SGNL Release Notes

Bug Fixes

• Fixed an issue where some Azure AD group memberships were not being successfully evaluated during access evaluations, leading to access deny decisions

Bug Fixes

• Fixed an issue were Salesforce entities were not matching against the access service in some situations
• Fixed an issue where the jurisdiction ID was not showing up in the Admin -> Environment page

Bug Fixes

• Fixed an issue where identifers were not persisting during Policy Snippet creation
• Fixed an issue where attributes may have been duplicated in the creation experience

Systems of Record

• Datasources are now called Systems of Record, to better reflect their importance in policy decision making
• SGNL now supports OAuth2 when integrating with Okta as a System of Record

Protected Systems

• Integrations are now called Protected Systems, to better reflect the array of systems that can use SGNL for policy decisions

Policy Lens

• Users can now specify IP address as a query parameter in a Policy Lens request

Bug Fixes

• Fixed an issue where ingestion sync settings for a datasource were not being applied to its entities
• Fixed an issue where some access checks were returning a 500 Internal Server Error for valid access requests

Access Service

• It is now possible to resolve IP Addresses sent in Access Requests to Cities, Postal/Zip Codes, States/Regions, and Countries

Policies

• Policy Snippets can now include conditions to evaluate whether a given principal is making a request from a specific location

Bug Fixes

• Fixed an issue with ingestion of entities from datasources

Access Service

• Support for validation of the page token sent by the user to the SGNL Search API
• Similar to the Access API, the Policy Lens API now accepts principal IP address and principal device ID as parameters

Policies

• A preview of the applied Policy Version can now be reviewed when investigating with Policy Lens
• Previews of Policy Versions can now be reviewed in the version history of a Policy

Bug Fixes

• Fixed an issue with ingestion of Okta entities where only the first page was being ingested

Policies

• Access Analyzer is now called Policy Lens, providing deep understanding of the policies applied to integrations and enabling granular debugging
• Policy Lens now provides visibility into individual snippets that were evaluated as part of the policies that were evaluated, enabling deep understanding of policy components

Policies

• Support for validation of lists of objects in Snippets

Access Service

• Support for the SGNL Search API [Learn More]

Bug Fixes

• Fixed an issue with ingestion of ServiceNow entities across multiple pages

Data Sources

• Support for Jira as a Data Source [Learn More]

Bug Fixes

• Fixed an issue with ingestion of ServiceNow entities across multiple pages

Administration

• Added support for deletion of more entity types in SGNL, including SGNL User entities and Relationships

Bug Fixes

• Fixed an issue where an error was not properly returned when a PATCH was attempted against an invalid path

Policies

• Enabled Snippets to be created and managed in the SGNL UI

Bug Fixes

• Fixed an issue where the service would sometimes return 500 errors if the request to the service was badly formed

Bug Fixes

• Fixed an issue where the same request to the Access Service multiple times may be treated differently

Bug Fixes

• Improved validation in Policy Snippet Versions
• Fixed an issue with metrics

Data Sources

• Custom Relationships can now be named by a SGNL Administrator

Bug Fixes

• Improvements to SGNL Metrics for Data Sources and Policy Evaluation

Data Sources

• Optimized ingestion for large data sets from all Data Sources
• Azure AD onPremisesSecurityIdentifier can now be used as an identifier in Integration Request Config

Access Service

• API Documentation for the Access Service has been improved [Learn More]

Bug Fixes

• Snippet creation would sometimes return a 500 error if the request was malformed, it will now provide guidance based on validation parameters

Access Service

• Added EvaluationDuration to Access Service response, to inform evaluation time for a set of access queries

Administration

• New look-and-feel for the SGNL Console sign-in page
• Added more types of error logs
• Improved the experience for creating Policies and SNippets

Policies

• Enabled Policies to be copied into a new version from the latest

Data Sources

• Improved Event Logs for Azure AD Group synchronization
• Improved Curity User synchronization

Bug Fixes

• A number of fixes to improve Azure AD synchronization performance

Data Sources

• Added support for filtering Curity Users

Bug Fixes

• Minor bug fixes to improve SGNL configuration

Administration

• Enabled Just-In-Time creation of users when signing-in via OpenId Connect

Data Sources

• Improved error messages in SGNL Event Logs when Data Source synchronization was not successful
• Added support for filtering the Azure AD entities (Users and Groups) that flow into the SGNL Graph
• Improved configuration experience for Okta and Azure API Management

Policies

• Policy Snippets are now validated to ensure they can be evaluated prior to a new version being created

Bug Fixes

Fixed an issue where the ingestion of large payloads from Data Sources could cause synchronization to fail

