Release Notes August 2024
- 29 Jul 2024
- 3 Minutes to read
- Print
- DarkLight
- PDF
Release Notes August 2024
- Updated on 29 Jul 2024
- 3 Minutes to read
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Here's a glimpse of what you can expect to see in Clarity with our latest update.
If you only read one thing: New "Auditor" role provides read-only access to key review and reporting data.
Headline Update: New Auditor Role!
Clarity has always believed that IGA encompasses both compliance and security, and supporting the audit process has always been front and center for us. We realized that auditors are looking for specific things from IGA solutions, and don’t need or want full admin permissions, or to wait on IT to respond to their data requests.
Now it’s possible to have internal (or external if you are brave) auditors access Clarity directly to run reports, review in flight reviews, and export needed data for audit proofs.
To use this, add the "Auditor" entitlement to an identity in Clarity to grant read-only access to most areas, including Access Reviews and Reports, plus data export capabilities.
Identities -> Select an Identity -> Manage Access -> Add the “Audit” Clarity Entitlement
.png?sv=2022-11-02&spr=https&st=2024-10-05T13%3A15%3A23Z&se=2024-10-05T13%3A25%3A23Z&sr=c&sp=r&sig=ecxP1JBO2KXth5ay6%2BEA662Z%2Ftm%2FDk%2BwjFm%2Btk%2Bw49o%3D "image(461).png")
Download and Upload File Size Improvements
It’s now possible to export very large (read millions of items) User Access Reviews (UARs) and report results.
It’s now possible to upload very very large files (Gigabyte plus) from AWS services like (S3, SES, SQS). The previous limit was 10MB files.
Access Review Improvements
Access reviews are the bane of most (other) IT teams' existence, and the light Clarity can bring to the world is making them better, one small feature at a time. We’ve continued to invest in our access review process.
Managers can now be assigned as default reviewers in access reviews (not just admins), making it easier to assign review work to the right person for good outcomes
New "Refresh Pending Remediation" button allows on-demand checks for remediation status, enabling proactive finalization of reviews
Added "Approve without reconciliation" option for unreconciled service accounts during reviews, allowing reviewers to preserve accounts that they know are required, without forcing a reconciliation step that could be handled elsewhere.
Tags is now available for all access review types using the “custom inclusion filter” option
New Connectivity and App Management Updates
We’ve redesigned Connector Marketplace and Connected Apps interface for better usability and at-a-glance information (We really like the active user count on the app)
Info section for key details about applications
Active user count for each connected app
.png?sv=2022-11-02&spr=https&st=2024-10-05T13%3A15%3A23Z&se=2024-10-05T13%3A25%3A23Z&sr=c&sp=r&sig=ecxP1JBO2KXth5ay6%2BEA662Z%2Ftm%2FDk%2BwjFm%2Btk%2Bw49o%3D "image(462).png")
.png?sv=2022-11-02&spr=https&st=2024-10-05T13%3A15%3A23Z&se=2024-10-05T13%3A25%3A23Z&sr=c&sp=r&sig=ecxP1JBO2KXth5ay6%2BEA662Z%2Ftm%2FDk%2BwjFm%2Btk%2Bw49o%3D "image(463).png")
.png?sv=2022-11-02&spr=https&st=2024-10-05T13%3A15%3A23Z&se=2024-10-05T13%3A25%3A23Z&sr=c&sp=r&sig=ecxP1JBO2KXth5ay6%2BEA662Z%2Ftm%2FDk%2BwjFm%2Btk%2Bw49o%3D "image(464).png")
New connector for Oracle Cloud Fusion ERP (read-only, for Access Reviews).
Okta connector now supports nested entitlements.
Multi-domain AD integration now supports nested entitlements across domains
Better Service User/Machine Identity Management Options:
It’s now possible to move service users between identities (by changing their owner) or create new identities from previously reconciled service users. Service users are becoming a more important part of IT infrastructure (remember, every GPT bot you chat with has an identity and access to go with it) and we are making it easier to ensure that those identities are correctly owned/managed and their access is reviewed.
Important Bugs Resolved:
Oracle Cloud Identity Domain would create duplicate (friendly) entitlement names, appearing as duplicate data. Entitlement naming has been improved to ensure unique entitlements appear unique.
Saved reports based on the “All Service Users” report were inaccessible
Access reviews with a mix of reconciled and unreconciled accounts would not correctly show user identifiers in the review interface
Review item owners can no longer reject items and re-assign the items to themselves to avoid external review
SoD policy conflict tags could impact entitlement syncs causing sync failures
Adding/Removing entitlements from roles would show as “system” role changes instead of the appropriate named account
Intermittent Sync Failures causing “hangs” vs fail and retry.
AD primary group membership not included with “additional” group membership
Thanks for reading and keep an eye out for the next round of updates we'll be announcing this time next month.
Was this article helpful?
