Release Notes
32 article
Q4 2024 Version 2.374 (01/06/2025)
Last Updated: January 8, 2025Bulk Reviewer Management at Campaign Level Credential Visibility Control at Campaign Level Track Reviewer Changes with Notes for Full Audit Visibility Automated Campaign Data Archival for Better System Performance Customizable Email Reminders for Timely Campaign Completion Dynamic Button Visibility on Application Credentials Screen Enhanced WebAPI Security with Bearer Token Authentication Expanded SharePoint Connector for Multi-Site Data Access Automated CSV Entitlement Mapping for Streamlined Imports Role-Data for Azure AD Imports Detailed User Change Tracking with From/To Values in Audit Logs Campaign Approvals Fully Captured with Approve All Logging Enhanced Clarity in Audit Logs with Campaign and Application Names Dynamic End Date Inclusion in Reviewer Notification Emails Bulk Reviewer Management at Campaign Level A new Bulk Update Reviewer option has been added to the campaign page, allowing administrators to efficiently manage and delegate reviewer responsibilities at scale. This enhancement significantly reduces the time required to update multiple reviewers, streamlines reviewer management, and minimizes the risk of oversight. Additionally, the Update Manager Notification now includes details of delegated users, entitlements, and applications, enhancing transparency and ensuring all stakeholders remain informed throughout the delegation process. This feature saves valuable administrative time by enabling mass updates, reducing manual effort, and ensuring that no critical tasks are missed due to oversight. Credential Visibility Control at Campaign Level The credential hiding configuration, previously applied globally, can now be set at the campaign level. This allows administrators to selectively exclude single credentials (with no entitlements) from specific campaigns, providing greater flexibility and precision in managing credential visibility without impacting other campaigns. By allowing credential visibility to be customized for individual campaigns, this enhancement ensures that unnecessary data is excluded only where relevant, improving the focus and efficiency of specific reviews without affecting global settings. Track Reviewer Changes with Notes for Full Audit Visibility A Notes section has been introduced in the Update Reviewer feature, allowing administrators to document reasons for reviewer changes. These notes will appear in reports, exports, and notifications, offering a clear audit trail for all reviewer updates and improving overall accountability. The inclusion of this feature strengthens audit readiness by maintaining detailed records of reviewer changes, promoting transparency, and ensuring that all actions taken are clearly documented and easy to reference during audits. Automated Campaign Data Archival for Better System Performance Campaign data is now automatically archived based on configurable retention periods. Administrators can download archived campaign reports at any time, ensuring access to historical data without cluttering the active campaign list, which improves overall system performance. This feature enhances system efficiency by preventing active campaign lists from becoming overloaded with old data while preserving long-term access to critical historical records, supporting both compliance requirements and performance optimization. Customizable Email Reminders for Timely Campaign Completio Administrators can now configure specific dates for reminder emails instead of relying on a fixed number of days before the campaign end date. This added flexibility ensures reminders are sent at the most appropriate times, aligning with internal workflows and increasing the likelihood of timely reviews. By offering more control over reminder scheduling, this enhancement increases the chances of task completion, reduces overdue reviews, and ensures that notifications are timed strategically to maximize response rates. Dynamic Button Visibility on Application Credentials Screen The Application Credentials screen now dynamically hides irrelevant buttons based on the selected status in the Status dropdown. This declutters the interface and ensures users only see actions relevant to the current state of the credential, improving overall user experience and reducing potential for errors. By simplifying the interface, this change allows users to focus on necessary tasks, minimizes distractions, and ensures a smoother, error-free experience when managing credentials. Enhanced WebAPI Security with Bearer Token Authentication The WebAPI Connector now supports authentication using Basic Auth with a Bearer Token. This enhancement enables more secure and versatile API integrations, meeting diverse security requirements while maintaining compatibility with existing systems. The ability to use both Basic Auth and Bearer Tokens enhances integration security, providing stronger protection for sensitive data and allowing organizations to comply with modern authentication standards. Expanded SharePoint Connector for Multi-Site Data Access The SharePoint Connector has been enhanced to retrieve data from multiple site collections when configured with an account that holds Site Collection Admin permissions. This improvement supports complex SharePoint environments and ensures broader data access. By enabling multiple site collection retrieval, the connector reduces manual data consolidation efforts, improves operational efficiency, and simplifies data gathering from diverse SharePoint resources. Automated CSV Entitlement Mapping for Streamlined Imports The CSV connector now supports mapping multiple entitlements spread across horizontal columns. This removes the need for manual transformations, as the application can process Entitlement 1, Entitlement 2, etc., directly from the CSV headers. This feature significantly reduces administrative workload by automating entitlement mapping, ensuring greater accuracy, and saving time otherwise spent on manual data manipulation. Role-Data for Azure AD Imports A new feature in the Azure AD connector enables administrators to include or exclude specific roles during data imports. This feature allows for more precise control over role-based review management. This update reduces unnecessary data imports, streamlines the onboarding process, and ensures that only relevant roles are included in each campaign. Detailed User Change Tracking with From/To Values in Audit Logs The User Audit Trail now captures and displays both the old and new values for all user actions. This enhancement improves visibility into data changes, making audits more effective and comprehensive. The ability to view both the original and updated values ensures greater accuracy in audits, facilitates rapid troubleshooting, and provides a more complete understanding of user actions and system modifications. Campaign Approvals Fully Captured with Approve All Logging Actions taken by reviewers using the “Approve All” button are now logged in the Campaign Audit Trail. This provides administrators with greater insight into the review process, ensuring full transparency. Capturing these bulk approval actions increases accountability, ensures all decisions are traceable, and provides clear documentation for regulatory and audit requirements. Enhanced Clarity in Audit Logs with Campaign and Application Names Audit trail entries now include application...
