsing jobs until the review creation completes. #### Bug Fixes * **EAC-45179 Auto-Assignment to User Managers Fix**: Fixed an issue preventing certain managers from being correctly identified during auto-assignment. * **EAC-46001 Current User Lookups Enhancement**: When looking up the current user in the Access Graph, Veza now uses the `idp_unique_id` property of identity provider users as a fallback if there is no matching `email` property. Previously, lookups would fail if the email property didn't match. ### Lifecycle Management #### New Features * **EAC-39491 New Lifecycle Management Landing Page**: A new Lifecycle Management landing page was released and is being progressively enabled for customers. Among the highlights of this new landing page are: * An overview, status, and statistics for Lifecycle Management policies * An overview and statistics for Access Profiles * Identity metrics for active/inactive identities * An overview, health status, and statistics for Integrations * An overview of pending and completed access requests by status * A summary of recent provisioning errors * A summary of recent provisioning activity #### Enhancements * **EAC-45701 Active Directory as Identity Source**: Active Directory can now be used as an identity source for both Lifecycle Management and Access Requests. * **EAC-45093 Azure AD Guest Invitation Creation**: The option to create an Azure AD guest user invitation has been added to Sync Identities actions for Azure AD. * **EAC-45086 Azure/M365 License Management**: Lifecycle Management can now add and remove M365 licenses for Azure AD users with the Manage Relationships action in a Lifecycle Management workflow. * **EAC-45083 Identity Attributes in Email Templates**: Any attributes provisioned by Lifecycle Management can now be piped into Lifecycle Management email notification templates. #### Bug Fixes * **EAC-45765 Lifecycle Management Access Review Creation Fix**: Fixed an issue where no access review was created when an administrator manually triggered a Lifecycle Management workflow where Create Access Review was configured as an action. * **EAC-45495 Access Reviewer Pagination Fix**: Prior to the fix, only the first page of reviewers was shown in the Reviewer dropdown when creating the action. * **EAC-44801 API Response Missing Value Fix**: Prior to the fix, the value for `access_profile_ids` was missing after `POST /api/private/lifecycle_management/policies/:dry_run`. ### Veza Integrations #### New Features * **EAC-45752 Dynamics ERP Integration**: The Azure integration can now discover Users, Groups, Application Users, and Security Roles for Microsoft Dynamics 365 ERP. * **EAC-44077 Coupa CCW Integration**: New Integration for Coupa Continent Workforce (CCW). #### Enhancements * **EAC-45700 Integration Overviews Categorization**: When viewing the summary of discovered entities on the integration overview page, entities are now grouped into three categories for better readability: * *Identities* (principals accessing resources) * *Resources* (entities on which a principal can take actions) * *IAM Entities* (entities that specify and assign permissions such as roles, groups, role bindings, and permission sets). * **EAC-42806 Google Cloud Enhancements**: Added support for discovering **Google Secret Manager** Secrets and filtering by attributes `last_rotated`, `status`, and `secret_type`. The integration also now extracts and shows these attributes for KMS Keys. * **EAC-45085 Microsoft Azure License Entities**: Azure/Microsoft 365 Licenses are now represented as searchable entitlement entities that can be related to one or more users. Previously, license information was only available as a user property. * **EAC-43469 Microsoft Azure Role Attributes**: Azure AD Roles now include attributes to show the full role `Description` and indicate if the role is `Privileged`. * **EAC-45419 Open Authorization API Identity Type Support**: The `oaaclient` SDK now supports setting identity type (human or nonhuman) for Custom IdP Users. * **EAC-44051 Snowflake Network Policy Attribute**: Snowflake Users now have the `Network Policy Exists` attribute, set to `true` when a Network Policy has been added to the user. #### Bug Fixes * **EAC-45690 Azure Custom Roles Fix**: Added handling for custom roles and custom role assignments. * **EAC-45631 OAA Custom Identity Mappings Fix**: Fixed an issue with custom identity mappings between Okta and Users created with the "Custom Principle" OAA template. * **EAC-45883 Workday Integration Performance**: Optimized performance when saving a Workday integration by reducing the number of reports fetched. * **EAC-45548 Workday Identity Mapping Fix**: Fixed an issue where Workday identity mapping configurations did not include all relevant node type properties. * **EAC-32570 Windows Server Task IDs**: Changed Windows Server Scheduled Task unique IDs to match the task's fully qualified path. ### Veza Platform #### Enhancements * **PLT-1050 API Keys Management**: Veza API keys can be blocked by customers via the **Enable API Keys** option found within *Administration* > *Sign-in settings*. * **PLT-1309 API Keys Disable Behavior**: When API Keys are disabled from the UI, all API key access is disabled. The API keys management page is hidden for all users. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/release-notes/release-notes/2025-04-02.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.