Protected Systems

• We’ve improved the usability of the Google Cloud Platform Protected System in the Protected System Catalog, as well as improving our documentation for GCP

Systems of Record

• ServiceNow has been enabled to support OAuth2 Authorization Code Flow, enabling the elimination of username and password for connectivity
• We’ve improved how we filter Group Members sourced for Entra Id in order to improve synchronization performance
• Crowdstrike as an SoR is now available from the System of Record Catalog
• Major improvements to the way that Account Entitlements are synchronized into SGNL from Sailpoint IdentityNow have been made available to all Sailpoint customers

Improvements and Bug Fixes

• DeviceID as a query parameter on the access service is now better supported across the SGNL product
• Relationships across Systems of Record are now displayed more clearly in Relationships
• Some Actions are now pre-populated with well-known values, we’ll continue to roll enhancements out across action targets over the coming weeks

CAEP Hub

• Event Streams are now generally available, enabling SGNL to receive any Security Event Token (SET) for use in Actions, Policies, and Broadcasting
• Templates for standards-based CAEP and RISC are available from the SGNL SoR Catalog, enabling you to add event transmitters directly into SGNL
• Event Streams have been enabled to use one of Authentication (via a SGNL Auth Token), Token Signing Validation, or both

Administration

• New Logs for Transformed requests and responses are now available

Improvements and Bug Fixes

• We fixed an issue where templates exported from the console sometimes would not re-import list attributes

CAEP Hub

• We’ve improved some of the look and feel of CAEP Hub Insights and Logs
• We now provide better reporting on in-progress actions

Protected Systems

• You can now choose different methods to augment tokens with Okta OIDC Transforms

Improvements and Bug Fixes

• We fixed an issue with the OAuth2 Authorization Code Flow that would sometimes impact our ability to refresh an access token

CAEP Hub

• New actions have been added for Salesforce
• New actions have been added for Entra ID

Protected Systems

• Okta OIDC Transforms are now available, enabling a Token Hook to talk directly to SGNL and have claims added based on the returned Search API Assets

Improvements and Bug Fixes

• We fixed an issue with the configuration experience for Splunk Log Streams that would cause transmission of events to fail

Improvements and Bug Fixes

• We improved the OAuth2 Authorization Code UI to make it more user friendly
• We’ve fixed an issue where the CAEP Hub Insights metrics would sometimes show incorrect values

CAEP Hub

• CAEP Hub Insights is now available, enabling visibility into the CAEP Hub Workflow
• We’ve added a new action for Salesforce to revoke user sessions
• We’ve added a new action for Slack to revoke user sessions
• We’ve added a new action for Snowflake to revoke user sessions

Improvements and Bug Fixes

• We fixed a bug in the OAuth2 Authorization Code Flow configuration, where attempting to patch the configuration would sometimes result in an error

Improvements and Bug Fixes

• We’ve made some general improvements this week to better support some new functionality that’s just around the corner

CAEP Hub

• CAEP Hub is now Generally Available, including more actions, better configurability, and more options to take action on activities that happen within your organization
• We’ve improved validation of actions during configuration to provide more granular feedback on misconfigurations
• We’ve added a path from Protected Systems to CAEP Hub, so you can more quickly get in and create new Rules or Triggers from the Protected System pages

Policy

• You can now archive policies and snippets – simply head on over to the Settings page for the object you want to archive, scroll to the bottom and hit archive. If you need to unarchive a policy or snippet, simply select the filter on the details page to show Archived Policies or Snippets

Systems of Record

• We now allow Path Relationships to be created across as many entities as needed, no longer limiting this to 2 entity relationships

Policy

• We’ve rolled out a new capability called Access Reporting – here you can ask, and report on 2 important questions “Who can access this Asset (or set of Assets)” and “What can this principal access?”. We’re always looking for feedback so please reach out with questions and comments

Protected Systems

• Protected Systems and Actions now support the OAuth2 Authorization Code Flow

Administration

• Added support for multiple Log Streams per Client

Improvements and Bug Fixes

• Fixed an issue where some Policy Lens requests would log access decisions in the Access logs

Protected Systems

• Added support for precedence configuration in Transforms, enabling you to specify the resulting output of two values that may otherwise conflict in downstream systems

Protected Systems

• We’ve made significant improvements to Transforms on Protected Systems – you’re now able to select multiple attributes and add them to the configuration for a response to calling systems like Okta

Administration

• Added support for streaming SGNL Logs to Splunk

Improvements and Fixes

• We fixed an issue where deleting an attribute from an entity caused an error when referenced in a snippet

Improvements and Bug Fixes

• We’ve improved the accuracy of our IP Address to City evaluations during access requests

CAEP Hub

• The current date and time can be evaluated as part of Triggers

Improvements and Bug Fixes

• We improved the Okta Search API Transform on Protected System to de-duplicate matching claims and paths
• The policy builder has been improved to flag when an update to a snippet is available

