Release Notes June 2024

Here at Clarity, we have been working hard to get some product improvements out the door and into your hands. This month, we've tackled new permissions, enhanced support for multi-domain AD environments, performance improvements, and a couple key UX optimizations.

Feature Highlight:

New Read-Only Role Allows Self Service for Audit Teams!

In addition to "admin" and "end user" privileges, we have now added the "read only" privilege.

• Description: Users who may not need configuration or change settings (ie internal auditors, executives, etc.) can now be onboarded and granted "read only" permissions, which allows them access to the data and reports they need.

• Why it matters: These stakeholders can now be trained to pull their own reports without violating essential IGA policies. This is a major win for Compliance/GRC/audit teams that typically rely on IT to provide all data.

More New Features

Support for Multi-Domain AD Environments Using Foreign Principals

As your AD Domain admin might tell you, LDAP will not return the parent entitlement in a multi-domain trusted environment when querying a foreign security principal, it only returns the details of the FSP itself. This can result in over-provisioned nested access, and lack of visibility to who has access to what, or requires manual inspection of AD hierarchy to inspect what access is granted, which isn’t feasible for large AD forests.

For example, if a group (or nested group) grants sensitive access through a FSP (like the diagram above), it’s not possible to query that nested access on Domain A.

• Description: Clarity now supports reconciling those nested entitlements with the owning identities, a huge improvement for access reviews in complex AD environments!

• Why it matters: Better access reviews and visibility in complex AD environments

If you have a multi-domain AD trust environment leveraging foreign security principles and would like to learn more, please contact your implementation specialist.

On-Premises Sync Performance Improvements

It’s now possible to sync via SQS

• Description: We've reduced the number of API calls required to on-premises systems, improving sync performance

• Why it matters: Improved UI performance because of the reduction in database load.  This is an optional setting, but recommended.

Access Reviews: A Better User Experience

• Description: We've introduced an easier way to see your completed review items with the addition of a "hide completed" toggle option, located in the upper right of every review. (See image above) + When reviewing items out of order, Clarity will now keep your place so you can now continue your review seamlessly.

• Why it matters:  Faster review completion means BETTER reviews, and more time for other important security efforts.

Resolved Bugs

We take bugs pretty seriously here, and aim to eradicate them quickly. Below are some issues that we have now resolved:

1. Github Deletion of users would return errors, even if operations were successful

Resolution: Operations will continue to succeed, but without errors

2. Entitlements were being duplicated during on-premises and custom API syncs due to intermittent “out of order” processing of changes

Resolution: Sync processing order is now enforced, no duplicate entitlements will be generated and previously generated duplicate entitlements have been removed.

3. Identities were not correctly linked to nested entitlements for deep nesting (more than one level). This was localized to “intermediate” entitlements, meaning if:

   • Integration A had federation with Integration B

   • Integration B had federated with Integration C

   • Some of the entitlements within Integration B would not display all of the identities that had the access.

Resolution: Entitlements are now correctly linked to identities, even for deep nesting/federated access.

We hope that these changes help to elevate your experience with Clarity, and can't wait to show you the progress we've made by this time next month.