Q3 2024, Version 2.373 (10/01/2024)
Last Updated: November 26, 2024Campaigns Enhanced Auto-Close Campaign Feature Display Percentage Complete at Top of All Campaign Election Pages Campaign Close Confirmation to Include Campaign Name Delta Campaign with no changes Shown 100% Complete Additional Columns on Reviewer Pages Campaign Notes for Credential and Entitlement during Revoke Process Application Clone a SOR as an Application Connectors Bitbucket – A New Connector Active Directory – Employee ID Flag is Now UI Level Config SOR Connectors – Exclude Employee ID Through Config Snowflake Connector – Additional Functionality FlexFolder Connector – Custom Configuration Options Credential Updates Application Credential is Purged Un-assign From the People Identity SOR People Identity is Purged Un-assign From All Applications Matching Logic Admin Can Now Assign an Unmatched Credential Audit Logging Audit Trail of Application Config Change Captures Additional Details Messaging Slack & Teams – Launch Campaign Message Directly Sent to User Instead of Channel Ticketing SNOW – For Scripted API method Table Name is Configurable JIRA – Issue Type is Configurable Report Add additional Columns to Users Report Campaigns Enhanced Auto-Close Campaign Feature Instead of triggering the auto-close feature once the 100% completion threshold is reached, this functionality is enhanced to wait until the end date of campaign before closing the campaign automatically. This ensures that admins have sufficient time to make any necessary changes before the campaign closure. However, it is configurable to close the campaign immediately or wait till campaign end date. Display Percentage Complete at Top of All Campaign Election Pages Campaign progress percentage is shown at top-right of review screens with fill colour indicating the overall progress (akin to traffic-light red-yellow-green) This is how it looks when 100% complete As campaign progresses, percentage complete is shown in yellow as below- Campaign Close Confirmation to Include Campaign Name With this change User can be doubly sure that they are closing the correct campaign, as Campaign Name is shown in the Campaign close confirmation popup. Customer suggested and we listened. Delta Campaign with no changes Shown 100% Complete Progress of a Delta campaign with no changes/elections to be made, is changed to 100% immediately on launch of campaign, thus helping UAR admin in campaign management. Additional Columns on Reviewer Pages Two new columns “SOR Email” and “HR Status” is available on the UAR Campaign screen. This additional information would help expedite review process for manager with large number of reportees. Campaign Notes for Credential and Entitlement during Revoke Process Today when Credential is revoked all corresponding Entitlements are revoked automatically by the application. As part of this enhancement whenever credential is revoked and user provides notes, the same Notes is applied and displayed to associated entitlements as well. Application Clone a SOR as an Application Earlier SOR was allowed to be included in a campaign. In an earlier release, we removed and made to only include Applications. Hence if same HR system is required for Credential reviews user had to duplicate that as an Application. With this enhancement a user can decide to clone a SOR as an Application during creating the SOR itself. Configuration for cloning the SOR as an Application SOR & Application Created Connectors Bitbucket – A New Connector Securends is expanding its Out-of-the-Box integration with addition of this new connector with Bitbucket. Bitbucket connector will pull project permissions as entitlements with format : {Project Name} – {Permissions} Navigate to Applications->Add->Data Ingestion = Connector. Select Bitbucket Connector. Add connection details and mapping. Active Directory – Employee ID Flag is Now UI Level Config Employee ID field while using Active Directory can be mapped to different incoming fields. However this mapping had to be done in database with the help of support team. With this enhancement the mapping is now available in the SOR/Application screens for AD Connector. This also gives flexibility to have different mapping for different AD. SOR Connectors – Exclude Employee ID Through Config During connector sync of a SOR, if the source system had employee ID data, Securends ingested that attribute. This affected how records are added to People and updated. In some cases the employee id attribute in the source system was used for other reasons than as a unique value. With this release by providing an additional configuration option, API need not always ingest the employee ID attribute. This option at SOR connector level, gives freedom to clients to pull employee ID from one SOR and not from another SOR. Snowflake Connector – Additional Functionality Currently, from Snowflake Integration, Securends application was pulling Single/Default Role of user in data sync. However users can have multiple roles in Snowflake. Securends integration with Snowflake is now improved to pull all the Roles of user (Default Role + Granted Roles) FlexFolder Connector – Custom Configuration Options Similar to SFTP or Cloud Storage flex connectors, FlexFolder is a helpful way to automate ingesting data through CSV automatically. We are now making FlexFolder more configurable so that customer can provide their own mapping instead of having to follow the default header names in the CSV. Credential Updates Application Credential is Purged -> Un-assign From the People Identity This feature is part of Securends plan of improving the product continuously for better user experience. When status of a credential moves to purged in any application, earlier our guideline to admins was to manually unassign credential from respective user/identity. This enhancement automates this step reducing manual user intervention. SOR People Identity is Purged -> Un-assign From All Applications Similar to the previous enhancement, this enhancement automates un-assigning purged identities. When an identity/Credential is purged in any SOR (only if the identity is matched automatically) Matching Logic Admin Can Now Assign an Unmatched Credential Fuzzy logic is great. But for those unmatched credentials, this feature reduces number of clicks to search for an identity and assign. When user navigates to fuzzy match screen(Application –> Credentials –> Match) and when there are no results(empty table) displayed for Fuzzy match and user clicks on ‘Assign Button’, now here itself we display Assign Credential popup for user to search and assign....
Q2 2024, Version 2.372 (7/01/2024)
Last Updated: November 26, 2024Campaigns Added Ability to Assign a Manager’s Direct Reports to a New Reviewer at One Time Applications NEW Flex RPA Connector NEW Microsoft Dynamics Business Control Connector NEW Paylocity Connector Updated Match Logic Emails Added Optional “Reply To” Field and Header to Email Configuration Ticketing Added Ability to Configure Columns in the CSV Sent for Ticketing and Email Provisioning Improved Display Fields in CSV and Reordered Columns NEW – Deskpro Ticketing Added a New Configuration to Service Now Ticketing to Pull Assignee from “Display Name” Platform Modernization Java Upgrade Campaigns Added Ability to Assign a Manager’s Direct Reports to a New Reviewer at One Time SecurEnds has made it easier to delegate a manager’s direct report reviewers to another reviewer. We have added “SOR Manager Email” as an option for credential delegation. When selected, users may search for a manager’s email and then select the direct reports that should be assigned to a new reviewer. A Credential Delegation Audit Trail will track the delegation. Navigate to Access Review->Delegation. Select Credential Delegation in the dropdown and select applications. Select SOR Manager Email in the dropdown, then search for a manager and select. Select direct reports to reassign in the Direct Report dropdown and then enter the new reviewer in Assign Reviewer. Then click SAVE. The reviews previously assigned to the manager’s direct reports will now be assigned to the user in Assign Reviewer. Applications NEW Flex RPA Connector The RPA (Robotic Process Automation) connector revolutionizes the extraction of entitlement data from a multitude of applications without an API. This connector was introduced in a limited release and is now available to all in this Q2 wider release. Navigate to Applications, click ADD button. Select Flex Connector radio button. Enter name and select Flex RPA. Click Save and follow the instructions in our Flex RPA Users Guide. NEW Microsoft Dynamics Business Control Connector We have added the Microsoft Dynamics Business Control Connector that will pull users and permissions and be available as an SOR or Application. Navigate to Applications->Add. Select Connector radio button and search for “dynamics”. Select the Dynamics 365 Business Central Connector. Add connection details. NEW Paylocity Connector The new Paylocity Connector may be used as an SOR or application and will pull users. We currently only support one Company ID. Navigate to Applications->Add. Select Connector radio button and search for “paylocity”. Select the Paylocity Connector. Add connection details and Save. Updated Match Logic SecurEnds has updated our application match logic to handle specific customer use cases. When syncing and matching, all credentials will be unassigned and all identities will be terminated when an SOR is disabled. Emails Added Optional “Reply To” Field and Header to Email Configuration We have added the option to set the “Reply To” field as a different address than the login email address. It will show as a header in all SecurEnds emails. When “Reply To”, the email will be forwarded to this address. Navigate to Configuration->Email Settings->Setup Enter “Reply To” address in Configuration. Ticketing Added Ability to Configure Columns in the CSV Sent for Ticketing and Email Provisioning Improved Display Fields in CSV and Reordered Columns A new configuration was added to specify which columns should be displayed in the Ticketing and Email CSV attachment. Navigate to Administration->Configuration->Ticketing System for Access->Configurations. Search for EXCLUDE_COLUMNS_FROM_TICKETING_SYSTEM_ATTACHMENT and select Update in the action gear. To include all columns, enter No. To specify columns to include, enter each column header separated by commas. In this example, the following columns are excluded: entitlement description, entitlement DN, notes, termination date, Business justification The excluded columns are not displayed in the CSV attachment. For Manager Elections, we will display “App Credential – <credential value>” on the Ticketing and Email CSV attachment. Columns will be displayed in the following order: NEW – Deskpro Ticketing SecurEnds is now able to send tickets via Deskpro To configure Deskpro, navigate to Configuration->Ticketing System for Access Review. Select “Set Up”. Select “Deskpro” in Ticketing System dropdown and enter connection details. When setting up applications, select “Deskpro” for ticketing. Added a New Configuration to Service Now Ticketing to Pull Assignee from “Display Name” By default, SecurEnds will pull Assignee from the “Name” field in Service Now. An option has been added to pull Assignee from the “Display Name” field. This configuration is in the application property file. If this change is desired, request a property file change from your Implementation Consultant. Platform Modernization Java Upgrade Adhering to industry best practices is important to SecurEnds so we are continually upgrading our IT platform. In this release we have upgraded Java to version 17 and Spring Boot to version 3.2.1.
