# Release Notes: 2026-03-04 ### Platform #### Enhancements * Redesigned global navigation and consolidated dashboards experience are now generally available for all Veza tenants. The new navigation introduces an icon-driven three-column layout with a collapsible secondary menu. Reports and Dashboards have been merged into a unified Dashboards experience. For more details, see [UX Update - New Navigation and Dashboards Experience](/4yItIzMvkpAvMVFAamTf/product-updates/blog/new-navigation-experience.md). ### Access AI #### Enhancements * Universal Search now includes Access Review campaigns as a searchable entity type. Users with Access AI enabled can now search from reviews using natural language descriptions, complementing the existing ability to search saved queries and dashboards. This feature requires the `UNIVERSAL_SEARCH_ACCESS_REVIEWS_ENABLED` feature flag and is available in Early Access. Contact Veza support to enable it for your tenant. ### Access Intelligence #### Enhancements * The enhanced **Access Intelligence > Risks** page is now generally available to all Veza tenants. The updated experience includes **Risk Profile** categorization (MFA Health, Privileged Access, Dormant Access, Blast Radius, and others), Open and Resolved risk trend tracking, and an **All Risks** tab for reviewing risk level, integration type, profile, and status. The capability to modify Risk Profile assignments for Veza-provided out-of-the-box queries remains in Early Access. * When creating tickets through the **Dashboard Remediation** modal, users can now optionally provide a title. The title appears as the short description in ServiceNow tickets and as the ticket title in Jira tickets. If no title is provided, the field is left blank. #### Bug Fixes * Fixed an issue where setting the risk level on an assessment query was not being recorded in the change log. ### Access Reviews #### Enhancements * **Row Highlight Custom Colors**: Review Intelligence automations using the Row Highlight display style now accept a 6-digit hex color code (for example, `#FF0000`). Previously, row highlighting was limited to a fixed set of colors. For configuration details, see [Review Intelligence Policies](/4yItIzMvkpAvMVFAamTf/features/access-reviews/configuration/review-intelligence-rules.md). * **Access Review Export Column Customization**: Single-review exports (CSV and PDF) now support customizable column order and display names in the configuration and review info sections. #### Bug Fixes * Fixed an issue where alternate manager lookups did not work correctly for HRIS employees who do not have a Veza account, causing those employees to be skipped in access review workflows. * Fixed an issue where access review rows could be inadvertently skipped when a saved query used relationship entities of the same type as the destination entities. ### Query Builder #### Enhancements * Query Builder now supports **query unions**, enabling users to combine two or more independent query sets and view the combined results in a single table. Click **+ Add Query Set** in the sidebar to add additional queries, each with its own source type, destination, filters, and constraints. Results are merged into a unified table with column groups per entity type. Union queries can be saved and reloaded like standard queries. Activity Monitoring filters are not available when multiple query sets are defined. The **Any** entity type cannot be used as a source type in union queries. * A **Create Graph** button is now available on the **Saved Graphs** page. Clicking the button opens Access Graph to start a new query without navigating away from the saved graphs list. The button is visible to users with the Graph View permission. When Access AI is enabled, the button displays the Access AI icon. #### Bug Fixes * When **Any** is selected as the entity type, the Query Builder now displays **Entities** in the interface instead of the incorrect label "Anies." * Improved performance when creating access reviews from large saved queries. Activity Monitoring Overprovisioned Scores are no longer computed unless Activity Monitoring filter options are configured in the query, preventing computation that could cause review creation to take several hours. ### Lifecycle Management #### Enhancements * The **Manage Relationships** action now supports selective entitlement removal for operational simplicity across mover and leaver workflows. * Administrators can now configure **Access Profiles to Remove** in a workflow action alongside Access Profiles to add, for precise control over which entitlements are revoked without affecting other existing relationships. * **Dynamic Access Profiles to Remove** are also supported, allowing attribute transformer expressions to resolve the profiles to remove at runtime. * A new **Remove Only Birthright Relationships** option is also available. When used together