We are excited to share the latest Veza product features and enhancements! Included is a summary of key product developments from April 2023.
Please don't hesitate to contact our team with any questions or feedback. We're always here to help
Salesforce SaaS Misconfigurations
A new Salesforce Misconfigurations report offers insight into common identity risks for SFDC. The queries in this report can be customized or used out of the box, including:
- Salesforce Users not tied to an identity provider
- Salesforce Organizations without organization-wide MFA enabled
- Salesforce profiles that bypass organization-wide MFA
- Salesforce Organizations with "poor" or worse Security Health Check Score
- Salesforce security health check risks ranked high or medium risk
- Salesforce Organizations without Setup Audit Trail enabled
Note: to enable the reports, you must update the permission set for the Salesforce integration to include the "View Health Check" permission.
Introducing risks and risk levels
Instead of marking queries as Violations, users can now set a "Critical" or "Warning" risk level for saved queries. Results of queries with a risk level (Queries with Risks) appear on the Insights > Risks page for tracking and remediation. On this page, you can now:
- Review all Queries with Risks and their results in Graph or Query Builder
- Review all active Risks for all queries.
- Sort by conditions such as time, total risks, and percent change.
- Filter by query risk level, integrations, or labels.
- View trending changes for the past week or past month.
The Veza landing page now includes an Access Risks Summary section with a trend chart and summary of all risks. Clicking a tile on the dashboard opens the Queries with Risks tab.
You can hide results that can't be acted on (such as built-in system roles) by adding exceptions. Marking a risk as an exception will prevent it from appearing as a risk in the future.
- To manage exceptions for a single query on the Risks > Queries with Risks tab, click Manage Exceptions from the actions dropdown menu.
- To manage exceptions for multiple risks, select one or more Risks and click Mark as Exception.
- You can filter the Risks page to show entities marked as exceptions. A new column shows each risk's exception status.
Risks in Authorization Graph and Query Builder
Authorization Graph now highlights risks by default. Risks are highlighted yellow or red depending on the risk level.
- You can toggle this setting under Display Options > Highlight Entities of Interest.
- The Query Builder also now highlights risks by default. Results will have a Warning or Critical indicator next to their name to show the risk level.
- Clicking on the risk level of a result in Query Builder now opens the Risks page with that entity selected.
Saved Query enhancements
You can now find built-in queries on the Saved Queries page with a filter on "System Created: True" or "Created By: Veza". Some pages and sections are renamed based on user feedback:
- The Home page is now Dashboards.
- The Insights > Reporting page is now Reports.
- The Reports Library is now All Reports.
- My Reports are now My Bookmarked Reports.
- Report categories are now Collections.
- NetSuite: A new Veza-built connector enables the discovery of Users, Roles, and Role permissions for Oracle NetSuite using the Open Authorization API.
- GitHub Enterprise (Early Access): A new Veza-built integration enables the discovery of user, repository, team, and role entities and attributes for GitHub, with support for GitHub Enterprise Cloud and Server. Built-in Saved Queries for GitHub are now provided for customization and use in reports.
- Snowflake: Azure AD Users are now automatically mapped to Snowflake Local User accounts they can assume.
- Tags in certification results (Early Access): Workflow creators can now include extra certification columns showing tags on source or destination entities. When enabled, reviewers can filter results by tag key and click on a tag key to see the value.
- Single-action Approve and Sign Off (Early Access): When enabled, reviewers can now approve and sign off on certification results with a single action. Users can apply the combined decision using a Smart Action, the row actions dropdown, or a Bulk Action on a selection of results.
- Saved Filters (API Preview): Reviewers can now pick from filters created using the Quick Filters API.
- Notification Templates (API Preview): A new preview endpoint is available for testing Workflow reminder email templates.
If you're not yet a Veza customer, schedule a demo today to see any of these updates in action.
A field guide to bad permissions part 2: expired permissions
Why expired permissions go unnoticed The main reason expired permissions go unnoticed is that it’s…
A field guide to bad permissions, part 1: ungoverned permissions
That is, permissions that aren’t captured or tracked in the tools you use for access governance,…