Q1 2024, Version 2.371 (4/01/2024)
Last Updated: November 26, 2024Campaigns Added SOR Last Sync when Creating a Campaign Added the Ability to Change the Background Color of Campaign Instructions Added the Ability to Define the Quarter Date Range for Historic Campaigns Applications Added Ability to Copy Existing Applications Added “Type” column on SOR and Application Pages Added Export on the Application Entitlements Page Added “Status” column on Entitlement Credential Page Added a “Test Connection” Button when Creating an Application to Test Connectivity Add Capabilities of SFTP Flex SORs to CSV SORs Box Cloud Storage Connector – New Connector Reports Added Entitlements to the User Report Added Application and User Status Filters to the User Report Added Ability to Send User Report to AWS or Box Send Terminated Reviewers Report after SOR Sync Rather Than Daily Job Email Notifications Test Email Connection Prior to Sending Launch and Manual Reminder Emails Administration Configurations Consolidated Campaign, Ticketing and Email Configurations Campaigns Added SOR Last Sync when Creating a Campaign SecurEnds has added a configurable option to display the latest SOR sync date and time when creating a campaign. Navigate to Configuration->Campaigns->Configurations. Set INCLUDE_SOR_SYNC_ON_CAMPAIGN_ADD to true. The default value is true. Navigate to Campaigns->Add. Select a campaign template. The list of all SORs with will be listed with their last sync date and time. Added the Ability to Change the Background Color of Campaign Instructions The background color can be green(default), white, red, blue or yellow. Navigate to Configuration->Campaigns->Instructions/Notes. Select the background color from the dropdown. The instructions will display the color selected. Added the Ability to Define the Quarter Date Range for Historic Campaigns We have added the ability to define Quarter 1 to begin on any month of the year. Previously, Q1 was always defined as January, February, March. Now, users have the ability to set when Q1 begins and subsequently the following quarters. Navigate to Configuration->Campaigns->Configurations. Set QUARTER1_STARTING_MONTH to any number between 1 and 12. For example, if enter 2, then Q1 will begin with February. Q1 will be February, March, April. Q2 will be May, June, July, etc. Navigate to Historic Campaign and select the Quarters dropdown. The quarters will be define based on the selected starting month. Applications Added Ability to Copy Existing Applications Users are now able to copy applications. The configuration details will be replicated, only requiring a new name for the new application. This feature is only available for Applications, not SORs. Navigate to Applications and select “Copy” in the action gear. Enter a new application name. The remaining fields will all be replicated from the original application. Filtering may be updated. Added “Type” column on SOR and Application Pages We have added a “Type” column on the SOR and Application pages which will allow users to filter by Type. Navigate to Applications or System of Record. Enter type of application to filter. Added Export on the Application Entitlements Page On the Application Entitlements page, users are now able to export a list of all Active Entitlements and the associated active (not purged) Credentials. Navigate to Applications->Entitlements. Select Export button. Entitlements with the associated credentials will be listed in the Export. Added “Status” column on Entitlement Credential Page SecurEnds has added a credential status column on the Entitlement Credential page to inform users if the credential is Matched, Unmatched, Excluded, Service Account or Deleted. Navigate to Applications->Entitlements->Credentials Added a “Test Connection” Button when Creating an Application to Test Connectivity Added a “Test Connection” button to our most popular connectors to confirm connectivity when creating an application. No need to wait to sync an application to confirm connectivity. Connectivity can be tested when creating the application without retrieving data. Navigate to Applications->Add->Connector->Azure AD After entering Configuration Details, click the Test Connection button. When invalid credentials are entered, an error will display. Add Capabilities of SFTP Flex SORs to CSV SORs CSV SORs function the same as the SFTP Flex Connector. Previously, the UI counts only displayed Total People and Skipped records. Now, the UI counts also display the number of credentials that are matched, unmatched, purged and skipped. When deleting an SOR, the identities in People should be deleted. The following actions are available in the action gear: Sync, Update, Delete, Import, Entitlements, Credentials, Export, Schedule Export, Custodian, Disable, Bulk Assign, Bulk Exclude and Bulk Restore, Export Skipped Records, Sync Status, Details, View Audit Trail. Box Cloud Storage Connector – New Connector We have created a new connector to expand the SFTP connector capabilities. This new connector gives users the ability to use SFTP but connect to a Box file repository. Navigate to Applications->Add->Data Ingestion = Flex Connector. Select Cloud Storage Connector. Select Box in Host dropdown. Add connection details and mapping. Reports Added Entitlements to the User Report Added Application and User Status Filters to the User Report Users now have the option to display the User Report with or without entitlements. Users also have the ability to filter the User Report by Application and User Status in an Application. Navigate to Users Report. To include entitlements, check “Include Entitlements” or de-select to exclude entitlements. The default is unchecked, do not include entitlements. Select filters for Applications and User Status in Application. When setting up a scheduled User Report, users may choose to include or exclude Entitlements. Added Ability to Send User Report to AWS or Box Scheduled Users Report may now be sent to an AWS or Box repository in addition to SFTP. Navigate to Administration->Configuration->Users Report Schedule Select Export Method = SFTP, AWS or Box Send Terminated Reviewers Report after SOR Sync Rather Than Daily Job When configuration IS_EMAIL_TERMINATED_REVIEWERS_NOTIFICATION is set to true, an email report of terminated reviewers will be sent. Previously, this report was sent daily. Now the report will be sent when the SOR is synced. Navigate to Configuration->Default UI Configuration-> IS_EMAIL_TERMINATED_REVIEWERS_NOTIFICATION. Set the value to true. When an SOR is synced, the report will be run and an email will be sent if there are terminated users. Email Notifications Test Email Connection Prior to Sending Launch and Manual...
Version 2.369 (01/01/2024)
Last Updated: November 26, 2024Campaigns Added the Ability to Create Hierarchical Campaigns Added the Ability to Send Additional Escalation Emails to Upper-Level Management Added the Ability to Include BCC in Emails Added Fields to the Fuzzy Match Page Applications AWS Cloud Storage Connector – New Connector On-Prem Jira Connector – New AWS IAM Identity Center Connector – New AWS Cloud DB Connector – New Ultipro (UKG) Connector – Updated AD Connector – Show Nested Entitlements by Default Workday Connector – Improved Failure Messaging WebAPI Connector – Added Support for Oauth 2.0 Access Request/Identity Lifecycle Management Added a Configuration to Be Able to Request Access for Any Application, Regardless of Group Assignment Improved Request Access UI Added the Ability to Request All Application Types Audit Trail Added an Audit Trail for Administration Configurations Ticketing/People Added Ticketing for ManageEngine ServiceDesk Added the Option to Use the Two-Step Checkout Model in Service Now Request Security Upgraded to Latest MySQL Version 8.0.34 Added Captcha to Login Page Campaigns Added the Ability to Create Hierarchical Campaigns This feature enhances campaigns by providing the ability to create multiple levels of approval. After the initial review process, the campaign may be reviewed by two additional reviewers before completing the campaign. When each review level is 100% complete, the review will automatically be sent to the next level of reviewers. The 2nd or 3rd level reviewers may be the Direct Manager (if not reviewed by Direct Manager at the 1st level), Reviewer’s Manager or an Alternate Reviewer. The 2nd and 3rd level reviewers will see the elections made by the previous reviewer. They may choose to keep the election made by the previous reviewer or change it. Once a campaign level is complete, it moves to the next level reviewers. The previous reviewers may not view the campaign at that point. 2nd and 3rd level reviewers will be notified via email when the previous level is complete and the campaign is ready to be reviewed at their level. 2nd and 3rd level reviewers must select “Complete Campaign Level” on the Open Campaigns page when they have completed elections. When all reviewers have selected “Complete Campaign Level”, the review will move to the next level reviewers. Administrators will have the ability to move the campaign to the next level of reviewers, even if the elections are not 100% complete. To create a Hierarchical Campaign, navigate to Campaigns->Add. Select the first level campaign reviewer. Select Hierarchical Review = Yes, and select the 2nd level reviewer. To select a 3rd level reviewer, click “+ Add Additional Level” Select a 3rd level reviewer. Reviewers will see the hierarchical review by clicking “Open & Completed Campaigns” To perform the review, reviewers select “Continue Review”. When all elections are made, the Reviewer should select “Complete Campaign Level”. When all Reviewers have completed the level, reviews will automatically be sent to the next level Reviewers. Administrators may select “Complete campaign Level” on the Campaigns action gear to move to the next level even though all reviewers have not selected “Complete Campaign Level” and elections are not complete. Added the Ability to Send Additional Escalation Emails to Upper-Level Management When reviewers have not completed reviews by the end date, an escalation email may be sent to their direct manager. We have added the ability to also send an additional email to the manager’s manager or anyone else when the reviews are not complete. Navigate to Campaigns->Add. Select “Send escalation email to reviewer’s manager”. Check “Send additional escalation emails”. Select to send email to the next level manager or another person. Also select when to send the email based on the number of days before the end date. Added the Ability to Include BCC in Emails We have added the ability to add a blind carbon copy in all emails. When the BCC field is entered, all emails sent from SecurEnds will also be sent to the BCC. Navigate to Configuration->Email Configuration->Setup. Add an email address in the BCC field. Added Fields to the Fuzzy Match Page On the Fuzzy Match page, SecurEnds is now displaying columns for HR Status and Manager Email. Navigate to Applications->Credentials->Unmatched Credential->Match Applications AWS Cloud Storage Connector – New Connector We have created a new connector to expand the SFTP connector capabilities. This new connector gives users the ability to use SFTP but connect to an AWS file repository. Navigate to Applications->Add->Data Ingestion = Flex Connector. Select Cloud Storage and add connection details and mapping. On-Prem Jira Connector – New SecurEnds now supports On-Prem Jira. Navigate to Applications->Add->Data Ingestion = Connector. Select Jira. In Configure Application, select Instance Type = On Premise. Add connection details and mapping. AWS IAM Identity Center Connector – New SecurEnds has built an AWS IAM Identity Center/AWS SSO Connector. Any SSO may be configured to add users and groups to the AWS IAM Identity Center. SecurEnds will pull users as credentials and groups and permission sets as entitlements from the AWS IAM Identity Center. Navigate to Applications->Add->Data Ingestion = Connector. Select AWS IAM Identity Center. Add connection details under Configure Application. AWS Cloud DB Connector – New SecurEnds has added a new connector to pull from an AWS Cloud DB. This connector will utilize an access token for authentication. Navigate to Applications->Add->Data Ingestion = Flex Connector. Select Cloud DB. Add connection details. Ultipro (UKG) Connector – Updated Improvements have been made to the Ultipro(UKG) Connector. Tooltips were added to the Configuration label.s and Last Authentication Date is now displayed. Role and it’s description details are shown on the Application Entitlement page. Employee Title, Job Title and Department with their associated descriptions are shown on the People page. We have added the ability to map employeeType to any key by specifying it in the Configure Application section. Navigate to Applications->Add->Data Ingestion = Connector. Select Ultipro. Enter connection details. AD Connector – Show Nested Entitlements by Default For the AD Connector, SecurEnds will always show “Include Nested Entitlements” with a default of No. Previously, in order to include Nested Entitlements, the...
