Release Notes: 2025-11-12

Access Reviews

Enhancements

• EAC-53373 Filter Review Items by Assignment: To help reviewers focus on their assigned responsibilities, Access Reviews now feature "All" and "Assigned" tabs in the reviewer interface, allowing reviewers to easily filter between all review items they can view and items specifically assigned to them.

• EAC-51146 Permissions for Assigned Reviewers: Any user assigned to specific review items in Veza Access Reviews now receives the same permissions as a standard reviewer for those rows, including the ability to approve, reject, sign off, add notes, and reassign.

  This supports more flexible delegation workflows, where non-reviewers can take action on items assigned to them without admin intervention.

• EAC-53374 "Needs My Review" Filter: The Reviews page now features a "Needs My Review" filter card that helps visitors quickly identify reviews where they are assigned as reviewers with outstanding work.

  Additionally, progress columns have been renamed to "Total Progress" and "My Progress" to distinguish between overall review progress and individual reviewer progress.

• EAC-53314 Dual Progress Tracking for Admin Users: For better visibility into individual responsibilities and overall review health, administrators now see two progress bars in the reviewer interface: My Progress (the number of personally-assigned certification items), and Total Progress (the overall completion status of the entire review).

• EAC-53836 Alternate Email for Access Review Notifications: Organizations can now configure alternate email addresses for Access Review notifications, for example, to configure region-specific email domains.

  Administrators can now configure globally or per-workflow which identity graph property contains the alternate email address.

  All email notifications will use the alternate address when available. Slack notifications continue to use the primary email. This feature requires Identity Provider (IDP) settings to be configured and does not support local non-IDP users.

• FR-3361: Managers are now more clearly identified as Reviewer Managers when configuring notifications for Access Reviews.

• FR-4025: When viewing the list of reviews, the approval level label for single-level reviews is now explicitly labelled as "1 of 1" for consistency with multi-level reviews (which are denoted as either "1 of 2" or "2 of 2").

Bug Fixes

• EAC-53056 Fixed an issue where delegate reviewers in Access Reviews could receive digest notifications even when they had no certification items assigned to them. Delegates must now be directly assigned as reviewers to receive digest emails.

• EAC-54325 Fixed an issue where presentation rules in Veza Access Reviews could not filter on Identity Provider (IDP) enrichment data fields such as idp.is_active.

  Veza now properly supports enrichment node references in presentation rule filters, enabling rules that highlight or style rows based on attributes from supplemental metadata sources.

• EAC-54005 When scheduling access reviews, the modal now prevents selecting past hours for new schedules, and preserves the selected time when editing existing schedules. Schedule preview accuracy has also been improved for better visibility into next-run times.

Lifecycle Management

Enhancements

• EAC-54318 Added Optional Identity Columns to LCM Identities Table: The Identities table now supports additional columns that can be shown or hidden through the column selector: Title, Email, and Employee ID. These provide quick access to these attributes when relevant, without requiring drill-down into individual identity details when troubleshooting or auditing identity metadata.

• EAC-54429 Inline testing support for date formatters: Administrators can now test and validate date-based transformations using sample data directly within the Policy Workflow Editor.

• EAC-53939 Policy Version Published Timestamps: The policy version history now displays published timestamps for each policy version. Users can view when each version was published along with the publisher's name, with the option to toggle between relative format ("15 days ago") and absolute format showing the full date and time with timezone.

• EAC-54182 Removed Attribute Ordering Requirement in Policy Transformers: Transformers no longer require manual attribute reordering when attributes reference other attributes.

  Previously, attributes had to be positioned above any attributes that referenced them, requiring manual reordering with up/down arrow keys. Veza now supports attributes that reference other attributes anywhere in the list, with validation to prevent circular references.

Bug Fixes

• EAC-54209: Fixed a regression where editing Veza Lifecycle Management workflows with "Sync Identity" actions would incorrectly reset attribute formatters and UID attribute settings. This change prevents the need to reconfigure attribute mappings after each workflow modification.

Access Requests

Bug Fixes

• EAC-54448: Fixed Access Catalog visibility issues for users with reviewer roles.

Integrations

New Integrations

• EAC-53229 Google Cloud Platform: Vertex AI Integration: Veza now supports Google Cloud Platform's Vertex AI service for visibility into AI/ML infrastructure, including reasoning engines (AI agents), model registry, deployed endpoints, and their associated permissions.

  The integration includes full IAM and Workspace connectivity, effective permission analysis across 1,249 Vertex AI-specific permissions, and relationships between reasoning engines and their service account identities.

  New entity types include: Vertex AI Reasoning Engine, Vertex AI Model, Vertex AI Endpoint, Vertex AI Service, Vertex AI Policy, and Vertex AI Role Binding.

• EAC-52449 CockroachDB Cloud: Veza now supports CockroachDB Cloud, providing visibility into distributed SQL database access and permissions. The integration extracts organization structure, clusters, databases, users, and roles.

Enhancements

• EAC-54273 SCIM: Added support for OAuth authentication with basic auth client_credentials.

• EAC-54102 Exchange Online: Added support for parallel extraction.

• EAC-52587 LDAP: Added support for nested group memberships.

• EAC-52288 AWS: Added support for Resource Control Policies.

• EAC-52063 GitHub: Added support for extracting GitHub Organization Roles and Role Assignments.

Bug Fixes

• EAC-53919 Azure: Veza now properly handles expiration dates for credentials, keys, secrets, and certificates.

  Microsoft uses Unix epoch (January 1, 1970) as a sentinel value for entities without expiration dates, which can be ambiguous when shown in Veza. The Azure integration now converts these epoch sentinels to Veza's standardized zero-time sentinel. This ensures that "never expires" values are consistently represented across Azure entities in Access Graph.

• EAC-54501 SwiftConnect: Removed credentials_count property from Access_Levels API calls.

• EAC-54442 Okta: Fixed a node collision due to domains not being set in Okta Auth Server IDs.

• EAC-52817: Fixed an issue creating enrichment rules with a large number of integrations selected.

• EAC-54634 Salesforce Commerce Cloud: Fixed identity mapping from Salesforce Commerce Cloud to Okta IDP by adding reverse discovery support.

• EAC-54585 Exchange Online: Fixed pagination errors causing mailbox folder extraction failures for large tenants. The integration now properly handles Exchange Online API throttling and pagination limits.

• EAC-53264 SAP SuccessFactors: Fixed an API limitation that prevented extracting more than 1,000 users. The integration now supports pagination using OData functions to retrieve all employee records.

Access Security

• EAC-53709 Destination Node Property Selection in Assessment Rules: Rules in Veza now support including destination node properties in alert notifications. When configuring rules that evaluate queries with destination nodes (such as queries checking relationships to resources), you can now select to include destination nodes in alerts and choose which destination properties to include from a dropdown menu. This provides richer context in alert notifications by including information about both the source and destination entities that triggered the rule.

• EAC-54306 Saved Query Scheduled Export: When exports are scheduled for a query, you can now delete the scheduled export directly from the row actions menu.

Access Search

Enhancements

• EAC-53470 Access Graph: Nested Entity Navigation: Improved "Show Hierarchy" support and edge selection in Access Graph for better exploration of nested entity relationships.

Bug Fixes

• EAC-54655 Query Builder: Fixed an issue where an empty risk details sidebar could unexpectedly reopen when returning to Query Builder after viewing risk details.

• EAC-53882 Query Performance: Improved performance for queries using filters on the Name property of the "Relates To" entity type.