Documentation

2023 - April Product Updates

Suggest Edits

🎉 Policies improvements

🎉 Policies Audit Logs

The following actions which are related to the Policies page will be audited:

  • New or deleted policies
  • Policy edits
  • Failed permission grants via Policies
  • Unassigned accounts for integrations that are linked to policies

🆕 🎉 On-Call groups support

You can now set on-call users with the baseline permissions they need for their shifts automatically.

The on-call service integration, currently supporting Opsgenie and PagerDuty, is defined in the Org. settings page, while the baseline permissions are configured in the Policies page.


🎉 Improved policies synchronization

The defined baseline permissions admins set on the Policies page will now be reflected instantly once a user is added to or removed from a group.

The synchronization applies to both on-call groups and IDP groups.

🆕 🎉 Multiple instant-messaging support

You can now connect Entitle with multiple Slack workspaces and/or Teams instances.

Go to the Org Settings page and click the Connect or Add connection buttons to set them up.

You will be referred to Slack/Teams to choose the desired Slack Workspace or Teams instance and approve the connection.

At any time you can disconnect a Slack workspace or Teams instance from Entitle.


🆕 🎉 AWS integration improvements

Entitle added an improved AWS JIT-policies creation and cleanup, which are created via Entitle in your AWS accounts.

In order to enable these improvements, you are asked to add the Base Permissions Management Policy below to all the accounts Entitle has access to and assign it to Entitle's users/roles.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "iam:AttachRolePolicy",
                "iam:AttachUserPolicy",
                "iam:CreateRole",
                "iam:CreatePolicy",
                "iam:CreatePolicyVersion",
                "iam:DetachUserPolicy",
                "iam:DeletePolicy",
                "iam:DeletePolicyVersion",
                "iam:GetPolicy",
                "iam:GetPolicyVersion",
                "iam:GetRole",
                "iam:ListAttachedRolePolicies",
                "iam:ListEntitiesForPolicy",
                "iam:ListPolicies",
                "iam:ListPolicyTags",
                "iam:ListPolicyVersions",
                "iam:ListRolePolicies",
                "iam:ListRoleTags",
                "iam:ListUserPolicies",
                "iam:ListUsers",
                "iam:TagPolicy",
                "organizations:ListAccounts",
                "organizations:DescribeAccount"
            ],
            "Resource": "*"
        }
    ]
}

🆕 🎉 Ticket history improvements

Entitle's ticket history now includes a summary with the following information:

  • The status of each role which is a part of the access request
  • The duration of the request
  • The related user

🆕 🎉 Customizable integration icon

Entitle admins can now change any integration icon, and get a familiar experience to their users by adapting to the icons used in their organizations.

To set it up:

  • Go to the selected integration you would like to replace its icon and click on the Replace Image
  • Select your desired image from your local device
  • Click Save
  • The new image for the selected integration is now set in Entitle

🆕 🎉 Virtual Application

We added a new type of integration - virtual application.

Virtual Application is a mechanism that streamlines the end-user experience for cases when access requests to an application are implemented indirectly under the hood, e.g. by joining an IdP group which triggers the IdP provisioning flow.

When an end user wants to use the application, he only needs to select access request to this application and not be aware of all the technicalities of how the access request is done.


Admin setup

In this demo, the admin configures Salesforce virtual application which is implemented by the group SFDC in Azure.


User experience

The user sees in the search results a recognizable name and icon he can request access to, without being aware of the Azure implementation under the hood.


Virtual integration request logs

This feature also eases the use of Entitle for a UAR reviewer - it represents only the App and not the mechanism by which Entitle works with the App.


🎉Snowflake integration improvements

  • Support got sub-resource permissions granting. For example: when permissions to a database are requested, Entitle will grant permissions to the relevant schemas and tables as well
  • Improved Snowflake integration documentation Here

🆕 🎉 Half-hour permission duration

Entitle now supports a half-hour JIT permission duration option. You can set it up on the Org Settings page and it will be reflected in your workflows.


🆕 🎉 New login page design

A new login page to the platform.

Updated 27 days ago