Bug Fixes

• Fixed bug causing IDP group mappings to get hidden in the catalog.

Improved

• Enabled searching by resource's remote ID in UI for easier resource discovery

Improved

• Improved IDP group mappings API with RESTful URL structure and included application resource ID in responses

Bug Fixes

• Fixed permissions issue preventing non-super-admins with import permissions from triggering resource imports for Native Apps
• Fixed tag dropdown search functionality to properly filter results
• Fixed table sorting to correctly handle resource access without expiration dates

Added

• Added the ability to sort access review assignments by reviewer name, making it easier to organize and find assignments

Improved

• Improved Okta app visibility by showing apps both as top-level items and as resources under the Okta Native app, enabling bulk edit/removal via the Assets table

Bug Fixes

• Fixed rendering issue for custom fields in ticketing integrations
• Fixed a bug where indirect access could fail to propagate in specific edge cases

Deprecated

• Deprecated mistakenly added extensions_duration_in_minutes field in Resource/Groups API (should be set in request_configurations)

Bug Fixes

• Fixed nested group indirect access propagation failure in specific edge cases

Added

• Added Github app setting to toggle automatically linking Github user identities for Organizations using SAML SSO

• Added ability for admins to create delegations for all users in the organization at inventory/delegations

• Added a new REST API endpoint to retrieve individual IDP group mappings by app resource ID and group ID

• Added public API endpoints for managing request reviewer delegations, allowing users to delegate access review requests to other users during absences

  • GET endpoint for listing delegations
  • POST endpoint for creating delegations
  • GET endpoint for retrieving specific delegations
  • DELETE endpoint for removing delegations

• Added support for user account deprovisioning for Okta, Salesforce, PagerDuty, Duo, Google Workspace, and Custom Connectors. Deprovisioning can be enabled for an app under "Edit App". Once enabled, user accounts will be deprovisioned when:

  • Their access is revoked in an access review
    • When deprovisioning is disabled, user accounts will not be displayed in access reviews, only their entitlements.
  • The user is deprovisioned in the configured HRIS/IDP
  • The account is manually deprovisioned via Opal

Improved

• Improved Slack admin/deny/approval with MFA modal to be simpler to use (Slack only)

Bug Fixes

• Fixed an issue where a nil pointer would sometimes be surfaced for Okta group rules sync, instead of the actual error

• Fixed an issue where approvals with MFA would not resolve when approving through Slack (Slack only)

• Fixed a bug where the App Details tab could become stuck on loading

• Removed revocation indicator on Requests details view

Release Notes

Added

• Added new public API endpoints:

  • GET /requests/:id/comments
  • POST /requests/:id/comments
  • POST /requests/:id/deny

• Added an API endpoint, GET /groups/users/:user_id, to request all groups a user is a member of

Improved

• ThePOST /groups API endpoint now creates Okta and Google Groups if remote_info is not specified. This is useful for Terraform or custom automation when creating new remote groups is desirable.
• The Connect button is now shown when available instead of Request in the Catalog card view.

Bug Fixes

• Fixed GET /requests/:id endpoint issues where reviewer stages were missing information and requested_items list showed incorrect access levels

• Fixed a bug preventing updating access review deadlines

Bug Fixes

• Fixed an issue where the GET /resources API would return 500s
• Fixed issue where users were not rendered correctly when adding more than 50 of them to an Access Review
• Fixed a bug preventing creation of apps for GitHub organizations in enterprises with managed users

Improved

• Improved categorization of native apps

Bug fixes

• Fixed creating Okta Groups and Google Groups from Opal
• (Self-Hosted Only) Add nodeAffinity to redis pods that forces them to be scheduled on amd64 linux nodes, preventing issues when running clusters with arm instances.

Bug Fixes

• Fixed Select all button not being clickable

• Fixed access review name filters not working

Added

• Added feature to quickly re-request access to resources in Slack
• Added feature to extend access to requests in the Opal UI and Slack, configurable when editing resources
• Added the ability to star resources as Favorites in the Catalog