Version 2.367 (10/01/2023)
Last Updated: November 1, 2023Campaigns Added the Ability to Create and Use Multiple Campaign Instructions Added the Ability to Select Entitlements in a Campaign Template Via Bulk Upload Change “Approve All” and “Revoke All” to a Configurable Option When Custom Entitlement Descriptions are Uploaded, Display Custom Entitlement Description in “SecurEnds Description” Column Added “Send Notifications to Campaign Owners” on Campaign Details Page Added Login Created Date to Campaign Pages Allow Additional Special Characters when Creating Campaign Name On Campaign Close Page, Added Percent Complete if not 100% On the Campaign Review All Page, Allow Users to Select the Columns they Wish to View Added Application and Election Filters on the Campaign Review and Review All Pages Added the Ability to do Stale Account Reviews Added Campaign Exception Audit Trail Applications WebAPI Connector – New Connector Okta Connector – When Okta is the SOR, Added the Ability to Map Employee Type to userType Attribute or another Okta attribute Okta Roles Connector – Enhancement SFTP Connector – Email is No Longer Required When Have First/Last Name SFTP Connector – Column Headers Are No Longer Case Sensitive Jack Henry Enhancement Office 365 – Added Entitlement Filtering Added Application Manager and Service Account Reviewer to Credentials Page Added the Ability to Schedule Application Exports Added Bulk Upload of Descriptions for Service Account Credentials or Manual Entry of Description when Assigning Service Accounts When applications are filtered by “Include Inactive Credentials”, all values mapped to Inactive status in SOR Fields Mapping will be Used Emails Added the Ability to Send Emails to Alternate Email Addresses Added the Ability to Delete and Rename Email Templates Added the Option to Send a Notification When a User is Added or Removed from A SecurEnds Role Added an Option to Send an Email When Reviewers Have Been Terminated Added the Option to Send Escalation Emails after the Campaign End Date License Tracking Added a Module to Keep Track of Purchased Identities and Applications Vs. Actual Identities and Applications Users/People Made the Ability for Reviewers to Terminate their Direct Reports Configurable Added a Filter on the People Details Page to Include or Exclude Terminated Users Home Page Changed Wording of “Unmatched Users” on Home Page Enhanced My Access Page Campaigns Added the Ability to Create and Use Multiple Campaign Instructions This feature enhances campaigns by allowing Administrators and Campaign Owners to customize reviewer campaign instructions for each campaign. Configuration “Reviewer Notes” was changed to “Campaign Instructions”.. Navigate to Administration->Configuration->Campaign Instructions->Set Up Select “Add New Instruction” in Dropdown. To increase the size of the instruction box, drag the right corner down. Enter a name for the new campaign instructions, enter instructions to display in the campaign and then select Save. When creating a campaign, on the campaign Add page, select which instructions to display for this campaign in the dropdown. On the campaign review page, the customized instructions will be displayed. Added the Ability to Select Entitlements in a Campaign Template Via Bulk Upload When ALL entitlements will NOT be reviewed in a campaign, this feature makes it easier to select a large number of entitlements for review in a Campaign Template. Navigate to Campaign Templates->Add. Select one or more applications. Select “No” to not include all Entitlements. Bulk Select will be displayed. Click “Bulk Select”. Click “Download” to download the list of Entitlements for this application. Enter “Yes” in the “Select” column to select the entitlement for review. Upload the file on the Bulk Select Entitlements page. Entitlements will now be selected in the Campaign Template and saved. Change “Approve All” and “Revoke All” to a Configurable Option To curb reviewers from conducting check the box reviews, we have made “Approve All” and “Revoke All” configurable. When Show_ApproveAll_RevokeAll_Campaigns is set to False, the “Approve All” and “Revoke All” will not be displayed on the Campaign pages. Navigate to Configuration->Default_UI Configuration-> Show_ApproveAll_RevokeAll_Campaigns. Value is set to true. Approve All and Revoke All are available for selection on the Campaign pages. Navigate to Configuration->Default_UI Configuration->Show_ApproveAll_RevokeAll_Campaigns. Value is set to false. Approve All and Revoke All are not available for selection on the Campaign pages. When Custom Entitlement Descriptions are Uploaded, Display Custom Entitlement Description in “SecurEnds Description” Column On the Entitlement page, Application Entitlement descriptions are displayed in the “Description” column. However, previously, if Entitlement descriptions were updated via Bulk or Custom, this description overlayed the original description. We will now display both. The original description will be in the “Description” column. Any custom or bulk updates will be displayed in the “SecurEnds Description” column. On the Review All page, the custom description will be displayed in the “Description” column. Added “Send Notifications to Campaign Owners” on Campaign Details Page When a campaign is created and a Campaign Owner is assigned, we now display on the Campaign Details page if “Send Notifications to Campaign Owners” was selected, Navigate the Campaigns->Add. Select “Yes” to assign a Campaign Owner. Check “Send notification to campaign owners”. Select “Details” in Campaign action gear. Details now display if notifications are sent to campaign owners. Added Login Created Date to Campaign Pages The date the credential was created is now displayed for Manager Reviews, Application Custodian Reviews, Entitlement Custodian Reviews and as an optional column on the Review All page. In addition, this value is displayed on Campaign Reports, Effectiveness Report and PDF Report. On Review All page, select “Login Created Date” in column selection. Campaign Report Campaign PDF Report Allow Additional Special Characters when Creating Campaign Name Ampersand, Colon, Semicolon, Comma, Period, Question Mark and Pipe Delimiter (& : ; , . ? |) may now be included in Campaign Names On Campaign Close Page, Added Percent Complete if not 100% When Administrators or Campaign Owners close a campaign that is not 100% complete, they will be notified of the campaign completion percentage. Select “Close” in the Campaign action gear. If reviews are not 100% complete, the percent complete will be displayed as a warning. On the Campaign Review All Page, Allow Users to Select the Columns they Wish to View Users...
