Release Notes: 2025-05-28

Access Reviews

Enhancements

• EAC-47127 Bulk Decision Clearing: Added the ability to clear decisions in bulk select mode, giving reviewers more flexibility when managing multiple review rows at once.

• FR-3259 On-Demand Review Launch Options: Added configurable launch modes for Access Reviews triggered by Rules, enabling a wider range of review scenarios. Rule-based reviews now support Consolidated mode (single review for all triggered results) and Individual mode (separate reviews per result entity, up to 20 results). Consolidated reviews are automatically used for large result sets (>1000 results) to maintain performance.

Bug Fixes

• EAC-47854: Fixed an issue where administrators couldn't see the Edit and Create Review buttons in Access Review configuration details screens.

• EAC-48000: Fixed an issue where creating a review with disabled IdP settings would result in a CERT_STATE_ERROR state.

Lifecycle Management

New Features

• FR-3418 Atlassian Provisioning: The Atlassian integration now supports SCIM-based provisioning and deprovisioning capabilities, enabling identity governance workflows for Atlassian Cloud environments. Organizations can now automatically manage user accounts and group memberships through Lifecycle Management policies and workflows.

Enhancements

• EAC-48055 Date Format Transformer: Added a new DATE_FORMAT transformer for flexible date formatting during identity synchronization. Example: {hire_date | DATE_FORMAT, "2006-01-02"} converts dates to yyyy-mm-dd format.

• FR-3651 Transformer Functions in SCIM Conditions: Lifecycle Management now supports using transformer functions within SCIM conditions for both Workflow trigger conditions and Action conditions.

• EAC-47991 Policies: Autocomplete for Target Attributes: The Lifecycle Management Policy UI now supports autocompletion for the $target prefix on attribute transformers. You can now reference previously transformed attributes using $target. syntax to streamline complex transformation chains and reduce configuration errors.

• EAC-47666 Configurable Unique Identifiers: You can now configure the attributes that will be unique identifiers within Sync Identity and Deprovision Identity actions, as well as Common Transformers. This enables administrators to specify the attributes that will be used to look up target users in supported integrations (currently Active Directory account_name).

Bug Fixes

• EAC-48030 Notification Settings Management: The Lifecycle Management Policy builder now enables direct modification of notification settings without creating or publishing the policy.

• EAC-48298 Common Transformer Blank Formatter Consistency: Fixed inconsistent behavior where blank formatters were disallowed in Common Transformers but permitted in Action Sync Attributes. Both functions now consistently handle empty values.

• Azure Integration Fixes:

  • EAC-48193: Fixed an issue preventing the reactivation of previously deactivated guest users. The system now correctly distinguishes between creating new guest accounts and reactivating existing blocked accounts.

  • EAC-47734: Fixed an issue where the invited_user_email_address attribute was not being populated correctly when creating guest accounts via webhook notifications.

Non-Human Identity (NHI) Security

Bug Fixes

• EAC-48177 NHI Display Issue: Fixed a tenant-specific issue where Non-Human Identity entities were not properly displayed in the NHI overview.

Access Intelligence

Enhancements

• EAC-48303 ServiceNow Actions: When configuring Veza Actions for ServiceNow, you can now choose the Assignment Group and Configuration Item for created tickets.

Veza Integrations

Enhancements

• EAC-47872 Salesforce: Updated the Salesforce integration to make the Enabled Salesforce Object Types field optional, allowing extraction of only IAM data if desired, without requiring additional object type selection.

• EAC-47725 HiBob Custom Properties: Added custom property support for HiBob integration, enabling customers to extract and utilize additional identity attributes in search and Lifecycle Management workflows.

• EAC-47965 Teleport: Added support for extracting SAML groups to role mappings.

• AWS KMS Enhancements: Added support for additional AWS KMS key attributes:

  • EAC-48255: Added support for Origin, KeyManager, KeySpec, and KeyUsage attributes

  • EAC-48307: Added Next Rotation Date and Rotation Period attributes

Bug Fixes

• EAC-48198 Active Directory: Fixed a syntax error that could cause failures during integration configuration.

• EAC-47881 Beeline: Fixed an issue where Beeline report IDs were incorrectly flagged as secret values, causing them to appear blank after saving configurations.

• EAC-48096 Privacera: Fixed incorrect role assignments for Privacera Portal Users.

• EAC-48188 Snowflake: Network policy extraction is now optional and can be disabled if errors are encountered during integration.

• EAC-47753 Workday: Improved extraction reliability and performance for large custom reports.

• EAC-47743 Custom Identity Mapping: Fixed an issue with property matchers with multiple destinations where the dropdown for selecting attributes wasn't appearing properly.

Veza Platform

Bug Fixes

• EAC-48058 Time Machine Historical Data: Fixed an issue in Time Machine where historical snapshots were missing. For SaaS tenants, this repair addresses potential data gaps from April 22, 2025, to May 22, 2025.

• PLT-1788 MFA Login: Fixed an issue that prevented local users from successfully logging in with previously enrolled MFA.