Allows specifying a Stage in a RequestConfiguration to have the resource or group's Admin be a reviewer for the stage. This also works for configuration templates associated with resources and groups.
All customers can now set custom values for access expiring notifications to their end users.
Use updated group search dropdown to select the source group for an Owner
Started directly showing the connection instruction pages after any MFA checks needed instead of the select role modal if there is only one role the user can connect with.
Restructured Okta sync to require much fewer API calls to finish.
Fixed a bug where external google groups would cause sync to fail.
Render containing groups and member groups in the Group page.
Self-Hosted Only: Add security contexts to lock down privileges on opal pods.
Fixed bug where the access request form would sometimes not show ticket fields.
Fixed a rare issue causing organization settings to not be applied correctly.
Disambiguate whether the propagation ticket associated to a user is for a grant or revocation.
Documentation update: Update UAR deadline examples to match ISO8601 format.
Fixed bug where access expired notifications could be erroneously cleared.
Added a Create Access Request REST API. Supports requesting access on behalf of a user for multiple resources and groups.
For ticket-based access propagation, use a different ticket title based on whether it's a propagation or revocation.