Version 2.366 (06/19/2023)
Last Updated: November 1, 2023Campaigns Added the Ability to Select Election Note from a Dropdown Improved Filtering on Review All Page When Creating a Campaign, Show Campaign Status as In Progress Added Campaign Progress to Campaigns Page Added the Ability to Sort the Progress Column on the Campaign Report Added the Ability to Close a Campaign on the Campaign Report Page Added Campaign Search and Application Search on Historic Campaign Page Delete Delegations when the Delegatee is Terminated Added Timestamp when Elections Are Made by Reviewers On Campaign Review and Review All Pages, Added Manager Email to the List of SOR Attributes Displayed Added “Previous Review” and “Next Review” Buttons on Campaign Review pages to Improve Navigation Provide Reviewers with the Option to Update the Reviewer Within the Campaign Delete All Associated Campaigns and Campaign Templates when Deleting an Application Added Manager and Entitlement Custodian Campaign Type Added the Ability to Include Rich Text Editing (Bold, Italics, Indentions, Bullet Points, Hyperlinks, etc.) in Campaign Instructions Added the Ability to Bulk Assign Notes to Campaign Elections Applications Azure AD Connector – Pull Employee ID Azure AD – Limit Additional Data Pulled to What is Configured in the Additional Column Attribute Okta Connector – Added the ability to pull Manager email, Employee ID and custom Okta attributes AD Connector – Added a check if the account expires. If it does and the date is in the past, the SecurEnds status will be “Expired”. Added the Ability to Include a Note when Excluding or Deleting Credentials Added the Ability to Define a Default Reviewer at the Application Level SFTP Connector – Exclude Disabled Credentials When “Include Inactive Credentials” = No SOR CSV Import – Handled Cells with Line Breaks Users/People Added User Audit Trail Emails Added User Email ID to Notify Update Manager Email Security/Login Added Multi-factor Authentication Option for SecurEnds Login Hybrid/Alternate Login Upgrades Made SecurEnds Minimum Password Length Configurable User Report Removed Disabled Applications From the User Report Added Additional Search Options on the User Report General Improvements Added Retry Logic When User Network Connection is Lost. Updated Error Page if Connection is not Restored After Three Retries. Performance Improvement Campaigns Added the Ability to Select Election Note from a Dropdown This feature introduces election notes to include a dropdown with selectable options, which are defined in the configuration. Instead of writing free form election notes, a dropdown with pre-defined values will be available for Reviewers to select. This enhancement improves the flexibility and consistency of election management. Navigate to Administration?Configuration?Default UI Configuration and set “Show_Election_Note_Dropdown” to true to enable this feature. Navigate to Administration?Configuration?Reviewer Notes?Reviewer Notes Dropdown and enter dropdown options separated by pipe delimiter. Election Notes are available for selection. Improved Filtering on Review All Page This feature enhances the search functionality within the table by allowing users to search for specific values in multiple columns, such as Credential, First Name, and Last Name. The search results are displayed dynamically based on the entered search value. When Creating a Campaign, Show Campaign Status as In Progress To improve visibility into the campaign creation process, we have added campaigns to the Campaign List page immediately after the user initiates a new campaign. Previously, new campaigns did not appear on the Campaign List page until campaign creation was complete. Now the campaign appears immediately with a status of In Progress. Added Campaign Progress to Campaigns Page Added the Ability to Sort the Progress Column on the Campaign Report Added the Ability to Close a Campaign on the Campaign Report Page To help improve Review workflows, we have added a Progress column on the Campaigns page. The Progress column shows the percentage of elections that have been completed. This field may be sorted, so incomplete campaigns may appear at the top. In addition, the Progress column on the Campaign Report can now be sorted. Also, Campaigns may now be closed from the Campaign Report page. If users are reviewing the Campaign Report, there is no need to navigate back to the Campaign list page to close the campaign. The Campaign Report page can now be sorted by the election progress. Campaigns in Open status can now be closed on the Campaign Report page. Select “Close” in the Campaign Report action gear. Added Campaign Search and Application Search on Historic Campaign Page To help select applications or campaigns in the Historic Campaign Report, we have added the ability to search for the applications and campaigns. Delete Delegations when the Delegatee is Terminated This feature enhances campaign integrity by automatically removing delegations when the delegatee is terminated. The system will check if the delegatee is terminated in the People system. If the delegatee is found to be terminated, the system proceeds to delete the people delegation associated with them. The Delete action is auditable in the system, providing an audit trail of the event. This process is performed nightly. Navigate to Administration?Configuration?Default UI Configuration and set “Delete_Delegation_when_Terminated to true. Added Timestamp when Elections Are Made by Reviewers To give auditors an exact time when elections were made by reviewers, we have added a timestamp to the date field. The date/timestamp will be included on all Reports. On the Campaign Report page, timestamp was added to the Date column. In the Campaign PDF, the Timestamp was added to the Date column. In the Campaign Report Export, the Timestamp was added to the Date column. On Campaign Review and Review All Pages, Added Manager Email to the List of SOR Attributes Displayed When hovering over credential on the Campaign Review page, identity attributes are displayed for the user. The user’s manager has been added to this view. On Review page, SOR Manager Email is displayed. On the Review All page, SOR Manager Email is displayed when hovering on credential. Added “Previous Review” and “Next Review” Buttons on Campaign Review pages to Improve Navigation This feature enhances the review process by providing users with convenient options to navigate between previous and next reviews, saving time and effort. It is applicable...
Version 2.364 (4/10/2023)
Last Updated: November 1, 2023Campaigns Audits Audit Report Campaign Template Audit Trail SOR/People General Improvements Campaigns When filtering the campaign by SOR attributes, conditions can be created using AND and OR operators. Select SOR_STATUS_LABEL in ConfigurationàDefault UI Configuration Update the label to the desired value. New label will be reflected on the Review All page. Audits Report includes: Campaign Details Campaign Report Metrics Pie Chart Campaign Template Details Application Configuration Details Application Ticketing System Details Application Matched, Unmatched, Service Account, Excluded, Deleted, Purged, Skipped Counts Application Last Sync Date Securends version number and deployment date Select Export Audit Report on action gear. Audit Report Select View Audit Trail in action gear on Campaign Template page Campaign Template Audit Trail SOR/People General Improvements
Version 2.362 (03/10/2023)
Last Updated: November 1, 2023Alternate Login Campaigns Delegation Audit Trail Teams Integration for Notifications General Improvements Technical Support Access Request/Access Control Alternate Login Added the ability for non-SSO users to log into a customer instance with SSO Enabled. When hybrid login is configured, a new login page will allow login via username/password or Azure/Okta/OneLogin/Jumpcloud SSO. Non-SSO users should select Username & Password to login after entering SecurEnds URL. SSO users will land directly on the SecurEnds home page when clicking the Securends tile in Azure/Okta. SSO users that enter the SecurEnds URL should select Azure/Okta/OneLogin/Jumpcloud to login. Additional documentation is available to assist with setup of Alternate Login. Campaigns When all elections have been selected (approve or revoke), the campaign with automatically be closed. When launch, re-launch or bulk launch a campaign, select automatic close. Automatic Close will be displayed in the Campaign Details: Automatic close will be reflected in the Campaign Audit Trail: Removed the Entitlement Custodian, Application Custodian review type. Removed “Manager” from the Entitlement Custodian, Application Custodian, Manager Review Removed “Manager” from the Application Custodian, Manager Review There are no changes in the review functionality, only the titles were changed. Previous campaign types: New Campaign Types: Improved search performance on all campaign pages. Added a credential/first name/last name filter on the Review All page. We have changed the wording when setting up reminder notifications to make the selections more intuitive. Old Reminder Selections: New Reminder Selections: Additional SOR fields display in the Campaign Report export after the Credential Status column. Additional SOR fields display in the PDF below each credential or entitlement. When deleting a campaign template, the associated campaigns will be displayed in a confirmation window. If confirmed, the campaign template and all associated campaigns will also be deleted. Added