Entitle June 2026 release notes

Entitle agent auto-update

Keep your self-hosted agent current automatically, so you always run the latest version without manual intervention or scheduled maintenance windows. Entitle handles agent lifecycle management for you, eliminating upgrade toil and ensuring your deployment stays aligned with the latest security and feature improvements.

🚧

Opt-in to auto-update with a single configuration change.
Organizations onboarded after June 9, 2026 have auto-update enabled by default. No action needed.

ℹ️

For more information, see enable auto-update for self hosted agent deployments

Filter by duration

A Duration filter is now available for permissions and personal access tokens, so you can surface and act on long-lived access before it becomes a risk. Use it to identify permissions and tokens with extended expiration windows and remediate them directly.

Bitbucket integration: support for scoped Jira tokens

Bitbucket repositories hold some of your most sensitive assets — source code, pipelines, and deployment configurations. The Entitle integration lets you apply JIT access controls to Bitbucket repositories, eliminating standing permissions that increase your risk exposure.

The integration uses Jira credentials to retrieve email addresses to match Bitbucket users to identities. You can now apply least-privilege principles to the Jira token itself and limit what it can access within your Atlassian environment.

ℹ️

For more information, see Bitbucket.

Project group support for Azure DevOps

Azure DevOps is where engineering teams manage source code, CI/CD pipelines, and project boards — making it a high-value target for standing access that goes unreviewed. Use Entitle to apply JIT access to Azure DevOps resources, eliminating persistent permissions across your software delivery lifecycle.

This release extends the integration to include Project-Level group memberships, so you can provision developers into specific project groups on demand — with workflow-driven approvals, automatic revocation, and a full audit trail.

ℹ️

For more information, see Azure DevOps.

Splunk On-Call

Manage on-call-based access across your organization with the new Splunk On-Call (formerly VictorOps) integration. Entitle automatically identifies who is currently on call based on your Splunk On-Call teams and escalation schedules, and uses that data to drive approval workflows and policies — ensuring the right responders always have access to the right resources when it matters most.

ℹ️

For more information, see Splunk On-Call.

Get roles by integration

The Get a list of roles API endpoint now supports filtering by integrationId, so you can retrieve all roles across an entire integration in a single call. Previously, roles could only be queried by individual resource, requiring multiple calls to get a complete picture. This makes it significantly easier to build integration-wide automations, audit scripts, and Terraform workflows.

⏰ Deprecation notice

The CustomerIO integration is deprecated and will be removed in an upcoming release.

©2003-2026 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.