- Added a Create Access Request REST API. Supports requesting access on behalf of a user for multiple resources and groups.
- For ticket-based access propagation, use a different ticket title based on whether it's a propagation or revocation.
- Access review notes will now be correctly saved and retained between refreshes.
- API Changes: The
target_user_id field in the response for GET /requests is now optional.
- Self-hosted: Fix an issue where the Opal application couldn't auto update
- Fix issue when skip-manager is not found from current requesting user
- Fix regression where managers weren't able to request access on behalf of their reports in some cases.
- Fixes UI bug where request button would sometimes show for non-requestable users
- Customers can now control when users are notified that their access to resources and groups will be expiring via an organization setting.
- Handle escalation to skip manager gracefully, in the case of deprovisioned manager user.
- Improvement: Improves interactions between manual / auto AWS import settings
- Fixed bug where Okta group users would not get synced correctly in some cases.
Improvements:
- Improves UAR upload notification
Improvements:
- [Self-hosted] Allows the vault dependency to be disabled
- Adds email / slack notifications when bulk resource uploads complete
New features:
- Allows API users to create UARs with more specificity
Bug fixes:
- Fixes a bug in which Okta MFA factors on Slack are sometimes duplicated
- Fixes a bug in which users were unable to request groups when requesting through bundles