the ability to launch multiple campaigns at one time. When all selected campaigns are launched, reviewers will receive one email with all campaigns that must be reviewed. Select Bulk Launch button on Campaign list page: Select campaigns to launch: Bulk Launch Email: Previously, SOR status was after Last Name. Now the SOR Status is immediately after the approve/revoke elections. Delegation Audit Trail Added an audit trail for all delegations. The audit includes creating, updating and deleting a delegation. On the Delegation page, click the Audit Trail button. Teams Integration for Notifications Launch, Reminder and Escalation notifications can now be sent via Teams. During campaign creation, users can send the launch, reminder and escalation notifications via email or Slack or both. To configure Teams notifications, navigate to Configuration, then click Set Up for Message Configuration. Add Teams configuration values: When creating a campaign, select Teams for Messaging. Campaign Launch Notification: Bulk Launch Notification: Campaign Reminder and Campaign Escalation Notification: General Improvements Previously, colons were right justified. They are now left justified. All logs now display in descending order by date. Technical Support When an administrator logs in, Service Desk button will be displayed and will link to the SecurEnds Service Desk when clicked. When a reviewer logs in, Need Help button will be displayed and will link to the SecurEnds administrator email. Add Securends administrator email link for questions from Reviewers. Navigate to Need_Help_Email under Default UI Configuration in the Configurations section. Need Help button is displayed for Reviewers: Service Desk button is displayed for Admins: Access Request/Access Control Applications will not be deleted when:
Version 2.361 (02/06/2023)
Last Updated: November 1, 2023AD Upgrades Generic Agent and Application Health Upgrades Service Accounts Reports User Guide Access Control AD Upgrades When configuring AD SOR, add title and department to additional columns. The additional columns then display on the People page. An entitlement review will include groups that have no users assigned to the group. Generic Agent and Application Health Upgrades When there is an Okta or Azure failure, additional information is displayed about the failure on the Generic Agent Status page. Notification is sent in the Generic Agent Health email. Service Accounts Reports User Guide Access Control
Version 2.359 (01/06/2023)
Last Updated: November 1, 2023Applications Identity Mindmap Campaigns Support People Applications Select “Bulk Restore” in Application action dropdown. Select to restore excluded, deleted and/or purged records and download the file. Change Access Status in the file and upload the file to restore the purged, deleted or excluded credentials. When the ticketing system is updated, the action is added to the audit trail. When an entitlement custodian is updated, the action is added to the audit trail. Select “View Audit Trail” in action dropdown for the application. Last Status Changed Date is included in the Credential and Entitlement exports. Identity Mindmap TERMINATION_MINDMAP should be set to true on Configuration Default UI Configuration page to enable this feature. When an application is created, ticketing system is required when creating the application. On the Identity Mindmap page, enter username. Select Terminate button and Save. Campaigns SOR Details have been restored for open and closed campaigns. Custom entitlement descriptions at application level have been restored on campaign creation. Support People On the People page, select “Not Assigned” in Manager dropdown to filter. Then click Export button.
Version 2.357 (12/05/2022)
Last Updated: November 1, 2023User Report Slack Notifications SoD Upgrade Email Audit Campaigns Exports Application Status User Report Previously the Users Report was only available via SFTP. Now the report will display in the UI and may be exported to a CSV. The report may be filtered and defaults to terminated users. Slack Notifications During campaign creation, users have the ability to send the launch, reminder and escalation notifications via email or Slack or both. Launch notifications are sent to the group channel: Reviewer reminder notifications are sent directly to the reviewer: Escalation notifications are sent directly to the reviewer’s manager: SoD Upgrade SoD Reports may now be run on sync, on demand, daily, weekly or monthly. This is configured when creating the report. Email Audit Campaigns Large campaigns are now created asynchronously. Campaigns are not displayed on the Campaign List page until campaign creation is complete. Campaign creation may take up to 12 minutes if a campaign has 4 million entitlements. A campaign with 40,000 entitlements should be created within 30 seconds. When campaign creation is complete and the Refresh button is clicked, the campaign will be displayed on the Campaign List page. By clicking the trashcan, the termination date will be removed. Elections may be changed by clicking Approve or Revoke and SAVE. CAMPAIGN_REPORT_INCLUDE_ELECTION_NOTES SOR_ADDITIONAL_ATTRIBUTES_REVIEW Exports Export filters are applied on the Campaign Report, Campaign Effectiveness Report, People, Emai Audit and Application Credentials. Application Status
Version 2.356 (11/04/2022)
Last Updated: November 1, 2023User Guide Campaigns Ticketing Applications User Guide Added a configurable user guide within the application to provide additional guidance. The guide may be accessed by clicking “Help” on each page. Help can be configured to display on the right side of the page or the bottom of the page. Campaigns When only Active Directory applications are selected to review, we now have the option to select an AD Entitlement Custodian campaign. This campaign will review users or first level of nested entitlements or both. The campaign is available by selecting a campaign template that includes only AD applications. We now display all identity attributes when hovering over a credential on the campaign review pages. This feature is configurable. Administrators are now able to enable or disable campaigns in the Action dropdown. Campaigns may be disabled when they are in ready or closed state. All campaigns that are disabled may be enabled. The campaigns may be filtered by enabled or disabled status. When a campaign is created and the campaign scope is acknowledged, this acknowledgement is added to the campaign audit trail. Added the ability to export the list of reviewers in the Action dropdown of each campaign. The reviewer list is exported to a csv file. The file displays each reviewer with the total number of reviews to complete and the number of reviews remaining to complete. Ticketing TeamDynamix tickets can be sent to assignee groups or assignee emails. Assignee groups and assignee emails may be set up under Configurations – Manage Assignee Details. When a ticket is created for any ticketing system, the status of the ticket (success or failure) is logged on the Administration Log page for Ticketing. Clicking on “View” will show the error. Applications For each action on an application, the user that performed the action, date/timestamp and description of the action are logged. The actions logged are Create, Sync, Update, Import, Credentials Assigned, Credentials Excluded, Credentials Deleted, Credentials Bulk Assign, Credentials Bulk Exclude, Credentials Bulk Restore, Status Change and Delete.
Version 2.355 (10/03/2022)
Last Updated: November 1, 2023Campaigns Service Accounts Emails Sorting People Campaigns For each action on a campaign, the user that performed the action, date/timestamp and description of the action are logged. The actions logged are Create, Launch, Close, Approved and Revoked Elections, User Terminated, Termination Date Deleted, Update Reviewer, Campaign Delegated, Reminder Notifications, Campaign Name or Start or End Date Updated Initially, all campaign templates are enabled. Campaign templates that are enabled may be disabled. Campaign templates that are disabled may be enabled. A filter was added to the UI to show only Enabled or Disabled templates. Disabled templates will not be available for selection when creating a campaign. Campaigns may be copied with a disabled template. When configuration Export_Review_List is set to true, reviewers are able to export their list of users to be reviewed. The export is available for all campaign types—direct manager reviews, application custodian reviews and entitlement custodian reviews. Application, Entitlement and Description were added to the top of each Entitlement Custodian Review page. For this campaign type, if an entitlement custodian is not assigned, then the application manager will perform the review. The title was updated to make this more clear. Service Accounts Emails Instead of sending individual emails to each reviewer for each of their campaigns, they will receive one email listing their reviews for all campaigns. Also, instead of sending separate escalation emails to managers for each of their reviewers’ campaigns, they will receive one email listing all of their direct report reviews across campaigns. Any variables in the body of the email template may be copied to the Subject Line. When creating a campaign, there is an option to send the following emails to the Campaign Owner: Notify Update Manager Notify Termination Date Campaign Close Campaign at 100% Complete Sorting People When importing people via a file, allow mapping to custom fields.
