bathool
6 Docs
Q3 2024, Version 2.373 (10/01/2024)
Last Updated: November 26, 2024Campaigns Enhanced Auto-Close Campaign Feature Display Percentage Complete at Top of All Campaign Election Pages Campaign Close Confirmation to Include Campaign Name Delta Campaign with no changes Shown 100% Complete Additional Columns on Reviewer Pages Campaign Notes for Credential and Entitlement during Revoke Process Application Clone a SOR as an Application Connectors Bitbucket – A New Connector Active Directory – Employee ID Flag is Now UI Level Config SOR Connectors – Exclude Employee ID Through Config Snowflake Connector – Additional Functionality FlexFolder Connector – Custom Configuration Options Credential Updates Application Credential is Purged Un-assign From the People Identity SOR People Identity is Purged Un-assign From All Applications Matching Logic Admin Can Now Assign an Unmatched Credential Audit Logging Audit Trail of Application Config Change Captures Additional Details Messaging Slack & Teams – Launch Campaign Message Directly Sent to User Instead of Channel Ticketing SNOW – For Scripted API method Table Name is Configurable JIRA – Issue Type is Configurable Report Add additional Columns to Users Report Campaigns Enhanced Auto-Close Campaign Feature Instead of triggering the auto-close feature once the 100% completion threshold is reached, this functionality is enhanced to wait until the end date of campaign before closing the campaign automatically. This ensures that admins have sufficient time to make any necessary changes before the campaign closure. However, it is configurable to close the campaign immediately or wait till campaign end date. Display Percentage Complete at Top of All Campaign Election Pages Campaign progress percentage is shown at top-right of review screens with fill colour indicating the overall progress (akin to traffic-light red-yellow-green) This is how it looks when 100% complete As campaign progresses, percentage complete is shown in yellow as below- Campaign Close Confirmation to Include Campaign Name With this change User can be doubly sure that they are closing the correct campaign, as Campaign Name is shown in the Campaign close confirmation popup. Customer suggested and we listened. Delta Campaign with no changes Shown 100% Complete Progress of a Delta campaign with no changes/elections to be made, is changed to 100% immediately on launch of campaign, thus helping UAR admin in campaign management. Additional Columns on Reviewer Pages Two new columns “SOR Email” and “HR Status” is available on the UAR Campaign screen. This additional information would help expedite review process for manager with large number of reportees. Campaign Notes for Credential and Entitlement during Revoke Process Today when Credential is revoked all corresponding Entitlements are revoked automatically by the application. As part of this enhancement whenever credential is revoked and user provides notes, the same Notes is applied and displayed to associated entitlements as well. Application Clone a SOR as an Application Earlier SOR was allowed to be included in a campaign. In an earlier release, we removed and made to only include Applications. Hence if same HR system is required for Credential reviews user had to duplicate that as an Application. With this enhancement a user can decide to clone a SOR as an Application during creating the SOR itself. Configuration for cloning the SOR as an Application SOR & Application Created Connectors Bitbucket – A New Connector Securends is expanding its Out-of-the-Box integration with addition of this new connector with Bitbucket. Bitbucket connector will pull project permissions as entitlements with format : {Project Name} – {Permissions} Navigate to Applications->Add->Data Ingestion = Connector. Select Bitbucket Connector. Add connection details and mapping. Active Directory – Employee ID Flag is Now UI Level Config Employee ID field while using Active Directory can be mapped to different incoming fields. However this mapping had to be done in database with the help of support team. With this enhancement the mapping is now available in the SOR/Application screens for AD Connector. This also gives flexibility to have different mapping for different AD. SOR Connectors – Exclude Employee ID Through Config During connector sync of a SOR, if the source system had employee ID data, Securends ingested that attribute. This affected how records are added to People and updated. In some cases the employee id attribute in the source system was used for other reasons than as a unique value. With this release by providing an additional configuration option, API need not always ingest the employee ID attribute. This option at SOR connector level, gives freedom to clients to pull employee ID from one SOR and not from another SOR. Snowflake Connector – Additional Functionality Currently, from Snowflake Integration, Securends application was pulling Single/Default Role of user in data sync. However users can have multiple roles in Snowflake. Securends integration with Snowflake is now improved to pull all the Roles of user (Default Role + Granted Roles) FlexFolder Connector – Custom Configuration Options Similar to SFTP or Cloud Storage flex connectors, FlexFolder is a helpful way to automate ingesting data through CSV automatically. We are now making FlexFolder more configurable so that customer can provide their own mapping instead of having to follow the default header names in the CSV. Credential Updates Application Credential is Purged -> Un-assign From the People Identity This feature is part of Securends plan of improving the product continuously for better user experience. When status of a credential moves to purged in any application, earlier our guideline to admins was to manually unassign credential from respective user/identity. This enhancement automates this step reducing manual user intervention. SOR People Identity is Purged -> Un-assign From All Applications Similar to the previous enhancement, this enhancement automates un-assigning purged identities. When an identity/Credential is purged in any SOR (only if the identity is matched automatically) Matching Logic Admin Can Now Assign an Unmatched Credential Fuzzy logic is great. But for those unmatched credentials, this feature reduces number of clicks to search for an identity and assign. When user navigates to fuzzy match screen(Application –> Credentials –> Match) and when there are no results(empty table) displayed for Fuzzy match and user clicks on ‘Assign Button’, now here itself we display Assign Credential popup for user to search and assign....
