Version 6.4 Release Notes

Aside from the continual performance improvements and minor bug fixes provided with each release, the following features have been included with version 6.4:

Feature

Description

New pre-approval conditions for reviews

With new pre-approval conditions for reviews, you'll have more options and more control in determining how items are pre-approved. For example, if you use access models, the access models can now be used to pre-approve items within a review.

When an item is pre-approved, it means Permission Assist has analyzed the item according to both the system criteria (built into Permission Assist) and the selected criteria (the options described below) and has determined the item meets all criteria.

System Criteria:

The following criteria must be met for an item to be eligible for pre-approval. These are required by Permission Assist and cannot be changed:

the application user must be active. Disabled users cannot be pre-approved
the application user must have a matched identity
the matched identity must be active. Users associated with disabled or removed identities cannot be pre-approved
the application user's permissions have been approved in at least one previous review. First-time pre-approvals are not allowed

Optional Criteria:

Each additional option selected is another requirement that must be met for an item to be pre-approved. For example, if you select both the "Permissions have not changed..." and the "No permissions are overprivileged..." options, then the user must have the same permissions as in the previous review, and their permissions cannot exceed the permissions allowed by their associated access models.

Option	Description
The user/group was approved in the previous review	When this option is selected, the review item must have been approved by all required reviewers in the previous review. If the item was flagged and sent to remediation, it cannot be pre-approved.
Permissions have not changed since the previous review	When this options is selected, the user's permissions must be exactly the same as in the previous review. If the user has any new or changed permissions, the item cannot be pre-approved.
No permissions are underprivileged according to the access models	When this option is selected, the user must have all of the permissions that are allowed according to the associated access models. If the user is missing permissions that the access models allow, the item cannot be pre-approved.
No permissions are overprivileged according to the access models	When this option is selected, the user's permissions cannot exceed what is allowed according to the associated access models. If the user has more permission than the access models allow, the item cannot be pre-approved.

Better control over access request email notifications

Eliminate email overload! Email notifications for access requests are now completely within your control. You decide who receives access request notifications and during which events when they receive them. For example, you might decide the provision engineer receives an email notification when an access request is assigned to them. For more information refer to: Define Who Receives Access Request Email Notifications

Custom ID fields

The Identities page within the System Configuration area allows you to elaborate your identity information in ways that are specific to your organization. For example, if your organization has both an internal job title and an external job title, and the external job title is already being imported through Active Directory, you can define a custom identity field to define the internal job title.

Custom identity fields can be used when:

creating access models
matching users to identities
onboarding new identities

New filter icons and buttons

Permission Assist has been given a minor makeover. The search and quick filter options are now displayed in the upper right corner of most pages and will look similar to the following:

Image	Description
	Search
	Filter