Added

• Added Github app setting to toggle automatically linking Github user identities for Organizations using SAML SSO

• Added ability for admins to create delegations for all users in the organization at inventory/delegations

• Added a new REST API endpoint to retrieve individual IDP group mappings by app resource ID and group ID

• Added public API endpoints for managing request reviewer delegations, allowing users to delegate access review requests to other users during absences

  • GET endpoint for listing delegations
  • POST endpoint for creating delegations
  • GET endpoint for retrieving specific delegations
  • DELETE endpoint for removing delegations

• Added support for user account deprovisioning for Okta, Salesforce, PagerDuty, Duo, Google Workspace, and Custom Connectors. Deprovisioning can be enabled for an app under "Edit App". Once enabled, user accounts will be deprovisioned when:

  • Their access is revoked in an access review
    • When deprovisioning is disabled, user accounts will not be displayed in access reviews, only their entitlements.
  • The user is deprovisioned in the configured HRIS/IDP
  • The account is manually deprovisioned via Opal

Improved

• Improved Slack admin/deny/approval with MFA modal to be simpler to use (Slack only)

Bug Fixes

• Fixed an issue where a nil pointer would sometimes be surfaced for Okta group rules sync, instead of the actual error

• Fixed an issue where approvals with MFA would not resolve when approving through Slack (Slack only)

• Fixed a bug where the App Details tab could become stuck on loading

• Removed revocation indicator on Requests details view

Release Notes

Added

• Added new public API endpoints:

  • GET /requests/:id/comments
  • POST /requests/:id/comments
  • POST /requests/:id/deny

• Added an API endpoint, GET /groups/users/:user_id, to request all groups a user is a member of

Improved

• ThePOST /groups API endpoint now creates Okta and Google Groups if remote_info is not specified. This is useful for Terraform or custom automation when creating new remote groups is desirable.
• The Connect button is now shown when available instead of Request in the Catalog card view.

Bug Fixes

• Fixed GET /requests/:id endpoint issues where reviewer stages were missing information and requested_items list showed incorrect access levels

• Fixed a bug preventing updating access review deadlines

Bug Fixes

• Fixed an issue where the GET /resources API would return 500s
• Fixed issue where users were not rendered correctly when adding more than 50 of them to an Access Review
• Fixed a bug preventing creation of apps for GitHub organizations in enterprises with managed users

Improved

• Improved categorization of native apps

Bug fixes

• Fixed creating Okta Groups and Google Groups from Opal
• (Self-Hosted Only) Add nodeAffinity to redis pods that forces them to be scheduled on amd64 linux nodes, preventing issues when running clusters with arm instances.

Bug Fixes

• Fixed Select all button not being clickable

• Fixed access review name filters not working

Added

• Added feature to quickly re-request access to resources in Slack
• Added feature to extend access to requests in the Opal UI and Slack, configurable when editing resources
• Added the ability to star resources as Favorites in the Catalog

Added

• Added visibility toggle to AWS credentials on Connect page

Bug Fixes

• Fixed date picker in UAR flow that was causing incorrect dates to be used
• Fixed modal behavior to properly close when navigating forward/backward in browser
• Fixed issue that was breaking the sign-in flow when accessing deep links into Opal

Changed

• Disallow read-only admins from hiding/unhiding grants from Risk Center

Added

• Added a new API endpoint to create or update individual IDP group mappings, allowing for more granular control when managing group mappings

Improved

• Improved the access review preview interface with better handling of items that have no reviews, making it easier to identify which connections, groups, and resources will generate review items
• Reworked bulk update and bulk import logic to offload large tasks to be asynchronous, large item updates will be processed in the background and will notify admins in case of success or failure
• Masked AWS Credential values on the resource Connect screen
• Enhanced access review capabilities for custom connectors when user deprovisioning is enabled
• Cleaned up interaction with adding/removing reviewers in request configuration

Bug Fixes

• Fixed a bug where propagation events would not be created for user provisioning
• Fixed a bug where the resource/group configuration form could error out when setting or unlinking a template

Added

• Added links to configuration template label on detail cards
• Added an option to set recommended duration as Permanent in request configurations
• Added copy name as link to catalog cards

Bug Fixes

• Fixed bug where Jira tickets don't have their reporter set if your Jira Data Center instance uses non-email usernames (requires Jira Data Center version 8.14 or later)
• Fixed REST API logging error for status codes

Bug Fixes

• Fixed Approve OpenAPI endpoint which would error in some cases

• Fixed issue where Escalate to skip-manager modal was showing the viewer's skip manager instead of the target user's skip manager

• Fixed API bug where importing a child resource would fail if the parent resource was unmanaged

Improved

• Updated styling for access review overview