• Added hovercards to user links on request details page
• Updated styling to initial import view
• Fixed an issue where Okta Rules couldn't be imported through the App Import flow.
• Fixed an issue where tags couldn't be completely removed from a resource.
• Fixed a sporadic error that would happen when attempting to import some groups or resources for an App.
• Fixed a bug related to risk center suggestions on Okta groups rules.

API

• Added a new API endpoint for approving access requests, allowing programmatic approval of pending requests.

Breaking change

• API endpoints now strictly require bearer token authentication. Session cookies are no longer accepted for API requests, and all API calls must include a valid Authorization header with a Bearer token.

• Added connection names to inventory resource breadcrumbs in the Apps UI, making it easier to identify which connection a resource belongs to.
• Added link for group user counts.
• Updated user attribute modal styling to work with dark mode.
• Fixed an issue with error handling when pulling GCP events for missing projects.

• Disabled the sync button when a sync is currently in progress
• Fixed settings action going to a new line on smaller screens
• Added hovercards to requested resources and groups, and inventory source group columns
• Added a new API endpoint to retrieve information about a specific user's access to a resource, making it easier to programmatically check access details.
• Disable user team column values when user is an end user
• Fixed self-hosted and atlassian-hosted options being swapped when connecting to a JIRA integration
• Fixed filtering by date on bundle events

• Added back "Never Expire" option when bulk updating user access in groups and resources
• Fixed hovercard subtitles overflowing
• Improved initial page load performance
• Fixed a bug in the risk center where counts of unused grants were incorrect.
• Fixed an issue where untagged resources were not available for manual import under apps with the "Auto-import tagged" import setting.
• Fixed bug where connect session links weren't working.

• Fixed a rare issue where propagating access expiration would fail if a user had direct and group-sourced access to a GitLab or GitHub repository.

• Fixed resource users not being revoked from resources when their access is expired. Other relationships (group users, group resources, nested groups) were not affected.

• Updated date range dropdown styling
• Fixed bulk editing styles when in dark mode
• Fixed a pagination bug on the UAR group review tab.
• Added validation for Content-Type headers on POST and PUT requests, ensuring they are set to "application/json" to prevent invalid request formats.
• Added skip-manager's name and image to escalate modal
• Fixed sync status modal not using full width of table
• Fixed a race condition issue in sync that would cause it to fail entirely.
• Support access levels in bundle groups REST API (https://docs.opal.dev/reference/getbundlegroups)
• Added links for user team and title cells

• Redesigned KBar search interface (command+k / control+k)
• Updated styles for Add Event Streaming Connection modal
• Fixed issue where external id was not copyable in the AWS SSO create screen
• Minor updates to UAR decision selection
• Fixed scalability of request details view when there are long answers or many custom fields.
• Bundles API Delete endpoints will not 404 when attempting to delete an already deleted resource
• Fixed a pagination bug on the risk center.
• Fixed bug with 'Duplicate Request' button and custom fields.

• Fixed an issue where access review notes weren't being properly saved in certain scenarios.
• Updated styles for create / edit modals for UAR for better dark mode compatibility
• New filter design in Risk Center for improved accessibility and visual clarity

• Added the ability to use Access Rules directly in Access Requests and Visibility Configuration
• UARs can now be used to review Groups & Resources that Access Rules contain
• Fixed bug in Snowflake where sync errors occur when there are child roles created with double-quotes
• Updated direct access only checkbox in resource users
• Added IDP Status of a user to resources users table