Administration

• Enabled Just-In-Time creation of users when signing-in via OpenId Connect

Data Sources

• Specified a mandatory set of attributes for configuring any Data Source in SGNL
• Sensitive data is now obfuscated after inactivity

Bug Fixes

• Fixed an issue with metrics for Data Sources showing incorrect values
• Fixed an issue where Azure API Management errors were not correctly interpreted

Administration

• Improved the accuracy of metrics on the sGNL dashboard and across data sources/policies
• Enabled a new PATCH method for SGNL’s config APIs, simplifying the modification of configuration in SGNL

Data Sources

• Simplified Okta configuration, eliminating the need to prepend the token type during configuration
• Enabled new ways to create relationships between Salesforce Users and other objects in the SGNL Graph

Policies

• Reduced the number of fields necessary to create Policy Snippets

Administration

• OpenId Connect SSO is now available for SGNL Production Clients [Learn More]

Data Sources

• Azure API Management is now available as a Data Source, supporting Users, Groups, and Products to synchronize into SGNL [Learn More]
• Curity is now available as a Data Source, supporting Users to synchronize into SGNL [Learn More]
• ServiceNow Groups have been added as a target for synchronization into SGNL
• Improved Data Source synchronization robustness and implemented several bug fixes
• Updating Data Sources now support PATCH operations

Integrations

• Integration request configuration has been improved to allow more flexibility in the required fields to evaluate access for an integration

Policies

• Access Analyzer (soon to be Policy Lens) has launched, enabling granular troubleshooting of assigned Policies [Learn More]
• Simulated Policies on integrations now accurately record matched log entries in Logging [Learn More]
• Longer policy names are now supported

Logs and Metrics

• Logging layout, fields, and filtering capabilities have been improved to enable better discovery of log entries
• Metrics for Data Sources (e.g. entity count), Integrations (e.g. access checks), and Policies (e.g. evaluations) have been created and are now visible on the dashboard and in their respective pages

Access Service

• Improved Access Service robustness and implemented several bug fixes

Administration

• An administrative user is automatically provisioned during client onboarding, based on the parameters specified
• Users can change user roles directly from the SGNL Console
• Users can be managed via the SGNL APIs to Create, Update, and Delete Users, as well as to perform management tasks such as password and role maintenance
• Two new roles exist within SGNL:
  • Admin: Grants full access to the SGNL Platform
  • Reader: Allows read access to non-administrative portions of the SGNL Console and APIs

Data Sources

• Create connections to 4 key data sources via the SGNL Console and API, including:
  • Azure Active Directory (Users and Groups)
  • Okta (Users and Groups)
  • Salesforce (Users and Customer Accounts)
  • ServiceNow (Users, Customer Accounts, and Cases)
• Customize the Display Name and Attributes of entities synchronizing to the Graph
• Create join rules between entities from different systems of record to build a complete graph picture
• Support for granular control of the synchronization interval of data sources and individual entities

Integrations

• Integrations can now be created via the SGNL Console and API to represent applications and services that are protected by SGNL, with support for descriptive Display Names, Descriptions, and unique Integration Identifiers
• Default Policy Decisions are now available on a per-integration basis, to configure the default behavior if no policies apply to a given request
• Multiple Identifiers mappings now exist for Principals and Assets to link data in Access Requests to entities in the SGNL Graph
• Multiple access tokens can now be generated for a given integration, each with unique display names and identifiers, enabling multiple tokens to be issued per integration
• Versions of Policy can now be linked to an Integration in an Enforced mode, to impact the access decisions SGNL makes for a given integration
• Version of Policy can now be linked to an integration in a Simulated mode, to audit and log the impact of the changes that will occur to access decisions from SGNL if a given policy is enforced on the integration

Policies

• Policy Snippets can now be created via the Snippets API to scope Principals, Assets, Actions, and Conditions
• Individual Policy Snippet Versions are now immutable, with new versions of a Policy Snippet able to be created for use in Policy Versions
• Policy Snippets and Policy Snippet Versions now store metadata to understand when they were created
• Policies can now be created from the SGNL Console and API and specified to either Allow or Deny access, based on a match on the policy criteria
• Individual Policy Versions are now immutable, with each new version able to be used independently for Integrations in Simulated or Enforced mode
• Policies and Policy Versions now contain creation metadata to audit management activities

Logs

• SGNL now logs Access Decisions and Ingestion events in the SGNL logs
• Logs can now be filtered by time range and type

Access Service

• The Access Service now accepts Principal Identifiers, Asset Identifiers, and Actions as part of access requests
• Enforced and Simulated policies are now evaluated as part of requests to the Access Service
• The Access Service will now determine an Access Decision, based on assigned and matched policies on the integration, or a default decision if only Simulated policies are assigned, or if no Policies match the request