# Release Notes: 2025-10-29 ### Access Security #### Bug Fixes * **EAC-52122 Risk assignee search**: Fixed an issue where the "Search by name or email" functionality in the Risk Assignee selector did not consistently search by email address. The search now properly handles both name and email searches, regardless of how identity names are stored in integrated systems. ### Access Reviews #### Enhancements * **FR-4436, EAC-53748 Configurable outlier detection**: Access Reviews now support outlier detection to automatically identify anomalous access patterns within peer groups. * By default, Outlier Detection groups users by their **manager** and flags access held by fewer than 15% of people reporting to the same manager, helping reviewers prioritize potentially risky or unusual permissions. * Administrators can customize the peer grouping attribute (e.g., department, location, role, or any user/resource property) and the rarity threshold via API configuration using the `/api/private/workflows/access/global_settings/manager_centric_config` endpoint. * **FR-2863, EAC-53783 Simplified outlier filtering**: The reviewer interface now features a streamlined toggle button for filtering outlier items, replacing the previous dropdown menu. The toggle displays the count of access outliers (e.g., "Only show 42 access outliers") and provides a faster, more intuitive way for reviewers to focus on anomalous access patterns during certification campaigns. * **FR-4412, EAC-53747 Outlier detection alert positioning**: Relocated the outlier detection alert icon in the Access Review interface for improved visibility and user experience. #### Bug Fixes * **EAC-54167 Enrichment node attribute filtering**: Fixed an issue where Access Reviews would hang when filtering by enrichment node attributes such as Manager Name or Manager ID. Veza now properly handles filters on these joined node properties, enabling reviewers to filter by manager and other enrichment attributes without performance issues. ### Access Visibility #### Enhancements * **FR-3834, EAC-52584 Query Builder source node enrichment**: Query Builder now supports enriching source nodes immediately upon selection, without requiring destination nodes to be selected first. This enhancement also enables the application of multiple enrichments simultaneously and adds support for enriching with Active Directory Group node types. * **EAC-48187 Open in Query Builder from Access Graph**: Added the ability to open Access Graph searches directly in Query Builder for searches that don't specify any relations, enabling better transitions between graph exploration and query creation. * **FR-4114, EAC-52077 Graph statistics on landing pages**: Access Search and Query Builder landing pages now display statistics about the Veza Access Graph, providing insights into the scale and scope of authorization data in your environment. * **EAC-53598 Improved Query Builder refresh experience**: Enhanced the user experience when refreshing Query Builder queries to communicate caching and refresh behavior. * **FR-4459, EAC-54013 Improved search prioritization**: Access Search now prioritizes IdP users and groups in node-centric searches, showing general-purpose identities higher in search results for better discoverability. #### Bug Fixes * **EAC-43156 Nested query execution**: Fixed an issue where queries nested three or more levels deep could return "Failure to fetch query results" errors. * **EAC-52266 Access Graph navigation**: Fixed an issue where the "Go back" button in Access Graph would navigate to unrelated pages when no query history existed. The button now properly clears the query and returns to the initial Access Graph state when there's no search history available. * **EAC-52399 Query Builder loading indicator**: Fixed an issue where a loading indicator in Query Builder could display longer than expected. * **FR-2449, EAC-52414 OAA template type names**: Fixed an issue where updating an OAA template type name with a different letter case could break existing saved queries. * **EAC-53623 User details panel performance**: Fixed an issue where the user details panel in Access Graph could take a long time to open. * **EAC-53676 System permission filters**: Fixed an issue where some system permissions were not offered as filter options in Query Builder. * **EAC-53705 Node details sidebar behavior**: Fixed an issue where an empty node details sidebar could unexpectedly reopen when returning to Query Builder. ### Lifecycle Management #### New Features * **FR-4122, EAC-53108 AWS RDS database support**: Veza now supports Lifecycle Management actions for AWS RDS MySQL, PostgreSQL, and OracleDB databases, enabling automated user provisioning, role assignment, and account management. Supported operations include creating database users, assigning and removing role memberships