2024.7.1

Access Reviews

Enhancements

• EAC-35581, EAC-35734 Column Customization: The Veza support team can now help you define default columns for all reviews for a particular configuration. Default columns can now include metadata about a related entity, when IdP/HRIS enrichment is enabled in the review configuration.

• EAC-34309 PDF Export: Exporting a single review now includes additional reviewer and row completion statistics. The title page now features the publish date, completion date, and the user who completed the review. Exports now also include pages containing the review details, configuration details, reviewer list, and data source status for the exported review.

• FR-2302, EAC-36355 Review Intelligence Policies: Rows with automatically-applied decisions are no longer hidden by default. Before, the "Include rows with decisions by other reviewers" filter had to be active to show these rows.

Veza Integrations

Enhancements

• EAC-35849 Azure: The Azure integration now supports gathering metadata for Storage Account Access Keys. The Veza app for the integration must have the Reader and Data Access subscription role to enable extraction.

• EAC-35406 iManage: Added URL as an optional config parameter for connecting to self-managed deployments (default: https://cloudimanage.com).

• EAC-36259 HashiCorp Vault: The integration can now discover and show created_at, last_used_at, and last_rotated_at times for Vault secrets. The Vault integration policy must be amended to support the read operation on secrets engine subresources.

• EAC-35486 Snowflake: Veza now adds the has_masking_policy attribute to Snowflake tables and views, denoting which ones have masking policies applied to them.

  Policy references will be queried from the POLICY_REFERENCES view in the ACCOUNT_USAGE schema.

  If you have configured the integration to use an alternative system database, you will need to create the POLICY_REFERENCES view in that database and grant access to the configured role:

  Copy

  create view VEZA_SNOWFLAKE_DB.ACCOUNT_USAGE.POLICY_REFERENCES
  as select policy_id, policy_name, policy_kind, ref_database_name, ref_schema_name, ref_entity_domain, ref_entity_name, ref_column_name from snowflake.account_usage.policy_references;
  grant select on view VEZA_SNOWFLAKE_DB.ACCOUNT_USAGE.POLICY_REFERENCES to role <ROLE_NAME>;

• FR-1935, EAC-36359 Integration Extraction Intervals: On the System Settings page, you can now customize extraction interval for OAA-based integration on a per-integration basis (e.g. individual frequencies for SCIM, Anaplan, Jira Data Center, etc.). Original options to set extraction intervals globally or by template type are also available.

• EAC-35808 SCIM Integration: Added an option to upload a CA certificate when creating a SCIM integration, used for authentication when the SCIM service requires an SSL connection.

• EAC-35447 Non-Human Identities "Key"-type entities now always have common filterable attributes: is_active, created_at, last_used_at, and last_rotated_at.

• FR-1895, EAC-36122 Workday: When adding a Workday integration via API, you can now omit the extraction of certain built-in Worker attributes by listing them in the properties_to_redact field (string list).

• EAC-35865 Coupa: Added a configuration option to upload permission to role mappings using an exported Coupa report in CSV format. The expected CSV headers are Controller,Action,Description,Roles.

Bug Fixes

• EAC-36307 Salesforce: Fixed an "index out of range" error that could occur during integration parsing.

Veza Platform

Enhancements

• EAC-35712 Team API Keys (Early Access): Introduced separate management for personal and team API keys on the API Keys page, with team key creation and administration now done on a dedicated tab.

Bug Fixes

• EAC-36339 SAML SSO: Fixed an issue where editing an SSO configuration showed the default request protocol binding, instead of the saved value.

Access Intelligence

New Features

• EAC-35449 Non-Human Identities: New out-of-the-box queries are available to help track and manage non-human identities such as access keys, secrets, and credentials. These queries search across multiple entity types to enable risks and alert rules on access keys, secrets, and credentials in the Veza graph. Use them for insight into total inventory, inactive identities with access, last-used keys and secrets, and human and non-human identities associated with keys, secrets, and credentials.

• EAC-35710 Enrichment Rules for Non-Human Identities: An administrator can now automatically label identities as "non-human" at parse time using a saved query on the Integrations > Enrichment page.

Enhancements

• EAC-35667 Risk Levels: Queries now support 5 risk levels (NONE, LOW, MEDIUM, HIGH, and CRITICAL), instead of the original 3 (NONE, WARNING, CRITICAL). The WARNING risk level is replaced by LOW. Risk Score calculation is updated to reflect the new levels.

• EAC-36209 Segregation of Duties A last_activity_at column is now included on the SOD page when activity monitoring metadata is available.

• FR-2067, EAC-35892 Query Builder: The columns dropdown menu now includes a "Select All" option to show or hide all columns within a group.

• EAC-35553 Access Intelligence Navigation: Breadcrumbs now preserve workflow history and are shown consistently when traversing the Access Intelligence section. For example, when browsing from the Saved Queries page to Analyze a single query, and then opening it in Query Builder, a sequence of links provides easy access to each recently-visited page.