Release Notes August 2024

Here's a glimpse of what you can expect to see in Clarity with our latest update.

If you only read one thing: New "Auditor" role provides read-only access to key review and reporting data.

Headline Update: New Auditor Role!

Clarity has always believed that IGA encompasses both compliance and security, and supporting the audit process has always been front and center for us.  We realized that auditors are looking for specific things from IGA solutions, and don’t need or want full admin permissions, or to wait on IT to respond to their data requests.

Now it’s possible to have internal (or external if you are brave) auditors access Clarity directly to run reports, review in flight reviews, and export needed data for audit proofs.

To use this, add the "Auditor" entitlement to an identity in Clarity to grant read-only access to most areas, including Access Reviews and Reports, plus data export capabilities.

Identities -> Select an Identity -> Manage Access -> Add the “Audit” Clarity Entitlement

Download and Upload File Size Improvements

• It’s now possible to export very large (read millions of items) User Access Reviews (UARs) and report results.

• It’s now possible to upload very very large files (Gigabyte plus) from AWS services like (S3, SES, SQS).  The previous limit was 10MB files.
  

Access Review Improvements

Access reviews are the bane of most (other) IT teams' existence, and the light Clarity can bring to the world is making them better, one small feature at a time.  We’ve continued to invest in our access review process.

• Managers can now be assigned as default reviewers in access reviews (not just admins), making it easier to assign review work to the right person for good outcomes

• New "Refresh Pending Remediation" button allows on-demand checks for remediation status, enabling proactive finalization of reviews

• Added "Approve without reconciliation" option for unreconciled service accounts during reviews, allowing reviewers to preserve accounts that they know are required, without forcing a reconciliation step that could be handled elsewhere.

• Tags is now available for all access review types using the “custom inclusion filter” option

New Connectivity and App Management Updates

• We’ve redesigned Connector Marketplace and Connected Apps interface for better usability and at-a-glance information (We really like the active user count on the app)

• Info section for key details about applications

• Active user count for each connected app

• New connector for Oracle Cloud Fusion ERP (read-only, for Access Reviews).

• Okta connector now supports nested entitlements.

• Multi-domain AD integration now supports nested entitlements across domains

Better Service User/Machine Identity Management Options:

It’s now possible to move service users between identities (by changing their owner) or create new identities from previously reconciled service users.  Service users are becoming a more important part of IT infrastructure (remember, every GPT bot you chat with has an identity and access to go with it) and we are making it easier to ensure that those identities are correctly owned/managed and their access is reviewed.

Important Bugs Resolved:

• Oracle Cloud Identity Domain would create duplicate (friendly) entitlement names, appearing as duplicate data.  Entitlement naming has been improved to ensure unique entitlements appear unique.

• Saved reports based on the “All Service Users” report were inaccessible

• Access reviews with a mix of reconciled and unreconciled accounts would not correctly show user identifiers in the review interface

• Review item owners can no longer reject items and re-assign the items to themselves to avoid external review

• SoD policy conflict tags could impact entitlement syncs causing sync failures

• Adding/Removing entitlements from roles would show as “system” role changes instead of the appropriate named account

• Intermittent Sync Failures causing “hangs” vs fail and retry.

• AD primary group membership not included with “additional” group membership
  
  

Thanks for reading and keep an eye out for the next round of updates we'll be announcing this time next month.