using database-native operations (GRANT/REVOKE), and disabling user accounts to prevent login while preserving user data and permissions. * **FR-4119, EAC-53237 PagerDuty support**: Added Lifecycle Management support for PagerDuty, enabling automated user provisioning (create/modify users), group management (add/remove users from teams), and user deletion. * **EAC-52245 OracleDB support**: Added support for OracleDB databases, enabling automated management for Common Users (root container) and Local Users (PDB-specific). Supported operations include user provisioning with profile assignments, role management using GRANT/REVOKE operations, and account locking/unlocking for deprovisioning while maintaining user data and permissions. #### Enhancements * **FR-4250, EAC-53273 Inline transformer testing**: For immediate feedback on transformer outputs, the policy workflow editor now supports testing data transformers inline while defining workflows. This change enables immediate validation of transformer logic without leaving the workflow configuration interface. * **FR-4306, EAC-53285 Pause workflow actions**: Administrators can now pause or temporarily disable individual actions within policy workflows, allowing for safer testing and the gradual rollout of workflow changes. This enables workflows to remain active while specific actions are disabled, providing finer-grained control over lifecycle management operations. When testing policies with a dry run, paused actions are always skipped. * **FR-4305, EAC-53827 Enable/disable workflows**: Administrators can now enable or disable workflows within Lifecycle Management policies, providing workflow-level control for testing, seasonal policies, or gradual rollouts. Disabled workflows are skipped during policy execution and displayed with a visual indicator in the policy editor, for temporary deactivation without deletion. In dry runs, disabled workflows are evaluated by default, but can be skipped by setting the `skip_disabled_workflows` parameter to `true`. #### Bug Fixes * **EAC-53737 Access Review notification templates**: Fixed an issue where Access Review event types (Create Access Review, Create Access Review Queued) were missing from the notification template event dropdown, preventing administrators from customizing notification templates for Access Review creation events. ### Non-Human Identity (NHI) Security #### Enhancements * **EAC-52706 Okta Authorization Servers and Policies**: The Okta integration now collects Authorization Server entities and related policies, expanding Non-Human Identity (NHI) coverage for OAuth/OIDC infrastructure. This enhancement provides visibility into authorization servers, their policies, scopes, claims, and application grants, enabling better governance of API access management. * Integrations using OAuth credentials will require additional `okta.authorizationServers.read` and `okta.appGrants.read` scopes. Integrations using API tokens require a Super Administrator role or a custom admin role with `View application grants` permission to access the full set of authorization server data. ### Veza Integrations #### Enhancements * **FR-4201, EAC-51942 Snowflake account allowlist and denylist**: Added support for account allowlist and denylist for Snowflake Organizations feature, for granular control over which accounts are included in data collection. #### Bug Fixes * **EAC-51834 Box custom role labeling**: Fixed parsing error for Box custom roles by adding proper entitlement labels, resolving "no edge found for entity type" errors. * **EAC-53316 LDAP destination datasource**: Fixed propagation of destination datasource OAA app type, resolving "Destination Datasource Must Only Be Used Once" errors. * **EAC-53729 Azure audit log extraction**: Fixed undefined user type error during Azure audit log extraction. ### Veza Platform #### Enhancements * **PLT-2528 Insight Point time synchronization monitoring**: Veza now tracks time synchronization between Insight Points and the control plane. * When an Insight Point experiences significant time drift (exceeding 80% rejection rate for authentication requests), it is marked as OUT\_OF\_SYNC, enabling administrators to identify and resolve clock synchronization issues that could impact data collection. #### Bug Fixes * **PLT-2904 SAML and OIDC role mapping configuration**: Fixed an issue that prevented customers from modifying their groups (roles) attribute in SAML and OIDC authentication provider configurations, restoring the ability to update role mapping settings. * **PLT-3078 Password reset for local users**: Fixed an issue where administrators using SSO authentication could not reset passwords for local user accounts. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/release-notes/release-notes/2025-10-29.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.