Version 2.354 (09/02/2022)
Last Updated: November 1, 2023Connectors Campaigns Access Request User Report Ticketing Connectors Pulls users and entitlements (groups, permission profiles, signing groups) Pulls users and roles Campaigns The Email is sent to the delegatee and the original reviewer is cc’d. Click the “Delegate Campaign” button at the top right. Email is sent when delegatee is entered. On the Reviews page, click on the information icon to see SOR details: On the Review All page, click on the information icon to see SOR details: Access Request User Report Ticketing
Version 2.353 (08/01/2022)
Last Updated: November 1, 2023Service Accounts SoD – Separation of Duties Email Identities Connectors Campaigns Service Accounts On Application Credentials page, filter status as “Unmatched”, select records and click “Service Account” button. Selecting “Service Account” in the status dropdown will display all Service Accounts. A reviewer may be added to a credential by selecting “Update Reviewer” from the action gear. Assign a reviewer by entering a valid email. Only active emails are valid. Click Update. Reviewer will now be displayed when clicking Details in the action gear. Select an application and click “Bulk Assign” in the action gear. Download unmatched records by selecting type as Unmatched and clicking the Download button. The file will be downloaded with two additional columns: “Service Account” and “Service Account Reviewer”. Enter “Yes” in the Service Account column to identify the unmatched credential as a Service Account and enter a Service Account Reviewer. Save the file and upload it to the Bulk Assign page. The service account count will be updated with the uploaded records. Review All: SoD – Separation of Duties To create an SoD Policy: Enter a policy name. If users other than Admin should receive policy violation notifications, add additional user emails. Filter the scope of the policy based on active and inactive users and additional SOR fields via the Identity Filter. Add a query to set the policy: Select applications and entitlements to define the policy query. Use Case 1: Users in application 1 with entitlements A or B cannot have access to application 2 with entitlement C, To set up the policy, select Application 1 and Entitlements A and B with Entitlement Operator as OR under First Duty. Select Application 2 with Entitlement C under Second Duty. Use Case 2: No one should have A access to application 1. To set up the policy, select Application 1 and Entitlement A under First Duty. Use Case 3: User with access to application 1 can’t have access to application 2. To set up the policy, select Application 1 and select all entitlements with OR operator under First Duty. Select Application 2 and select all entitlements with OR operator under Second Duty. To create an SoD Report: Enter a unique Report name. Select one or more policies to run the report against and display in the report. Select the frequency of the report – daily, weekly or monthly. Save the report. In addition to scheduled reports, a report can be run on-demand by selecting Run Report in the action gear. If Last Run Status is “In Progress”, the report may not be re-run. Once the status is success or failure, the report may be re-run. To view the report, select View in the action gear. If the Last Run Status is in “In Progress” status, the report may not be viewed. To generate a PDF report, click the Export button. Additional emails will be sent to users set up as “Additional Policy Notifications” when a policy was created. The report will be attached to the email. Email For example, the following file is attached to the Recipients List email below. Identities For example, a custom field will be imported in the CSV SOR import file titled “Custom Field” with a value of “Custom Data” for the first record. “Custom Field” has been mapped to “Employee Type”. After the import, on the People page, the Employee Type is populated with the value of column “Custom Field”, which is “Custom Data”. On the People page, Last Authentication column is now displayed. When creating a campaign template, the Advanced Identity filter can be selected to filter on Last Authentication Date. Last Authentication may be selected to filter users in the campaign. Connectors Campaigns
Version 2.351 (06/01/2022)
Last Updated: November 1, 2023Connectors When this new filter is selected, all roles, profiles and permission sets will be pulled into SecurEnds. Campaigns Access Request Roles
Version 2.349 (05/01/2022)
Last Updated: November 1, 2023Campaigns Connectors Identities Security Enhancements
Version 2.347 (04/01/2022)
Last Updated: November 1, 2023Campaigns Connectors Report SOR Import Technical Enhancements Ticketing System
Version 2.345 (03/01/2022)
Last Updated: March 4, 2022Campaigns Delegate Campaign functionality was added for all campaign types. This allows an administrator, campaign owner and manager to delegate the campaign to another user while the campaign is in “Open” status. A campaign can be delegated to 3 users using the “Delegate Campaign” button on the User Access Reviews Campaign page. The “Campaign Delegation” button is available by default to administrators and campaign owner. For managers, it’s controlled by a configuration. The system restricts managers from delegating a campaign that was delegated to them by another user. Added campaign creation date and actual closed date on Campaign Details page. Email Made improvements to Email Templates section to display templates in alphabetical order. Also removed unused email templates. Added delegation expiration date in the delegation email. Delegation Usability improvements to credential delegation which removes the need to select the application(s) when another credential delegation to be added. Connectors Made the sync status failure error messages easier to understand for AD, Azure AD, Gitlab, Github and Google Drive connectors. Added the ability to include groups and applications for OKTA connector. Made process improvements to Azure AD connector. Made process improvements to Workday connector.
Version 2.343 (02/01/2022)
Last Updated: February 2, 2022Campaigns Added a new “Assign Reviewer” button to all campaign types. This new button allows an administrator or campaign owner the ability to update the reviewer for any user while the campaign is in either the “Ready” or “Open” status. The “Assign Review” button has replaced the “Update Manager” button for a Manager based campaign. Flex Connectors Added new functionality for Flex Connectors to populate and show skipped record information. The skipped record functionality mimics the same logic for skipped record logic included for CSV file uploads. Ticketing Made process improvements to the Jira ticketing integration to allow assignment of tickets on close of a campaign, to either specific users or to a group within the integrated Jira application. Delegation Added the ability to set an expiration date to a Delegation. When the date is reached the delegation will be deleted. CSV Imports Made process improvements to handle larger CSV file imports Connectors Made process improvements to Okta connector. Made process improvements to ServiceNow connector. Made process improvements to Active Directory connector. Made process improvements to SuccessFactors connector. Made process improvements to the Slack connector. Made process improvements to the GitHub connector. Skipped Records Fixed an issue where the First Name column within a skipped record CSV was not displaying correctly. Administration Added a Generic Agent Health Status email configuration under “Default UI Configurations” that can be configured to send an email to the SecurEnds admin when Generic Agent status is down. Home Page Fixed an issue where all Open Campaigns were not being displayed in the “Latest Campaign” section of the Home Page. Campaign Exceptions Renamed the “Campaign Restrictions” tab within the left-hand navigation bar to “Campaign Exceptions” to represent functionality more accurately.
