Major Feature Update

UAR Enhancements & Fixes

IGA Enhancements

Access Template Based Reviews

The Problem
Traditional access review campaigns often require reviewers to evaluate access at the individual user and entitlement level. This approach can be time-consuming, difficult to interpret, and misaligned with how organizations actually design and manage access-through roles and expected access patterns. As a result, reviewers may face high manual review burden, miss access misalignments, or struggle to identify access exceptions, increasing audit risk.

The Solution
SecurEnds now supports Access Template-Based Campaigns for User Access Reviews, enabling organizations to conduct role-based access reviews using approved access templates instead of reviewing access at just the user and entitlement level.
This creates a more structured review model that aligns users, entitlements, and expected access by role.

This release includes three key capabilities:

1.Composition Reviews allow template owners to review the entitlements that define each access template, helping ensure each role remains accurate, complete, and aligned with policy.

2.Membership Reviews allow reviewers to validate which users are assigned to each access template, making role-based access reviews faster, more intuitive, and easier to complete.

3.Outlier Reviews identify additional entitlements assigned outside the approved template baseline, helping teams quickly detect exceptions, reduce excess access, and reinforce role integrity.

Together, these capabilities standardize role-based access reviews, reduce manual review burden, improve audit readiness, and strengthen access governance.

To use Access Template-Based Campaigns, IC must enable this capability. Please reach out to your IC.

UAR Enhancements & Fixes

1. Updates in Campaigns

Dynamic Entitlement Columns in Reviews & Reports:
Campaign reviews and reports now support dynamic, multi-attribute entitlement columns (e.g., application, account, path/group), giving reviewers clearer visibility into what they are certifying. Usability has also been improved with enhanced filtering and sorting, preserved selections during navigation, and new sort options like Entitlement and Last Login-helping reviewers work faster and focus on higher-risk or stale access.

Unmatched / Orphaned Accounts in Campaigns:
Campaigns can now optionally include unmatched application accounts (orphaned credentials not tied to a known identity) in the review scope. This gives organizations greater visibility into stray or legacy accounts and helps reduce risk by ensuring these accounts are either properly associated or removed.

2. Updates in Connectors:

. Oracle Connector: Clearer Entitlement Details for Tables and Roles;Updated the Oracle connector to make application entitlements easier to understand. Table entitlements now show the permission, table owner, and whether it’s grantable, and role entitlements now list the role’s permissions in the entitlement description.

.Configurable Jack Henry Template Ingestion:
Added configuration to control how deep Jack Henry template-level data is ingested, and ensured missing/blank entitlements are included

.Improved AWS IAM Identity Center Group Descriptions
For the AWS IAM Identity Center connector, when a group description is missing or empty, the system now automatically uses the associated Permission Set description as a fallback, ensuring more complete and informative entitlement details.

3.Updates in Access Template

.Create Access Templates from Access Analysis
Users can now create Access Templates for user access reviews through Access Analysis screen. Selected applications and entitlements are automatically populated into the template and can be reviewed and edited as needed, streamlining template creation and improving efficiency.

.Improved Access Template Update & Approval Workflow:
When Access Templates are changed, updates now follow a more controlled approval workflow. Admins can submit changes for approval to template owners, who can then approve or reject the requests. Once approved, updates are applied consistently, and users’ access can be updated automatically based on the new template definition. This improves governance, reduces manual follow-up, and provides a clear audit trail of who approved which changes.

4.Updates in Ticketing System:

.Improved Ticket Status Synchronization for Campaigns:
Ticket status updates from connected ticketing systems are now synchronized on a scheduled basis, with manual refresh still available. Reviewers and administrators can see uptodate fulfilment status directly in campaign reports without having to switch tools, improving visibility into whether approved changes have been completed.

.Multiple Slack Workspace Support for Notifications:
Organizations can now configure multiple Slack workspaces; notifications (launch/reminders/escalations) are sent based on active workspaces.

IGA Enhancements

1.Form Management

Forms continue to be central to standardizing access related requests. In this release, we have enhanced the visualization of form based requests (for example, nonemployee and service account forms) by adding a mind map view that shows the request flow and status. This helps requesters and approvers quickly understand where a request is in the process and which steps are pending.

2.Updates in Provisioning Policy:

SOR-driven identity changes (such as department or title updates) are now more clearly detected and reliably drive downstream access controls, strengthening joiner/mover/leaver processes. Admins can also configure which identity attributes are used for access analysis and control, improving performance and ensuring insights and HRdriven changes focus only on the attributes that matter most.

3. Enhanced SOD Reporting with Violated Entitlements:

SOD reports now include a Violated Entitlements column across the UI and exports (PDF/CSV), clearly showing which entitlement(s) triggered each violation.