February release notes draft

Permissions views now display indirect access across AWS, Active Directory, and Google Workspace, including access granted through nested groups, intermediary roles, or other inherited relationships. This ensures the permissions graph, entitlement views, and access reviews reflect effective access, not just direct assignments, giving admins a more accurate picture of who can access what across these integrations.

ℹ️

For information about the permissions graph, see The permissions graph.

Access controls are now handled more consistently across approval workflows, the permissions graph, org settings, users, tasks, and audit logs. This makes it easier to understand and control who can access what throughout Entitle, with the same permission types interpreted and displayed consistently across screens.

ℹ️

For more information, see:

• The permissions graph
• Birthright policies
• Approval workflows
• Webhook based approvals
• Integrations
• A specific integration
• Org settings
• Tasks
• Users
• Audit logs
• JIT request analysis

Slack approval notifications are now consolidated into a single thread per access request, making it easier to follow the full decision history. Channels acting as approvers or notifiers receive clearer updates that show who approved a request, when it was approved, and how it progressed, improving visibility and auditability directly within Slack.

ℹ️

For more information, see Approval workflows.

The Okta integration webhook now supports additional events related to admin role changes. These include assignment and removal of predefined admin roles, as well as creation and deletion of custom admin role assignments through resource sets. This ensures changes to Okta administrative privileges are captured and processed more completely within Entitle.

ℹ️

For more information, see Okta webhooks.

Bulk Actions now supports search across integrations, resources, roles, workflows, owners, maintainers, IdP groups, and users, making it easier to target the correct items before applying updates. The Birthright Policies page also includes search and filtering, helping admins quickly locate and manage policies in larger or more complex environments.

ℹ️

For more information, see Birthright policies.

The Jamf integration now supports environments where SSO is enabled, using modern authentication flows instead of relying solely on basic authentication. Customers can connect Jamf to Entitle without disabling SSO, while maintaining their existing identity and security controls.

ℹ️

For more information, see Jamf Pro.

The virtual integration resource and role picker now displays only managed resources and roles. By excluding unmanaged items and integrations without managed resources, the selection experience is cleaner and reduces the risk of misconfiguration.

ℹ️

For more information, see Integrations, resources, and roles.

The JIT request analysis report has been enhanced to improve data accuracy and usability, and to better align with how Entitle represents user entitlements and access relationships. The report now more reliably reflects current roles, resources, and effective access, giving stakeholders greater confidence when using it for operational monitoring and compliance reviews.

ℹ️

For information about this report, see View JIT request analysis.

Terraform users can now retrieve the list of Entitle applications directly through the provider, eliminating the need for hard-coded values when defining integrations. This allows infrastructure teams to discover applications programmatically and incorporate them into automation workflows with greater confidence.

ℹ️

For more information about Terraform, see Terraform Cloud.

Infrastructure supporting a virtual application is now managed through Terraform, enabling consistent and repeatable provisioning across environments. Managing these resources as infrastructure as code reduces configuration drift and makes future updates safer and easier to audit.

ℹ️

For more information about Terraform, see Terraform Cloud.

Bundles, policies, and tags now behave consistently across configuration screens. These updates make entitlement configuration more predictable and easier to manage, especially in large or complex tenants.

Several enhancements were made to improve how Entitle models and processes complex access scenarios across integrations. These updates increase the reliability of permission handling and improve how effective access is calculated and displayed, reducing the need for manual corrections and making access behavior easier to understand.

Entitle’s public API documentation has been expanded to provide clearer guidance on required and optional parameters, expected value formats, and edge cases. The updates also clarify how to obtain referenced IDs and how virtual or manual applications behave in different scenarios, making integrations smoother for API and Terraform users.

ℹ️

To see the updated documentation, see the API reference.