Q2 2024, Version 2.372 (7/01/2024)
Last Updated: November 26, 2024Campaigns Added Ability to Assign a Manager’s Direct Reports to a New Reviewer at One Time Applications NEW Flex RPA Connector NEW Microsoft Dynamics Business Control Connector NEW Paylocity Connector Updated Match Logic Emails Added Optional “Reply To” Field and Header to Email Configuration Ticketing Added Ability to Configure Columns in the CSV Sent for Ticketing and Email Provisioning Improved Display Fields in CSV and Reordered Columns NEW – Deskpro Ticketing Added a New Configuration to Service Now Ticketing to Pull Assignee from “Display Name” Platform Modernization Java Upgrade Campaigns Added Ability to Assign a Manager’s Direct Reports to a New Reviewer at One Time SecurEnds has made it easier to delegate a manager’s direct report reviewers to another reviewer. We have added “SOR Manager Email” as an option for credential delegation. When selected, users may search for a manager’s email and then select the direct reports that should be assigned to a new reviewer. A Credential Delegation Audit Trail will track the delegation. Navigate to Access Review->Delegation. Select Credential Delegation in the dropdown and select applications. Select SOR Manager Email in the dropdown, then search for a manager and select. Select direct reports to reassign in the Direct Report dropdown and then enter the new reviewer in Assign Reviewer. Then click SAVE. The reviews previously assigned to the manager’s direct reports will now be assigned to the user in Assign Reviewer. Applications NEW Flex RPA Connector The RPA (Robotic Process Automation) connector revolutionizes the extraction of entitlement data from a multitude of applications without an API. This connector was introduced in a limited release and is now available to all in this Q2 wider release. Navigate to Applications, click ADD button. Select Flex Connector radio button. Enter name and select Flex RPA. Click Save and follow the instructions in our Flex RPA Users Guide. NEW Microsoft Dynamics Business Control Connector We have added the Microsoft Dynamics Business Control Connector that will pull users and permissions and be available as an SOR or Application. Navigate to Applications->Add. Select Connector radio button and search for “dynamics”. Select the Dynamics 365 Business Central Connector. Add connection details. NEW Paylocity Connector The new Paylocity Connector may be used as an SOR or application and will pull users. We currently only support one Company ID. Navigate to Applications->Add. Select Connector radio button and search for “paylocity”. Select the Paylocity Connector. Add connection details and Save. Updated Match Logic SecurEnds has updated our application match logic to handle specific customer use cases. When syncing and matching, all credentials will be unassigned and all identities will be terminated when an SOR is disabled. Emails Added Optional “Reply To” Field and Header to Email Configuration We have added the option to set the “Reply To” field as a different address than the login email address. It will show as a header in all SecurEnds emails. When “Reply To”, the email will be forwarded to this address. Navigate to Configuration->Email Settings->Setup Enter “Reply To” address in Configuration. Ticketing Added Ability to Configure Columns in the CSV Sent for Ticketing and Email Provisioning Improved Display Fields in CSV and Reordered Columns A new configuration was added to specify which columns should be displayed in the Ticketing and Email CSV attachment. Navigate to Administration->Configuration->Ticketing System for Access->Configurations. Search for EXCLUDE_COLUMNS_FROM_TICKETING_SYSTEM_ATTACHMENT and select Update in the action gear. To include all columns, enter No. To specify columns to include, enter each column header separated by commas. In this example, the following columns are excluded: entitlement description, entitlement DN, notes, termination date, Business justification The excluded columns are not displayed in the CSV attachment. For Manager Elections, we will display “App Credential – <credential value>” on the Ticketing and Email CSV attachment. Columns will be displayed in the following order: NEW – Deskpro Ticketing SecurEnds is now able to send tickets via Deskpro To configure Deskpro, navigate to Configuration->Ticketing System for Access Review. Select “Set Up”. Select “Deskpro” in Ticketing System dropdown and enter connection details. When setting up applications, select “Deskpro” for ticketing. Added a New Configuration to Service Now Ticketing to Pull Assignee from “Display Name” By default, SecurEnds will pull Assignee from the “Name” field in Service Now. An option has been added to pull Assignee from the “Display Name” field. This configuration is in the application property file. If this change is desired, request a property file change from your Implementation Consultant. Platform Modernization Java Upgrade Adhering to industry best practices is important to SecurEnds so we are continually upgrading our IT platform. In this release we have upgraded Java to version 17 and Spring Boot to version 3.2.1.
