Release Notes
Start typing to search…
Back to All

Entitle October 2025 release notes

3 months ago

✨Enhancements

Ephemeral accounts authentication on Azure

Entitle now supports using ephemeral accounts to authenticate with Azure through Microsoft Entra ID, streamlining access with workload-based identity federation. This integration supports OIDC and SAML, giving teams secure, automated access to Azure Enterprise Apps without manual credential management. This change is reflected when configuring the integration in Entitle, where you can choose between a client secret and federated credentials when establishing the connection.

ℹ️

For more information, see:

New audit logs

The actor field in audit logs streaming now distinguishes between human users, personal access tokens, and global API tokens, giving auditors a clear view of who performed each action.

New audit logs for agent token creation, update, and revocation were added:

  • OrganizationAgentTokenCreated – An agent token was created.
  • OrganizationAgentTokenUpdated – An agent token was updated.
  • OrganizationAgentTokenRevoked – An agent token was revoked.

Additionally, the content for the AccessRequestRedirectedToAdminNoTeamMembers log has been refreshed to clarify when requests are redirected to Entitle administrators due to a missing approver.

ℹ️

For more information, see Audit logs streaming.

AWS SSO multi-account pod-based identity integration

Entitle now integrates with AWS Identity Center to support temporary permission sets using a pod-based identity connection. Upon approved access requests, ephemeral permission sets are created for SSO users, groups, and sub-accounts, and are automatically removed when access expires. This integration centrally manages AWS SSO groups, permission sets, and resources (like S3 and IAM roles) without requiring a persistent AWS account, aligning with pod-based security models.

ℹ️

For more information, see AWS Identity Center - temporary permission set - pod-based identity.

AWS IAM single-account pod-based identity integration

The AWS IAM integration now supports pod-based identity, enabling Entitle to dynamically assume a configured IAM role and attach temporary, request-specific policies to users. Access to resources like EC2, S3, and IAM roles or policies is granted upon approval and automatically revoked when it expires, reducing the need for persistent permissions across both cloud and on-prem deployments.

ℹ️

For more information, see AWS Identity and Access Management (IAM) - Pod-based identity.

Authentication token update

A new authentication token is now generated for each user session. The token expires when the session ends, and to obtain a new one, users need to sign out and sign back in.

Entitle Terraform provider updates

The following version was released in Entitle's Terraform registry:

V.1.1.5

ℹ️

For more information, see the Entitle Terraform provider documentation.

©2003-2026 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.