# Release Notes: 2025-04-16 ### Access Reviews #### Enhancements * **EAC-46051 Reviewer Reassignment Control**: Administrators now have the ability to restrict individual reviewers from reassigning their review rows. This setting can be enabled within individual Review Configurations (toggle **Enable Reviewer Reassignment**) or globally under **Access Reviews** > **Settings** > **Reviews** > **Enable Reviewer Reassignment**. * **EAC-45064 Email Notification Template Enhancements**: Administrators can now create multiple notification templates for the same event type and assign them to specific review configurations under **Access Reviews Settings > Notifications > Notification Templates**.\ Custom notification templates can now be used to: * Create one default message template per event type (applied to all configurations) * Create unlimited additional templates for each event type * Assign specific templates to individual review configurations * Previously, only one template could exist per event type, which applied to all configurations. This allows organizations to tailor notification language to specific teams or departments while maintaining consistent messaging elsewhere. Additionally, the workflow for adding templates is improved for more streamlined mapping of different event types to custom notification templates. Users cannot assign multiple templates to the same review configuration and event type. * **EAC-44977 Improved CSV Export Formatting**: When exporting the list of access reviews to a CSV file, the certification state is now displayed in a human-readable format (e.g., "Expired" instead of "CERT\_STATE\_EXPIRED"). Available states include: In Progress, Expired, Errored, and Completed. #### Bug Fixes * **EAC-46207 1-Step Review UI Fix**: Fixed an issue where the option to launch a 1-step Review was shown when the feature was unavailable, resulting in unexpected UI behavior. * **EAC-45765 Create Access Review Action Fix**: Fixed an issue where no access review is created when an administrator manually triggers a Lifecycle Management workflow where "Create Access Review" was configured as an action. ### Access Requests #### Enhancements * **EAC-46366 Access Profile Types**: It's now possible to create multiple conditional entitlement rules within a single Access Profile Type. This can streamline administration by defining entitlement creation logic based on specific conditions within a single configuration. * Administrators can now define one or more rules with string conditions or any-match criteria when adding profile types. * Each rule can trigger different entitlement creation based on your business requirements, reducing the need to maintain separate profile types for similar scenarios. * For example, you could define a single profile type that creates different entitlements for developers based on their department or location. * **EAC-45944 Access Profiles**: For more precise control over how user attributes are transformed during provisioning, you can now choose specific sync identity actions to use when creating entitlements through Access Profiles. * This enables different formatting rules to apply based on the entitlement granted. * For example, you can configure one group to use a standard username format while another uses an administrative format when the same user needs accounts in both contexts. * **EAC-45030 Slack Notifications**: You can now integrate Access Requests with Slack notifications to send messages when an access request changes state. ### Lifecycle Management #### Enhancements * **EAC-46262 ASCII Transformer for Identity Attributes**: Lifecycle Management policies now support an ASCII transformer for handling international character sets. This transformer: * Removes non-printable characters * Converts non-ASCII characters to their closest ASCII equivalents to prevent provisioning errors for systems with character limitations such as Active Directory sAMAccountName restrictions. * **EAC-42675 "Additional Formatters" in Lifecycle Management Policy Workflows**: It's now possible to add additional formatters for attributes in the Sync Identities action of a workflow. These fallback formatters will be used when there is a conflict due to a unique ID attribute already being in use. #### Bug Fixes * **EAC-46297 Access Profile Member Search**: Fixed a visibility issue that prevented Access Profile owners from seeing all available users when adding new members to an Access Profile. * **EAC-46002 Access Hub Navigation**: Fixed an issue in the Manager's Access Dashboard where the browser's Back button wouldn't properly return users to the Overview tab when viewing a user's specific resources. ### Non-Human Identity Security #### Enhancements * **EAC-46382 Azure Managed Identities Classification**: Azure Managed Identities now automatically have the "nonhuman" identity type, enabling NHI management and search for Azure workloads using managed identities to