Started directly showing the connection instruction pages after any MFA checks needed instead of the select role modal if there is only one role the user can connect with.
Restructured Okta sync to require much fewer API calls to finish.
Fixed a bug where external google groups would cause sync to fail.
Render containing groups and member groups in the Group page.
Self-Hosted Only: Add security contexts to lock down privileges on opal pods.
Fixed bug where the access request form would sometimes not show ticket fields.
Fixed a rare issue causing organization settings to not be applied correctly.
Disambiguate whether the propagation ticket associated to a user is for a grant or revocation.
Documentation update: Update UAR deadline examples to match ISO8601 format.
Fixed bug where access expired notifications could be erroneously cleared.
Added a Create Access Request REST API. Supports requesting access on behalf of a user for multiple resources and groups.
For ticket-based access propagation, use a different ticket title based on whether it's a propagation or revocation.
Access review notes will now be correctly saved and retained between refreshes.
API Changes: The target_user_id field in the response for GET /requests is now optional.
Self-hosted: Fix an issue where the Opal application couldn't auto update
Fix issue when skip-manager is not found from current requesting user
Fix regression where managers weren't able to request access on behalf of their reports in some cases.
