Fixed an issue where grants and ipsets would be dropped from the Tailscale policy file.
Fixed an issue where propagating access to two Okta roles at the same time would sometimes result in the user gaining access to only one of the roles.
Fixed an issue that caused duplicate events to be created when removing a group from another group.
Fixed an issue where Manage in Inventory was missing in the group details modal.
Fixed issues related to bulk selecting bundle assets.
Added target_user_id and requester_id to requests API filters.
Added database support for request reviewer delegations, allowing users to delegate their request review responsibilities to other users for a specified time period.
Added lastSuccessfulSyncto groups API.
Added lastSuccessfulSync to resources API.
Updated Event Filters modal styling.
Increased task timeout for most tasks to 3 hours.
Moved remote events to the Usage tab for Okta apps, AWS IAM roles, and resources in custom connectors.
This upgrade contains a substantial migration. You may notice higher latency across all actions in your Opal instance for up to 10 minutes while deploying this release. We recommend running this upgrade off-hours if possible.
Improvements and updates:
Deprecated USERS_ADDED_TO_GROUPS, GROUP_USERS_UPDATED, and USERS_REMOVED_FROM_GROUPS events and migrated them to ROLE_ASSIGNMENT_CREATED, ROLE_ASSIGNMENTS_UPDATED, and ROLE_ASSIGNMENTS_DELETED, respectively
Fixed an issue where attribute mapping was inaccessible without a direct link
Fixed an issue where multiple concurrent tasks synchronizing removals of users from groups could attempt to propagate those removals back to the end system.
Fixed an issue when viewing requested groups
Added Microsoft Active Directory as a new IDP provider
Added client-side validation for custom field character limits
Added catalog modals to UARs, so you don't have to leave the page to view more details about a resource
Updated user-first UARs to open the catalog modal, so you can see additional information without leaving the UAR
Updated and modernized Access Changes table under access reviews
Updated resources table under group modals
Updated integration settings styling
Updated Add Principals Sidebar
Updated month picker styles on Create UAR Schedule page
Updated copying fields on resource and app details
Updated the My Access section of the details modal
Updated the Import Roles sidebar for a more streamlined role import experience.
Fixed an issue where Slack requesters and approvers needed to sign in to Opal before completing OIDC MFA validation with their identity provider. Users can now complete MFA validation directly from Slack without requiring an active Opal session.
[On-Premises Deployments] This update includes a database migration involving events that may take extended time to complete. We recommend scheduling this update during off-hours to minimize impact.
Added masking to the Tailscale API Key input during setup screen for enhanced security.
Added support for importing array user attributes as user tags from Okta. A user tag will be created for every value in the array, enabling more flexible access rules based on manager and department hierarchies.
Added a menu to end user detail cards with options to copy the asset link and asset ID.
Improved Google Groups integration to function with reduced permissions - now only requires admin.directory.group.readonly scope instead of admin.directory.group.
Improved Google Workspace integration to function with reduced permissions - now only requires admin.directory.rolemanagement.readonly scope instead of admin.directory.rolemanagement.
Improved display of long description text for better readability.
Improved access expiration notifications to display the full resource path, providing clearer context.
Improved error messages for the remote resources API to provide better troubleshooting information.
Fixed an issue preventing users from creating configuration templates with global visibility in Terraform.
Fixed users with GROUP:EDIT_ASSIGNMENTS permission being unable to edit Access Rule conditions.
Fixed an issue with Active Directory connections for users with empty email attributes.
Fixed a synchronization issue where service accounts deleted in GCP were not being removed from Opal.
Fixed bug on Owners group escalation policy where opening the edit form would not reflect the current state of the policy when on
Added custom Opal Roles, allowing Opal admins to create and edit Opal roles with fine-grained permissions. For detailed instructions and examples, please see the Custom Opal Roles documentation page.