access downstream resources. ### Access Intelligence #### Enhancements * **EAC-46502**: The "Save As New" action is now available for uneditable queries, allowing users to create copies of system or reference queries they couldn't modify directly. * **EAC-46076**: Added a universal search bar from the **Dashboards > Favorites** page for all dashboard pages. * **EAC-45868**: By default, Dynamic Dashboard/Report sections with the same name are now merged when fetched. The `skip_section_merge` parameter is available on the List and Get API methods to display the separate sections. * **EAC-45721**: Risks and daily Risk aggregate counts may now be filtered by integration type: * Newly detected Risks now include their integration type. * Pre-existing Risks will have their integration types populated via a background job. * Daily aggregate counts for previous dates cannot be updated, but new aggregates will begin including the necessary data for filtering by integration type. * During the background update process, there may be temporary discrepancies in new daily aggregate counts filtered by integration type, but these will resolve once processing completes. All existing filter views remain fully accurate. * **EAC-45328**: Tables that show large numbers of tags now use a smart tag display system that shows a limited number of tags with a "+X more" indicator. * You can now view the complete list of tags in a slideout panel by clicking on the cell. * This change should significantly improve page load times and overall application stability for searches involving extensive tag data. #### Bug Fixes * **EAC-46306 AWS Policy Processing**: AWS policies with ARN principals using StringSliceMatch conditions are now properly evaluated, preventing potential permission evaluation errors. ### Veza Integrations #### Enhancements * **EAC-46376 Okta "Sync Users Only" Option**: When configuring an Okta integration, administrators can now limit extractions to user entities, skipping groups, apps, roles, role assignments, app users, and app groups. When using this option, only `okta.users.read` permission is required for the integration. * **EAC-46276 CSV Upload Enhancements**: An improved CSV upload flow for creating integrations is now generally available. The new integration supports modeling custom applications and HRIS systems using imported data, and mapping CSV columns to custom or built-in entity attributes. * **EAC-46094 Active Directory Kerberos Authentication**: Added the ability to specify an explicit Service Principal Name (SPN) when using Kerberos authentication for Active Directory integration. This optional field defaults to `ldap/` if not provided. * **EAC-45883 Workday**: Optimized performance when saving a Workday integration by reducing the number of reports fetched. * **EAC-45410 CSV Upload**: When creating an HRIS integration from CSV, you can now specify a list of columns for mapping local users to associated IdP identities. * **EAC-46235 Salesforce**: Supported extraction of additional attributes on Salesforce objects: * CreatedById * CreatedDate * LastActivityDate * LastModifiedDate * LastModifiedById * OwnerId * SystemModStamp * Account: Type * Opportunity: Type, StageName #### Bug Fixes * **EAC-34457 Active Directory**: Fixed AD integration not working when Insight Point is changed. * **EAC-44482 Oracle EBS**: Fix for missing menu bindings in effective mode when a menu tree could contain the same submenu at different parts of the menu tree. * **EAC-45123 Oracle EBS**: Fix for missing functions on AZN Menus when the function belongs to a submenu that was not an AZN menu. * **EAC-45307 Oracle EBS**: Fixed a connection issue that could result in `SESSIONS_PER_USER` limit errors. * **EAC-45370 Privacera**: Added support for Privacera portal roles. * **EAC-45492 Active Directory**: Corrected typo in AD sync status. * **EAC-45543 Windows**: Fixed Windows File Share folder id generation to retain folder tags. * **EAC-45901 Dropbox**: Fixed "Error getting Dropbox credentials from environment" message. * **EAC-45998**: Fixed form validation for integrations. * **EAC-46043 Azure**: Fixed parsing of AzureAdLicense entities. * **EAC-46098 Artifactory**: Fixed a bug forcing the usage of http prefix in URL. * **EAC-46168 Salesforce**: Fixed Commerce Cloud parsing to not fail on missing effective permission mapping. * **EAC-46206 Azure**: Fixed an issue where the `Manager` attribute field couldn't be selected when filtering Azure AD Users. * **EAC-46357 Azure**: Fixed pagination for MS Dynamics client. * **EAC-46365 Oracle EBS**: Fixed an error that could occur when attempting to change the integration Insight Point. * **EAC-46414 CSV Upload**: Fix for user-role mapping with CSV upload. * **EAC-46459 Okta**: Supported extracting Okta users with only email field. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/release-notes/release-notes/2025-04-16.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.