with **Remove Existing Relationships**, it restricts removal to entitlements that were originally granted as birthright assignments, preserving access added by other means. These capabilities are particularly useful for workflows where an employee changing roles may need specific access revoked, while retaining access to shared or common systems. * To prevent inadvertently overwriting changes in multi-administrator environments, Veza now detects workflow save conflicts. If an administrator saves changes during your editing session, a dialog identifies the conflicting change (who and when). You can then opt to force save, or discard the changes and reload the latest version. * **Send REST Request** workflow actions can now acquire authentication tokens through an Insight Point when configured with **Login to Bearer** or **OAuth2** REST auth credentials. This allows Lifecycle Management workflows to trigger actions against on-premises application APIs using custom REST actions (such as provisioning and deprovisioning access). This includes support for applications whose token endpoints are not publicly accessible. Both the token acquisition call and the subsequent REST request execute within the customer's private network. * For improved troubleshooting of Lifecycle Management workflows, an **Internal Metadata** tab has been added to the Identity details view to help administrators monitor changes to identities while being processed in workflows. When enabled, the tab displays internal Lifecycle Management sync state for the identity, including synced entities, action run history, workflow failures, and synced relationships. Administrators can clear individual metadata sections to force a full resync from the identity source on the next sync cycle. Enable this tab in **Lifecycle Management > Settings > Identity Settings** using the **Show internal metadata** toggle (off by default). * The **Lifecycle Management > Policies** table now displays each policy's description directly beneath its name, and the status column appears earlier in the table for faster scanning. Policy status is also visible when viewing the details of an individual policy. ### Non-Human Identity #### Enhancements * The ServiceNow integration now discovers **OAuth Applications**, **OAuth Profiles**, and **OAuth Tokens** as Non-Human Identity entities. OAuth Tokens include expiry metadata and are linked to the user or application that holds them and to the OAuth Profile under which they were issued. This enables security teams to identify long-lived or stale OAuth tokens, determine which users hold active tokens, and understand the OAuth scopes and authentication mechanisms in use across ServiceNow. * Azure Key Vault Keys in the Veza graph now include key type and key strength attributes. For RSA keys, the bit length (2048, 3072, or 4096 bits) is visible; for elliptic curve keys, the curve name (P-256, P-384, P-521, or P-256K) is captured. These attributes are available in Query Builder to identify keys that do not meet your organization's minimum cryptographic standards. ### Integrations #### Bug Fixes * **SQL Server**: Resolved connection failures with SQL Server 2008 R2 and other legacy versions by implementing automatic TLS version negotiation. Veza now handles servers that require TLS 1.2 rather than TLS 1.3, eliminating "Cannot Read Handshake Packet" errors without requiring configuration changes. * **GitLab**: Fixed a rare resource identifier collision that occurred when a project and a sibling subgroup within the same parent group shared the same numeric ID. Affected projects now receive a disambiguating prefix on their internal resource ID to prevent extraction errors. * **Mulesoft**: Fixed an issue where the OAuth2 client used for custom provider OAA push was missing a required push action, causing OAA data push operations to fail. * **Dropbox**: Improved retry logic for Dropbox integration extractions to handle rate limiting responses, reducing datasource errors caused by throttling. * **LDAP**: Fixed an error that occurred when fetching organizational units (OUs) during LDAP certificate validation. * **HashiCorp Vault**: Fixed an issue where OAA enrichment submissions were accepted on the first push but silently dropped on subsequent pushes. * **Databricks**: Fixed an issue where SQL Warehouse IDs were incorrectly treated as Cluster IDs during schema extraction, causing "Cluster does not exist" errors. * **Cassandra**: Added support for Update and Truncate permissions introduced in Cassandra v4.1, resolving missing permission relationships for users of those operations. * **OAA**: Fixed a panic that occurred during OAA entity enrichment pushes when the payload contained STRING\_LIST property values. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/release-notes/release-notes/2026-03-04.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.