- Restructured Okta sync to require much fewer API calls to finish.
- Fixed a bug where external google groups would cause sync to fail.
- Render containing groups and member groups in the Group page.
- Self-Hosted Only: Add security contexts to lock down privileges on opal pods.
- Fixed bug where the access request form would sometimes not show ticket fields.
- Fixed a rare issue causing organization settings to not be applied correctly.
- Disambiguate whether the propagation ticket associated to a user is for a grant or revocation.
- Documentation update: Update UAR deadline examples to match ISO8601 format.
- Fixed bug where access expired notifications could be erroneously cleared.
- Added a Create Access Request REST API. Supports requesting access on behalf of a user for multiple resources and groups.
- For ticket-based access propagation, use a different ticket title based on whether it's a propagation or revocation.
- Access review notes will now be correctly saved and retained between refreshes.
- API Changes: The
target_user_id field in the response for GET /requests is now optional.
- Self-hosted: Fix an issue where the Opal application couldn't auto update
- Fix issue when skip-manager is not found from current requesting user
- Fix regression where managers weren't able to request access on behalf of their reports in some cases.
- Fixes UI bug where request button would sometimes show for non-requestable users
- Customers can now control when users are notified that their access to resources and groups will be expiring via an organization setting.
- Handle escalation to skip manager gracefully, in the case of deprovisioned manager user.
- Improvement: Improves interactions between manual / auto AWS import settings
- Fixed bug where Okta group users would not get synced correctly in some cases.