Version 2.342 (01/08/2022)
Last Updated: February 8, 2022Entitlement Custodian Added in the ability to bulk view and edit Entitlement Custodians for an application. A new column titled “Entitlement Custodian” has been added to the CSV export for updating Entitlements Custodians for an application. A valid email can be entered in the column to assign the proper Entitlement Custodian in bulk. Campaign Owner Added in new Campaign Owner functionality to all newly created campaigns. This is an optional feature to assign an owner of a campaign. This new assignment gives the users selected Admin level permissions to the campaign to review assigned reviewers and make updates. Ticketing Added the ability to not create an email or ticket if a campaign is marked as 100% approved. Email Audit Added the ability to export a CSV file from the data shown on the Email Audit Screen. Campaign Template Row counts no longer reset when clicking to view or select entitlements and closing out the window. Applications Added in SOR Status information to the export CSV for Application credentials. Connectors Made process improvements to Azure Active Directory connector. Made process improvements to Google Drive connector. Made process improvements to Slack connector. Made process improvements to GitLab connector. Made process improvements to the O365 connector. Made process improvements to the Salesforce connector. Made process improvements to the Oracle Data Base flex connector. Made process improvements to the SFTP/FTP flex connector. Updated issues with syncing multiple connectors at the same time resulting in errored out syncs. System of Record Fixed an issue where duplicate headers would be created in the People Tab when a System of Record connector is synced. Administration Updated tool tips for the Configuration Page under the Administration tab. Special Characters Added the ability handle the following character types within the name fields of Application Name, SOR Name, Campaign Template, and Campaign Name. The only allowed characters are: Alphabets a-z A-Z Numbers 0-9 Underscore _ Hyphen – Parentheses ( )
Version 2.340 (12/01/2021)
Last Updated: December 22, 2021System of Record Added the ability to delete an SOR application and all the users within if the users are not assigned to any applications or campaigns Delegation Added the ability to delegate a campaign from a user marked as terminated Connectors Added a new Out of the Box GFX connector Updated the Okta connector to bring in Last Login date if needed Made process improvements to the GitHub connector Made process improvements to the Gsuite (Google Workspace) connector Made process improvements to the Confluence connector Made process improvements to the Salesforce connector Access Request Added in an Approval Hierarchy to add in more customization in the Approval process for an application. Admins can now define multiple levels and the number of approvers needed at each level before a request can move to fulfillment. Added in the ability to setup an application that does not require approval or actions to automatically move the request to fulfillment Added in the ability to send a message to an Application Owner when a user is requesting removal of access Added in a new Access Requests view under the Audit tab that displays the audit history of all requests Added in a scroll bar to the Access Request Screen when multiple applications are added Added in a new red symbol to denote applications that are non-selectable Campaign Reviews Added in a “Last Login Date” column to display during a review
Version 2.338 (11/01/2021)
Last Updated: December 22, 2021Active Directory Connector Added in the ability to filter Active Directory data on Organizational Units (OUs) Workday Connector Added in the ability to bring in additional columns as additional data points for an SOR System of Record Added in the actions to Bulk Exclude, Bulk Restore, and Export Skipped Records for SOR Connectors Campaign Details Added in Closed Date, Launch Email, and Email Template data points to the details of a Campaign Campaign Launch Added in a requirement to select an Email Template if Launch Campaign email Notifications is set to “Yes” PDF Report Updated date formats to match throughout the report Email Template – Manager Reassignment Email Added a new Manager/Reviewer reassignment email template that is triggered when a reassignment is made during a campaign UI Updated Removed the green “Refresh Successful” banner when saving a campaign election Adjusted the redirect page once a campaign is created to be the securends.com/listOfCampaign URL Added a new Campaign Template column to the Campaign list table Added a new Campaign Completion Pop Up Screen and redirect when a user completes a review Added in SOR details for Application and Entitlement Custodian reviews Added in directional filter arrows to columns
Version 2.335 (09/28/2021)
Last Updated: December 22, 2021Campaign Review – Add SOR Status Column to Review All Screen SOR status for each user credential is displayed on Review All screen. Active Directory SOR Email Aliases During SOR import, alias emails are stored and mapped to default emails when users are created with default emails. Alias emails will be searched during the matching process for applications. Email Alias configuration currently only in scope for Active Directory. SOR Improvements – Ability to Delete a User from the People Tab Added the ability to delete a single user that is not part of an existing campaign. Copy Existing Campaign Templates Added the ability to copy an existing campaign template and save it under a new template name. Entitlements will be inherited from the parent but may be included or excluded in the new template. Access Request – Approval Delegation Added the ability to delegate approvals of access requests. Delegations may be added prior to or after a request has been made. Cancelled Access Request – Capture Who Requested Cancellation and Date/Time at Request Level in All Request Screen for Audit trail When an access request is cancelled, the All Request page will display who cancelled the request, date. and time of cancellation. Locked Account Changed the wording on the login page after too many failed login attempts. Business Justification Field Added a configuration to include a business justification text field when approving/revoking on the Reviews page and Review All page. This new field provides Justification for approvals that is edited and saved between campaigns by the reviewer. Campaign Deprovision Option – Azure AD Added the ability to deprovision access in Azure AD when access is revoked in a review. Bug Fixes Bugs were resolved
Version 2.333 (08/31/2021)
Last Updated: December 22, 2021Updated Error Messages and Success Messages Error and Success messages were updated for consistency Bulk Entitlement Description Update Allows Admins to bulk update the entitlement descriptions for an application Generic Agent Current Status When a Generic Agent Jar is used by an application, a Generic Agent status button will be displayed on the Home page, which routes to a status page when clicked. If the Generic Agent Jar is not used by an application, the Generic Agent status button will not be displayed. Campaign Reviews: Add Application Manager Review Application Manager Review functionality was added to be able to define different managers to review different applications that are not Entitlement Owners or Managers from the SOR. Campaign Reviews: Update the Review All screen Updated entitlement and credential display on Review All screen for better understanding. It now displays similar to Individual Reviews. Zendesk Connector Upgrade The Zendesk connector will now pull groups and roles. Salesforce Connector – Profile Exclusion Filtering Salesforce Connector was updated to offer profile, group and role exclusion Pentest Vulnerabilities Pentest Vulnerabilities were resolved Bug Fixes Bugs were resolved
Version 2.312 (5/9/2021)
Last Updated: November 1, 2023SecurEnds Product Engineering needs to perform scheduled maintenance from time to time in order to important updates to the core platform. This being an off-hours release we will ensure no users are logged in or no sync are underway. We are doing a scheduled release that will go into effect as of May 9, 2021 at 2:00 AM EST and will resolve the following items: Row Counts Exclude OR Delete Multiple Accounts System of Record SFTP Flex Connector Updates How this will affect your organization ? Going forward you will be able to notice reduced processing times for synching of connector applications and improvement of the performance of the tool. What you need to do to prepare ? No action is needed for the changes to take into effect.
Version 2.309 (4/25/2021)
Last Updated: November 1, 2023SecurEnds Product Engineering needs to perform scheduled maintenance from time to time in order to important updates to the core platform. This being an off-hours release we will ensure no users are logged in or no sync are underway. We are doing a scheduled release that will go into effect as of April 25, 2021 at 2:00 AM EST and will resolve the following items: SFTP Flex Connector Enhancements Generic Agent *Requires Latest Generic Agent v2.309 Out of the Box Connectors Audit Access Applications ServiceNow Row Counts Application Mindmap Entitlement Descriptions How this will affect your organization ? Going forward you will be able to notice reduced processing times for synching of connector applications and improvement of the performance of the tool. What you need to do to prepare ? No action is needed for the changes to take into effect. Please note the Generic Agent updates will not affect current installed Generic Agents as they will continue to operate as normal. Please work with you SecurEnds Point of Contact or submit a Service Desk ticket to learn more on how to have your Generic Agent updated to take advantage of the new enhancements.
Version 2.305 (4/12/2021)
Last Updated: November 1, 2023SecurEnds Product Engineering needs to be performing scheduled maintenance from time to time in order to perform important updates to the core platform. This being an off-hours release we will ensure no users are logged in or no sync are underway. We are doing a scheduled release that will go into effect as of April 12, 2021 at 2:00 AM EST and will resolve the following items : Campaign Reviews Email Audit Row Count Product Improvements UI Updates Campaign Reports Ticketing How this will affect your organization ? Going forward you will be able to notice reduced processing times for synching of connector applications and improvement of the performance of the tool. What you need to do to prepare ? No action is needed for the changes to take into effect.
Version 2.300 (03/29/2021)
Last Updated: November 1, 2023Enhanced Audit Reporting Campaign reports now have option to export as .PDF Exported PDF, contains additional summary information for each campaign, expanding on the information contained within the .CSV Audit Report File Note: PDF reports only generated for campaigns with “Closed” status ServiceNow Request ID Creation for Tickets Note: Feature works for existing and new applications Campaign Details Pop-up Changes Added Validation to Email Template Dynamic Variables Azure Active Directory Connector Enhancement Note: Must sync application after toggle to view results Added Error Handling when Deleting Applications or Templates with Associated Campaigns Added Entitlement Status Column in Application Export Added Bulk Exclude (unassign users) Feature + Application Management Functionality Type Both Matched Unmatched Application Name .csv* Download .csv* Download .csv* Download Consolidated and Improved Escalation Email Configuration Screen on Application Set Up
Version 2.272 (1/11/2021)
Last Updated: November 1, 2023Monthly release was deployed on January 11th, 2021. *Features shown may not be available in all active SecurEnds instances. Platform Improvements UI/Frontend Changes Request Audit Trail screen Campaigns Screen Pending requests All requests View Credential View Entitlements Screen Delegation Email Templates Email Audit Campaign Reports Access Review Campaign Open Campaign Applications System of Records Campaign Templates Credential Entitlement User Access Details View Entitlements View Credentials Backend Changes Data Ingestion Improvements Relating to Upload criteria within SecurEnds Relating to file uploads of Systems of Records (SORs) Field Name Required Can be blank Remarks Employee First Name ✓ ✗ No longer needs to be first column in the file Employee Middle Name ✓ ✓ Employee Last Name ✓ ✗ Employee Email ID ✓ ✗ Employee ID ✓ ✓ Manager Email ✓ ✗ Access Status ✓ ✗ Eg: Active, Terminated etc.. Employee Type ✓ ✗ Eg: Regular, Contractor etc..