Q1 2024, Version 2.371 (4/01/2024)
Last Updated: November 26, 2024Campaigns Added SOR Last Sync when Creating a Campaign Added the Ability to Change the Background Color of Campaign Instructions Added the Ability to Define the Quarter Date Range for Historic Campaigns Applications Added Ability to Copy Existing Applications Added “Type” column on SOR and Application Pages Added Export on the Application Entitlements Page Added “Status” column on Entitlement Credential Page Added a “Test Connection” Button when Creating an Application to Test Connectivity Add Capabilities of SFTP Flex SORs to CSV SORs Box Cloud Storage Connector – New Connector Reports Added Entitlements to the User Report Added Application and User Status Filters to the User Report Added Ability to Send User Report to AWS or Box Send Terminated Reviewers Report after SOR Sync Rather Than Daily Job Email Notifications Test Email Connection Prior to Sending Launch and Manual Reminder Emails Administration Configurations Consolidated Campaign, Ticketing and Email Configurations Campaigns Added SOR Last Sync when Creating a Campaign SecurEnds has added a configurable option to display the latest SOR sync date and time when creating a campaign. Navigate to Configuration->Campaigns->Configurations. Set INCLUDE_SOR_SYNC_ON_CAMPAIGN_ADD to true. The default value is true. Navigate to Campaigns->Add. Select a campaign template. The list of all SORs with will be listed with their last sync date and time. Added the Ability to Change the Background Color of Campaign Instructions The background color can be green(default), white, red, blue or yellow. Navigate to Configuration->Campaigns->Instructions/Notes. Select the background color from the dropdown. The instructions will display the color selected. Added the Ability to Define the Quarter Date Range for Historic Campaigns We have added the ability to define Quarter 1 to begin on any month of the year. Previously, Q1 was always defined as January, February, March. Now, users have the ability to set when Q1 begins and subsequently the following quarters. Navigate to Configuration->Campaigns->Configurations. Set QUARTER1_STARTING_MONTH to any number between 1 and 12. For example, if enter 2, then Q1 will begin with February. Q1 will be February, March, April. Q2 will be May, June, July, etc. Navigate to Historic Campaign and select the Quarters dropdown. The quarters will be define based on the selected starting month. Applications Added Ability to Copy Existing Applications Users are now able to copy applications. The configuration details will be replicated, only requiring a new name for the new application. This feature is only available for Applications, not SORs. Navigate to Applications and select “Copy” in the action gear. Enter a new application name. The remaining fields will all be replicated from the original application. Filtering may be updated. Added “Type” column on SOR and Application Pages We have added a “Type” column on the SOR and Application pages which will allow users to filter by Type. Navigate to Applications or System of Record. Enter type of application to filter. Added Export on the Application Entitlements Page On the Application Entitlements page, users are now able to export a list of all Active Entitlements and the associated active (not purged) Credentials. Navigate to Applications->Entitlements. Select Export button. Entitlements with the associated credentials will be listed in the Export. Added “Status” column on Entitlement Credential Page SecurEnds has added a credential status column on the Entitlement Credential page to inform users if the credential is Matched, Unmatched, Excluded, Service Account or Deleted. Navigate to Applications->Entitlements->Credentials Added a “Test Connection” Button when Creating an Application to Test Connectivity Added a “Test Connection” button to our most popular connectors to confirm connectivity when creating an application. No need to wait to sync an application to confirm connectivity. Connectivity