Bug fixes

• Fixed a bug where group-group deletions could fail to propagate in certain group topologies.

Added

• Added feature to Danger Zone let admins put a custom warning banner at the top of Opal to message users when necessary (e.g. incidents/outages/custom instructions/etc)

Improved

• Enhanced audit ticket descriptions to include all custom fields from requests

Bug fixes

• Fixed performance issue when creating new group <=> group assignments.

Added

• Added ability to search for resources using their remote IDs (such as AWS ARNs or instance IDs), making it easier to find specific resources in large environments

Bug Fixes

• Fixed a bug where the catalog modals closed when redirecting from the button or from search

• Fixed inconsistent behavior when deleting access edges (group users, group resources etc). If the access edge doesn't exist, empty success will always be returned instead of sometimes returning not found errors.

• Fixed a bug where syncing a large number of groups could produce Opal internal errors

Bug Fixes

• Fixed bug causing IDP group mappings to get hidden in the catalog.

Improved

• Enabled searching by resource's remote ID in UI for easier resource discovery

Improved

• Improved IDP group mappings API with RESTful URL structure and included application resource ID in responses

Bug Fixes

• Fixed permissions issue preventing non-super-admins with import permissions from triggering resource imports for Native Apps
• Fixed tag dropdown search functionality to properly filter results
• Fixed table sorting to correctly handle resource access without expiration dates

Added

• Added the ability to sort access review assignments by reviewer name, making it easier to organize and find assignments

Improved

• Improved Okta app visibility by showing apps both as top-level items and as resources under the Okta Native app, enabling bulk edit/removal via the Assets table

Bug Fixes

• Fixed rendering issue for custom fields in ticketing integrations
• Fixed a bug where indirect access could fail to propagate in specific edge cases

Deprecated

• Deprecated mistakenly added extensions_duration_in_minutes field in Resource/Groups API (should be set in request_configurations)

Bug Fixes

• Fixed nested group indirect access propagation failure in specific edge cases

Added

• Added Github app setting to toggle automatically linking Github user identities for Organizations using SAML SSO

• Added ability for admins to create delegations for all users in the organization at inventory/delegations

• Added a new REST API endpoint to retrieve individual IDP group mappings by app resource ID and group ID

• Added public API endpoints for managing request reviewer delegations, allowing users to delegate access review requests to other users during absences

  • GET endpoint for listing delegations
  • POST endpoint for creating delegations
  • GET endpoint for retrieving specific delegations
  • DELETE endpoint for removing delegations

• Added support for user account deprovisioning for Okta, Salesforce, PagerDuty, Duo, Google Workspace, and Custom Connectors. Deprovisioning can be enabled for an app under "Edit App". Once enabled, user accounts will be deprovisioned when:

  • Their access is revoked in an access review
    • When deprovisioning is disabled, user accounts will not be displayed in access reviews, only their entitlements.
  • The user is deprovisioned in the configured HRIS/IDP
  • The account is manually deprovisioned via Opal

Improved

• Improved Slack admin/deny/approval with MFA modal to be simpler to use (Slack only)

Bug Fixes

• Fixed an issue where a nil pointer would sometimes be surfaced for Okta group rules sync, instead of the actual error

• Fixed an issue where approvals with MFA would not resolve when approving through Slack (Slack only)

• Fixed a bug where the App Details tab could become stuck on loading

• Removed revocation indicator on Requests details view