# Release Notes: 2026-02-04 ### Access Request #### Enhancements * When a target application provides entitlement descriptions, these are now displayed in selection dropdowns, Catalog views, and Access Profile tables. For example, Azure AD role descriptions and Active Directory group descriptions appear alongside entity names, making it easier to understand what access you are requesting or granting. ### Access Reviews #### Enhancements * Access Reviews API responses now include the `decision_by` field for each certification result, providing information about which user made the decision. This enables external integrations to track reviewer attribution for audit trails and compliance reporting. * Administrators can now granularly control which bulk actions are available for reviewers, globally per tenant or on a per Review Configuration basis. * The six configurable bulk operations are: approve, reject, signoff, clear decisions, add note, and reassign. * When a bulk action is disabled, reviewers see only the available actions and receive an error message if they attempt a restricted operation via API. * When enabling the auto-complete setting, eligible reviews (i.e., in-progress reviews at final approval level with all rows signed off) are now automatically completed. * Previously, the setting only affected future review activity, leaving existing eligible reviews with the "In Progress" state until manually completed or until new activity occurred. * Access Reviews now supports biannual (every 6 months) and annual (every year) scheduling frequencies. This aligns access reviews with annual or biannual compliance cycles, fiscal year processes, and other infrequent, but recurring review processes. #### Bug Fixes * Fixed an issue where filtering for rows with no assigned reviewers did not work correctly. Operators can now filter for unassigned rows and use bulk actions to assign reviewers efficiently. * Fixed an issue where intermediate entity filters (the "Require Entities" feature) were not saved when configuring review scope. Reviews with relationship filters now correctly include only the paths that match the specified intermediate entities. ### Lifecycle Management #### Enhancements * The **Send REST Payload action** is now generally available for all Veza customers. * This action enables Lifecycle Management policies to make requests to external APIs and services as part of provisioning workflows. * The Send REST Payload action supports OAuth2 authentication, custom HTTP headers, JSON payload formatting with attribute transformers, and response entity extraction for downstream workflow actions. * When configuring Send REST Request actions, the JSON Payload field now provides intelligent autocomplete suggestions for available attributes and transformers. * You can now type "{}" inside JSON string values to access the full suggestion menu, including source attributes, transformer functions (UPPER, LOWER, TRIM, etc.), lookup table references, and other available formatters. * The trigger condition editor now includes autocomplete support for the `sys_attr__is_new_identity` system attribute, making it easier to build policies that target newly created identities during joiner workflows. * For example, use `sys_attr__is_new_identity eq true and department_name eq "Engineering"` to trigger onboarding workflows only for new hires into Engineering, excluding transfers from other departments. * Added `sys_attr_changed__` dynamic attributes to detect specific property changes on identities. Workflows can now trigger based on which combination of attributes changed (e.g., department and manager) rather than just whether the identity was updated, enabling more targeted mover workflows. * For example, use `department_name eq "Sales" and sys_attr_changed__department_name eq true` to trigger workflows when employees transfer into Sales or are hired directly into Sales, without triggering for other changes to existing Sales employees. * Combine multiple properties with OR logic to detect any significant change: `sys_attr_changed__department_name eq true or sys_attr_changed__job_title eq true or sys_attr_changed__managers eq true` * Added the ability to export identity data to CSV from the Identities table. Users can select which columns to include and optionally include historical change records, supporting compliance audits and cross-system reconciliation workflows. #### Bug Fixes * Fixed an issue where access profiles could be deleted even when they had active members assigned through dynamic access profile references. Access profiles are now correctly marked as "in use" when they have members. * Improved drag-and-drop behavior when reordering workflow actions with nested conditions in the policy editor. Nested elements now collapse during drag operations with a summary badge showing nested item counts. * Fixed an issue where consecutive whitespace characters in identity names and text fields were collapsed into single spaces. Names with multiple spaces now display correctly. ### Access Intelligence #### Enhancements * Administrators can now configure system-wide default dashboard filter settings in **Administration > System Settings > Dashboards**. * Administrators can set the "Show All Queries by Default" and "Show All Results by Default" toggles to control whether empty queries and unchanged results are shown across all dashboards. * User preferences take precedence after an individual interacts with the filter controls. ### Query Builder #### Enhancements * Saved query filters for Query Builder (query pipelines) now support filtering entities from a saved query by tag values. You can now select a tag type and key, then reference a saved query to dynamically filter entities based on matching tag values across different data sources. #### Bug Fixes * Fixed an issue where a background query could be canceled by immediately starting a new query. * Fixed an intermittent issue where Query Builder could fail to fetch query results by removing profiling from graph query execution. * Fixed an intermittent issue where Query Builder could fail to fetch query results due to schema caching. * Fixed an issue where long-running queries could be inadvertently cancelled when switching browser tabs or when the query had not been polled recently. * Fixed an issue where relationship entity columns were not displayed in query results when using the "Show Relationships" option in multi-hop queries. ### Integrations #### Enhancements * **CyberArk**: The CyberArk Identity integration includes expanded support for external groups (such as Active Directory) assigned to Roles for additional visibility into users that have role access without a CyberArk Identity User. * **Custom Identity Mappings**: Significantly improved performance when configuring identity mappings for integrations with many Custom OAA applications. The Mapping Configuration dropdown now loads faster when hundreds of Custom Application, Custom Principal, or Custom IDP integrations are configured. * **Okta**: Enhanced the Okta integration's incremental extraction to handle newly created users more reliably. The integration now automatically retries when users are temporarily unavailable due to Okta's indexing delays, particularly for Active Directory-imported users. * **Oracle EBS**: The Oracle E-Business Suite integration now exposes the `responsibility_key` attribute for Responsibility entities, enabling queries using the short name key familiar to EBS administrators. * Enhanced the Integrations table by separating status and sync timestamp into independent, sortable columns. Users can now sort integrations by current status or last sync time sorting. * Pagination settings on data sources, providers, and Veza Actions tables now persist across sessions, remembering users' preferred page size. * Integration error details now display in a more readable format with scrollable containers for long error messages. #### Bug Fixes * **SCIM**: Added handling for non-compliant API responses where resource arrays are incorrectly nested. This enables Veza to integrate with SCIM implementations that do not strictly follow the SCIM 2.0 specification. * **CyberArk**: Fixed an issue where CyberArk Privilege Cloud data extractions could fail with timeout errors when retrieving large numbers of safes. The integration now uses reduced API page sizes to ensure reliable extraction performance. * **Active Directory**: Fixed an issue where Veza tags on Active Directory entities were not appearing as expected. * Fixed an issue where entity owners assigned through enrichment rules could be removed during data extraction if any enrichment rule encountered an error. * **GitLab**: Fixed duplicate resource creation for shared GitLab projects. Projects shared across multiple groups now appear once with proper permission relationships. * **DocumentDB**: Fixed external user extraction from the `$external` database and cross-database role parsing for complete IAM-based authentication visibility. * **iManage**: Enhanced connector reliability with proactive token refresh to prevent authentication failures during long-running data collection. * **Wiz**: Fixed parsing errors caused by inconsistent API responses for user identity provider data. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/release-notes/release-notes/2026-02-04.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.