Bug Fixes

• Fixed UAR cells getting cut off to prevent content truncation in the user interface

• Fixed inventory tag and inventory owner links to navigate to the correct tab on the details page when clicked

• Fixed requests incorrectly indicating requested assets as never used

Improved

• Improved owner escalation policy validation to prevent setting values below 5 minutes or above 1440 minutes

New Functionality

• Added custom date option to bulk expirations menu

• Added connector group and connector resource app identifiers to sublabels and hovercards

• Added ability to filter inventory/owners by specific users

Feature Enhancements

• Reworked access rules failsafe threshold for better accuracy

  • The threshold is now evaluated against additions and removals separately (as opposed to cumulative changes)
  • The threshold no longer has a 20 user minimum, this will make the failsafe useful for smaller single-team rules.

• Updated notification styling

Bug Fixes

• Fixed GitHub connection creation sync failure

Self-hosted only

• Added support for SMTP connections on port 25, with or without STARTTLS

Feature Enhancements

User Experience Improvements

• Added explore to the KBar
• Improved request approver flow with slight visual changes
• Added a new table view in User Settings to display active request reviewer delegations, making it easier to manage and track who can review requests on your behalf
• Added manager full name and manager ID to user export CSVs
• Display Role name on soon to expire notification subevent table

Search and Filtering

• Enhanced search filter on Inventory group users or resource user tables to now filter on names, email, or position
• Added the ability to filter resources by remote ID and resource type in the Resources API, enabling more precise resource lookups based on external system identifiers

API Enhancements

• Added REST Public API support for Github Org Roles

Bug Fixes

• Updated errors to include more details when Jira credentials are incorrect

Self-hosted only

• Added ability to tune memory requests and limits for some key opal pods

Feature Enhancements

Access Review Improvements

• Enhanced Resource Preview with pagination, sorting, and filtering capabilities
• Added pagination and sorting to Group Preview, improving performance for large datasets
• Replaced "Other Reviewers" column with a comprehensive list view instead of an icon

API Enhancements

• Added ability to request all resources a user has access to via the API

Integrations

• Added support for GitHub app installations
• Implemented app validations for Tailscale and allow authentication via OAuth instead of API keys
• Enabled automatic provisioning of Snowflake users
• Updated roles dropdown under User Access tab on resources

User Experience Improvements

• Changed resource creation flow to use modal instead of full page
• URLs are now clickable links in custom field descriptions and labels
• Performance improvements for the Risk Center

Bug Fixes

• Fixed issue where Soon To Expire notifications were being sent multiple times for the same asset
• Fixed conjugation/pluralization issue in Request Ticket banner
• (Self-Hosted only): Resolved a bug in Kubernetes manifest formatting that was preventing upgrades

• [Airgap Self-Hosted Only] Fixed a bug where customers could not toggle dry-run/read-only modes, nor update org-wise notification settings.
• [Self-Hosted only]: Fixed a bug in kubernetes manifest formatting that prevented upgrades.

• Fixed a bug where assets were still selected after removing from Bundle
• Updated Jira integration to use their new search endpoint. You must update or Opal cannot query the status of existing tickets during sync.

• Fix bug on Owners group escalation policy where opening the edit form would not reflect the current state of the policy when on
• Adding support for startTLS over smtp connections using port 587

• Improved Risk Center page performance
• Fixed a bug in UARs where some groups and resources were not appearing in the generated PDF

• Fixed an issue where grants and ipsets would be dropped from the Tailscale policy file.
• Fixed an issue where propagating access to two Okta roles at the same time would sometimes result in the user gaining access to only one of the roles.
• Fixed an issue that caused duplicate events to be created when removing a group from another group.
• Fixed an issue where Manage in Inventory was missing in the group details modal.
• Fixed issues related to bulk selecting bundle assets.
• Added target_user_id and requester_id to requests API filters.
• Added database support for request reviewer delegations, allowing users to delegate their request review responsibilities to other users for a specified time period.
• Added lastSuccessfulSyncto groups API.
• Added lastSuccessfulSync to resources API.
• Updated Event Filters modal styling.
• Increased task timeout for most tasks to 3 hours.
• Moved remote events to the Usage tab for Okta apps, AWS IAM roles, and resources in custom connectors.

Important note (for self-hosted customers):

This upgrade contains a substantial migration. You may notice higher latency across all actions in your Opal instance for up to 10 minutes while deploying this release. We recommend running this upgrade off-hours if possible.

Improvements and updates:

• Deprecated USERS_ADDED_TO_GROUPS, GROUP_USERS_UPDATED, and USERS_REMOVED_FROM_GROUPS events and migrated them to ROLE_ASSIGNMENT_CREATED, ROLE_ASSIGNMENTS_UPDATED, and ROLE_ASSIGNMENTS_DELETED, respectively
• Fixed an issue where attribute mapping was inaccessible without a direct link
• Fixed an issue where multiple concurrent tasks synchronizing removals of users from groups could attempt to propagate those removals back to the end system.
• Fixed an issue when viewing requested groups
• Added Microsoft Active Directory as a new IDP provider
• Added client-side validation for custom field character limits
• Added catalog modals to UARs, so you don't have to leave the page to view more details about a resource
• Updated user-first UARs to open the catalog modal, so you can see additional information without leaving the UAR
• Updated and modernized Access Changes table under access reviews
• Updated resources table under group modals
• Updated integration settings styling
• Updated Add Principals Sidebar
• Updated month picker styles on Create UAR Schedule page
• Updated copying fields on resource and app details
• Updated the My Access section of the details modal