Changed

• Disallow read-only admins from hiding/unhiding grants from Risk Center

Added

• Added a new API endpoint to create or update individual IDP group mappings, allowing for more granular control when managing group mappings

Improved

• Improved the access review preview interface with better handling of items that have no reviews, making it easier to identify which connections, groups, and resources will generate review items
• Reworked bulk update and bulk import logic to offload large tasks to be asynchronous, large item updates will be processed in the background and will notify admins in case of success or failure
• Masked AWS Credential values on the resource Connect screen
• If user deprovisioning is enabled for your organization, a user's assignment to an app can be reviewed in UARs only if deprovisioning has been explicitly enabled for the app. Deprovisioning can be enabled for: Okta, Salesforce, PagerDuty, Duo, Google Workspace. If this feature is not enabled on your organization, existing behaviour is unaffected.
• Enhanced access review capabilities for custom connectors when user deprovisioning is enabled
• Cleaned up interaction with adding/removing reviewers in request configuration

Bug Fixes

• Fixed a bug where propagation events would not be created for user provisioning
• Fixed a bug where the resource/group configuration form could error out when setting or unlinking a template

Added

• Added links to configuration template label on detail cards
• Added back option to set recommended duration as Permanent in request configurations
• Added copy name as link to catalog cards

Bug Fixes

• Fixed bug where Jira tickets don't have their reporter set if your Jira Data Center instance uses non-email usernames (requires Jira Data Center version 8.14 or later)
• Fixed REST API logging error for status codes

Bug Fixes

• Fixed Approve OpenAPI endpoint which would error in some cases

• Fixed issue where Escalate to skip-manager modal was showing the viewer's skip manager instead of the target user's skip manager

• Fixed API bug where importing a child resource would fail if the parent resource was unmanaged

Improved

• Updated styling for access review overview

Improved

• Updated Slack message preview for Soon To Expire Access messages to display the asset and time until expiration

• Updated group more actions button design and functionality

• Updated duration events to display as durations properly instead of timestamps

• Updated toast notifications to automatically disappear after 4 seconds by default

• Updated design for catalog cards with improved visual styling

Added

• Added ENTITY_TAG_ADDED events when tags are attached to a group/resource/user
• Added ENTITY_TAG_REMOVED events when tags are removed from a group/resource/user

Improved

• Improved performance of visibility group selector
• Improved user resource and groups tables' performance with unmanaged resources on web
• Improved user resources API endpoint performance with unmanaged resources and proper pagination
• Improved Jira ticket creation to handle suspended or inactive reporters gracefully
• Ticket creation is no longer cancelled if Jira Service Management projects are missing the opal-specific request type "Access Change - Opal"

Bug Fixes

• Fixed break glass users dropdown displaying when not in edit mode
• Fixed Dashboard page date range selector
• Fixed incorrect display of human users in Databricks groups' "Non-Human Access" tab

Bug Fixes

• Fixed bulk selecting functionality on resource groups when multiple roles are assigned

• Fixed audit tickets not updating their status properly

• Fixed ticket creation failures in Jira Service Management projects when required fields were missing

Improved

• Updated manual sync toast notifications to automatically close after success or failure states

Added

• Added ability for Admins to turn off Request Review Delegation

• Added owner names to bundles on catalog

• Added ticket propagation support for Jira Service Management projects for self-hosted Jira instances - the reporter will now be set for JSM projects and the links to the tickets will direct to the customer-facing URL rather than the agent URL

• Added a link to propagation tickets created for requests on non-admin request views

• Added support for setting the Request Type field for Jira Service Management issues when Issue Types are associated with Request Types

Improved

• Improved event naming consistency - GROUPS_ADDED_TO_GROUPS events now show up as ROLE_ASSIGNMENTS_CREATED

• Improved event naming consistency - GROUP_GROUPS_UPDATED events now show up as ROLE_ASSIGNMENTS_UPDATED

• Improved event naming consistency - GROUPS_REMOVED_FROM_GROUPS events now show up as ROLE_ASSIGNMENTS_DELETED

• Improved Jira ticket linking for JSM projects to use customer-facing URLs instead of agent URLs

• Enhanced Jira integration to always set the reporter field to the person making the request in Opal - if the email does not exist in Jira, a customer account will be created

Bug Fixes

• Fixed configuration template edit button not redirecting to the edit page

• Fixed Jira bug for self-hosted Jira instances where access tickets could not be linked to requests

User Experience Improvements

• Added hovercards to Owners' Source Group label for better information discovery

Bug Fixes

• Fixed Resource Edit form tooltips not appearing to ensure proper guidance during form completion

Feature Enhancements

• Added support for roles in CSV uploads for custom apps
• Updated search to correctly show the logo for Resource Apps instead of the logo for their parent Apps.

Bug Fixes

• Fixed the 'Create UAR without Scope' warning modal incorrectly appearing when only scoping by group types

• Fixed bulk expiration button showing incorrect expiration option on first load

Self-hosted only

• Replaced Bitnami Redis images with Opal-hosted alternatives (On-prem customers must upgrade to this version by 08/28/2025)