Systems of Record

• We’ve extended our searching and filtering capabilities to Systems of Record
• We’ve added minor improvements to the Active Directory System of Record

Protected Systems

• We’ve simplified the selection of attributes for Transforms, just to those in the Assets that you have configured for the Protected System
• The Okta Search Transform has been improved to deliver an optimized response to the Okta Inline Hook

CAEP Hub

• The AWS Session Revoke action is now available

Policy Management

• Unindexed attributes can now be used in the simplified snippet builder

CAEP Hub

• New event logs for Rules, Actions, and Triggers have now been added to enhance visibility of CAEP Hub, as well as to diagnose and debug issues
• Actions that have a missing or empty parameter will now continue to run, but will log an error in the CAEP Hub event log

Improvements and Bug Fixes

• We’ve temporarily disabled the creation of path relationships containing more than 2 entity relationships

Systems of Record

• Active Directory as an SoR is now available
• Generic LDAP as an SoR is now available

CAEP Hub

• Failing actions will now exponentially backoff their retries, until the downstream system successfully accepts the action

Improvements and Bug Fixes

• Fixed an issue where Data Lens was not showing false values in the attribute viewer
• Fixed an issue where Transforms couldn’t be modified after they were created
• Improved the look and feel of simplified snippet builder and the CAEP Hub trigger builder

Policy Management

• Policies can now be more easily sorted and filtered

Protected Systems

• NameID is now included as a default option in Okta Search Transforms

Improvements and Bug Fixes

• Improved the OpenID Connect setup experience
• Improved Data Lens filtering
• Where Systems of Record fail to ingest data consistently, we’ll know exponentially backoff retry attempts

Systems of Record

• Bamboo HR is now available as a System of Record
• Google Workspace is now available as a System of Record
• Relationship attributes now have improved support for filtering

CAEP Hub

• Actions for a given integration can now be viewed and reviewed in the Protected System’s Actions tab
• Additional parameters for actions are now added dynamically when saving a Rule

Improvements and Bug Fixes

• Improved the Okta Transform to use the same taxonomy as Okta’s documentation for SAML Inline Hooks

Systems of Record

• Workday is now available in the SGNL Catalog as a System of Record

Policy Management

• We’ve released an early access capability to better support searching, filtering, and sorting of Policy Snippets – we’d love your feedback as we look to roll out these new capabilities to more of SGNL

Protected Systems

• SGNL can now take care of transforming requests from Okta Asset Search Requests without needing any extra components, you can enable this within the Protected System configuration
• We’ve added a wealth of new Protected Systems and Actions that can be used in the SGNL CAEP Hub

Improvements and Bug Fixes

• Fixed an issue where some SoR Bearer tokens were larger than the size we previously allowed

Systems of Record

• Attributes can now be normalized to Lower Case, Upper Case, or by Removing Spaces for attributes being imported from Systems of Record

Protected Systems

• SGNL can now take care of transforming requests from Sailpoint Access Requests without needing any extra components, you can enable this within the Protected System configuration

Improvements and Bug Fixes

• Fixed an issue where some Snippets were not being correctly shown in the simplified Snippet Builder

Improvements and Bug Fixes

• We’ve added more resilience to Data Lens to still show nodes even if expected fields or values are not found

Policy Management

• An early access version of the simple Snippet Builder has been made available to all SGNL Clients, there are major changes planned for this builder, however this should help to further ease the creation of Snippets for SGNL Users in the interim
• We’ve improved the look and feel of Policies and Snippets in Policy Lens, enabling simplified debugging and better visual clarity of features
• We’ve added more validation in Policies and Snippets to better guide the creation experience

CAEP Hub

• We’ve added optional parameters to Actions in CAEP Hub, enabling further customization of how you interact with systems in your enterprise, though SGNL

Improvements and Bug Fixes

• We’ve improved sorting and filters in the product, with more to come in the future
• We’ve addressed some bugs that resulted from incorrect configuration not being properly validated

Systems of Record

• You’ll now be notified if your System of Record Catalogs have a newer version than you’re currently using, with the option to update on the fly
• You can now directly export Systems of Record you’ve created manually into YAML format, so they can be reused as templates

Systems of Record

• Relationships between objects can now have Display Names and Descriptions, enabling more flexibility in naming, as well as enabling the ability to modify Display Names without impact to Policies or Snippets
• We’ve added GitHub as a System of Record, allowing GitHub Users, Teams, Repositories, and Organizations to flow into SGNL to be used as context in Policies

Data Lens

• We’ve improved Data Lens so you can more easily understand the various systems that have contributed the objects in the graph

Bug Fixes

• We fixed a bug that would sometimes cause an incorrect count of the types of entities in a System of Record