can be tested when creating the application without retrieving data. Navigate to Applications->Add->Connector->Azure AD After entering Configuration Details, click the Test Connection button. When invalid credentials are entered, an error will display. Add Capabilities of SFTP Flex SORs to CSV SORs CSV SORs function the same as the SFTP Flex Connector. Previously, the UI counts only displayed Total People and Skipped records. Now, the UI counts also display the number of credentials that are matched, unmatched, purged and skipped. When deleting an SOR, the identities in People should be deleted. The following actions are available in the action gear: Sync, Update, Delete, Import, Entitlements, Credentials, Export, Schedule Export, Custodian, Disable, Bulk Assign, Bulk Exclude and Bulk Restore, Export Skipped Records, Sync Status, Details, View Audit Trail. Box Cloud Storage Connector – New Connector We have created a new connector to expand the SFTP connector capabilities. This new connector gives users the ability to use SFTP but connect to a Box file repository. Navigate to Applications->Add->Data Ingestion = Flex Connector. Select Cloud Storage Connector. Select Box in Host dropdown. Add connection details and mapping. Reports Added Entitlements to the User Report Added Application and User Status Filters to the User Report Users now have the option to display the User Report with or without entitlements. Users also have the ability to filter the User Report by Application and User Status in an Application. Navigate to Users Report. To include entitlements, check “Include Entitlements” or de-select to exclude entitlements. The default is unchecked, do not include entitlements. Select filters for Applications and User Status in Application. When setting up a scheduled User Report, users may choose to include or exclude Entitlements. Added Ability to Send User Report to AWS or Box Scheduled Users Report may now be sent to an AWS or Box repository in addition to SFTP. Navigate to Administration->Configuration->Users Report Schedule Select Export Method = SFTP, AWS or Box Send Terminated Reviewers Report after SOR Sync Rather Than Daily Job When configuration IS_EMAIL_TERMINATED_REVIEWERS_NOTIFICATION is set to true, an email report of terminated reviewers will be sent. Previously, this report was sent daily. Now the report will be sent when the SOR is synced. Navigate to Configuration->Default UI Configuration-> IS_EMAIL_TERMINATED_REVIEWERS_NOTIFICATION. Set the value to true. When an SOR is synced, the report will be run and an email will be sent if there are terminated users. Email Notifications Test Email Connection Prior to Sending Launch and Manual...
Version 2.369 (01/01/2024)
Last Updated: November 26, 2024Campaigns Added the Ability to Create Hierarchical Campaigns Added the Ability to Send Additional Escalation Emails to Upper-Level Management Added the Ability to Include BCC in Emails Added Fields to the Fuzzy Match Page Applications AWS Cloud Storage Connector – New Connector On-Prem Jira Connector – New AWS IAM Identity Center Connector – New AWS Cloud DB Connector – New Ultipro (UKG) Connector – Updated AD Connector – Show Nested Entitlements by Default Workday Connector – Improved Failure Messaging WebAPI Connector – Added Support for Oauth 2.0 Access Request/Identity Lifecycle Management Added a Configuration to Be Able to Request Access for Any Application, Regardless of Group Assignment Improved Request Access UI Added the Ability to Request All Application Types Audit Trail Added an Audit Trail for Administration Configurations Ticketing/People Added Ticketing for ManageEngine ServiceDesk Added the Option to Use the Two-Step Checkout Model in Service Now Request Security Upgraded to Latest MySQL Version 8.0.34 Added Captcha to Login Page Campaigns Added the Ability to Create Hierarchical Campaigns This feature enhances campaigns by providing the ability to create multiple levels of approval. After the initial review process, the campaign may be reviewed by two additional reviewers before completing the campaign. When each review level is 100% complete, the review will automatically be sent to the next level of reviewers. The 2nd or 3rd level reviewers may be the Direct Manager (if not reviewed by Direct Manager at the 1st level), Reviewer’s Manager or an Alternate Reviewer. The 2nd and 3rd level reviewers will see the elections made by the previous reviewer. They may choose to keep the election made by the previous reviewer or change it. Once a campaign level is complete, it moves to the next level reviewers. The previous reviewers may not view the campaign at that point. 2nd and 3rd level reviewers will be notified via email when the previous level is complete and the campaign is ready to be reviewed at their level. 2nd and 3rd level reviewers must select “Complete Campaign Level” on the Open Campaigns page when they have completed elections. When all reviewers have selected “Complete Campaign Level”, the review will move to the next level reviewers. Administrators will have the ability to move the campaign to the next level of reviewers, even if the elections are not 100% complete. To create a Hierarchical Campaign, navigate to Campaigns->Add. Select the first level campaign reviewer. Select Hierarchical Review = Yes, and select the 2nd level reviewer. To select a 3rd level reviewer, click “+ Add Additional Level” Select a 3rd level reviewer. Reviewers will see the hierarchical review by clicking “Open & Completed Campaigns” To perform the review, reviewers select “Continue Review”. When all elections are made, the Reviewer should select “Complete Campaign Level”. When all Reviewers have completed the level, reviews will automatically be sent to the next level Reviewers. Administrators may select “Complete campaign Level” on the Campaigns action gear to move to the next level even though all reviewers have not selected “Complete Campaign Level” and elections are not complete. Added the Ability to Send Additional Escalation Emails to Upper-Level Management When reviewers have not completed reviews by the end date, an escalation email may be sent to their direct manager. We have added the ability to also send an additional email to the manager’s manager or anyone else when the reviews are not complete. Navigate to Campaigns->Add. Select “Send escalation email to reviewer’s manager”. Check “Send additional escalation emails”. Select to send email to the next level manager or another person. Also select when to send the email based on the number of days before the end date. Added the Ability to Include BCC in Emails We have added the ability to add a blind carbon copy in all emails. When the BCC field is entered, all emails sent from SecurEnds will also be sent to the BCC. Navigate to Configuration->Email Configuration->Setup. Add an email address in the BCC field. Added Fields to the Fuzzy Match Page On the Fuzzy Match page, SecurEnds is now displaying columns for HR Status and Manager Email. Navigate to Applications->Credentials->Unmatched Credential->Match Applications AWS Cloud Storage Connector – New Connector We have created a new connector to expand the SFTP connector capabilities. This new connector gives users the ability to use SFTP but connect to an AWS file repository. Navigate to Applications->Add->Data Ingestion = Flex Connector. Select Cloud Storage and add connection details and mapping. On-Prem Jira Connector – New SecurEnds now supports On-Prem Jira. Navigate to Applications->Add->Data Ingestion = Connector. Select Jira. In Configure Application, select Instance Type = On Premise. Add connection details and mapping. AWS IAM Identity Center Connector – New SecurEnds has built an AWS IAM Identity Center/AWS SSO Connector. Any SSO may be configured to add users and groups to the AWS IAM Identity Center. SecurEnds will pull users as credentials and groups and permission sets as entitlements from the AWS IAM Identity Center. Navigate to Applications->Add->Data Ingestion = Connector. Select AWS IAM Identity Center. Add connection details under Configure Application. AWS Cloud DB Connector – New SecurEnds has added a new connector to pull from an AWS Cloud DB. This connector will utilize an access token for authentication. Navigate to Applications->Add->Data Ingestion = Flex Connector. Select Cloud DB. Add connection details. Ultipro (UKG) Connector – Updated Improvements have been made to the Ultipro(UKG) Connector. Tooltips were added to the Configuration label.s and Last Authentication Date is now displayed. Role and it’s description details are shown on the Application Entitlement page. Employee Title, Job Title and Department with their associated descriptions are shown on the People page. We have added the ability to map employeeType to any key by specifying it in the Configure Application section. Navigate to Applications->Add->Data Ingestion = Connector. Select Ultipro. Enter connection details. AD Connector – Show Nested Entitlements by Default For the AD Connector, SecurEnds will always show “Include Nested Entitlements” with a default of No. Previously, in order to include Nested Entitlements, the...
