Campaigns
Applications
Users/People
Emails
Security/Login
User Report
General Improvements
Added the Ability to Select Election Note from a Dropdown
Improved Filtering on Review All Page
When Creating a Campaign, Show Campaign Status as In Progress
Added Campaign Progress to Campaigns Page
Added the Ability to Sort the Progress Column on the Campaign Report
Added the Ability to Close a Campaign on the Campaign Report Page
Added Campaign Search and Application Search on Historic Campaign Page
Delete Delegations when the Delegatee is Terminated
Added Timestamp when Elections Are Made by Reviewers
On Campaign Review and Review All Pages, Added Manager Email to the List of SOR Attributes Displayed
Added “Previous Review” and “Next Review” Buttons on Campaign Review pages to Improve Navigation
Provide Reviewers with the Option to Update the Reviewer Within the Campaign
Delete All Associated Campaigns and Campaign Templates when Deleting an Application
Added Manager and Entitlement Custodian Campaign Type
Added the Ability to Include Rich Text Editing (Bold, Italics, Indentions, Bullet Points, Hyperlinks, etc.) in Campaign Instructions
Added the Ability to Bulk Assign Notes to Campaign Elections
Azure AD Connector – Pull Employee ID
Azure AD – Limit Additional Data Pulled to What is Configured in the Additional Column Attribute
Okta Connector – Added the ability to pull Manager email, Employee ID and custom Okta attributes
AD Connector – Added a check if the account expires. If it does and the date is in the past, the SecurEnds status will be “Expired”.
Added the Ability to Include a Note when Excluding or Deleting Credentials
Added the Ability to Define a Default Reviewer at the Application Level
SFTP Connector – Exclude Disabled Credentials When “Include Inactive Credentials” = No
SOR CSV Import – Handled Cells with Line Breaks
Added User Audit Trail
Added User Email ID to Notify Update Manager Email
Added Multi-factor Authentication Option for SecurEnds Login
Hybrid/Alternate Login Upgrades
Made SecurEnds Minimum Password Length Configurable
Removed Disabled Applications From the User Report
Added Additional Search Options on the User Report
Added Retry Logic When User Network Connection is Lost. Updated Error Page if Connection is not Restored After Three Retries.
Performance Improvement
Campaigns
Added the Ability to Select Election Note from a Dropdown
This feature introduces election notes to include a dropdown with selectable options, which are defined in the configuration. Instead of writing free form election notes, a dropdown with pre-defined values will be available for Reviewers to select. This enhancement improves the flexibility and consistency of election management.
Navigate to Administration🡪Configuration🡪Default UI Configuration and set “Show_Election_Note_Dropdown” to true to enable this feature.
Navigate to Administration🡪Configuration🡪Reviewer Notes🡪Reviewer Notes Dropdown and enter dropdown options separated by pipe delimiter.
Election Notes are available for selection.
Improved Filtering on Review All Page
This feature enhances the search functionality within the table by allowing users to search for specific values in multiple columns, such as Credential, First Name, and Last Name. The search results are displayed dynamically based on the entered search value.
When Creating a Campaign, Show Campaign Status as In Progress
To improve visibility into the campaign creation process, we have added campaigns to the Campaign List page immediately after the user initiates a new campaign. Previously, new campaigns did not appear on the Campaign List page until campaign creation was complete. Now the campaign appears immediately with a status of In Progress.
Added Campaign Progress to Campaigns Page
Added the Ability to Sort the Progress Column on the Campaign Report
Added the Ability to Close a Campaign on the Campaign Report Page
To help improve Review workflows, we have added a Progress column on the Campaigns page. The Progress column shows the percentage of elections that have been completed. This field may be sorted, so incomplete campaigns may appear at the top.
In addition, the Progress column on the Campaign Report can now be sorted. Also, Campaigns may now be closed from the Campaign Report page. If users are reviewing the Campaign Report, there is no need to navigate back to the Campaign list page to close the campaign.
The Campaign Report page can now be sorted by the election progress.
Campaigns in Open status can now be closed on the Campaign Report page. Select “Close” in the Campaign Report action gear.
Added Campaign Search and Application Search on Historic Campaign Page
To help select applications or campaigns in the Historic Campaign Report, we have added the ability to search for the applications and campaigns.
Delete Delegations when the Delegatee is Terminated
This feature enhances campaign integrity by automatically removing delegations when the delegatee is terminated. The system will check if the delegatee is terminated in the People system. If the delegatee is found to be terminated, the system proceeds to delete the people delegation associated with them. The Delete action is auditable in the system, providing an audit trail of the event. This process is performed nightly.
Navigate to Administration🡪Configuration🡪Default UI Configuration and set “Delete_Delegation_when_Terminated to true.
Added Timestamp when Elections Are Made by Reviewers
To give auditors an exact time when elections were made by reviewers, we have added a timestamp to the date field. The date/timestamp will be included on all Reports.
On the Campaign Report page, timestamp was added to the Date column.
In the Campaign PDF, the Timestamp was added to the Date column.
In the Campaign Report Export, the Timestamp was added to the Date column.
On Campaign Review and Review All Pages, Added Manager Email to the List of SOR Attributes Displayed
When hovering over credential on the Campaign Review page, identity attributes are displayed for the user. The user’s manager has been added to this view.
On Review page, SOR Manager Email is displayed.
On the Review All page, SOR Manager Email is displayed when hovering on credential.
Added “Previous Review” and “Next Review” Buttons on Campaign Review pages to Improve Navigation
This feature enhances the review process by providing users with convenient options to navigate between previous and next reviews, saving time and effort. It is applicable to Direct Election, Entitlement Custodian, Application Custodian, and Review All.
Provide Reviewers with the Option to Update the Reviewer Within the Campaign
This new feature significantly promotes streamlined reviews, improves reviewer productivity, and maintains a comprehensive audit trail for a more secure and efficient review process. Reviewers now have the ability to update reviewers for all types of elections (excluding Admin Role), giving them control. Previously, this was a feature only given to Administrators.
Navigate to Administration🡪Configuration🡪Default UI Configuration and set “Show_Update_Reviewer_For_Reviewers” to true.
Reviewers will be able to update the reviewer on the Campaign Review page.
Delete All Associated Campaigns and Campaign Templates when Deleting an Application
Implemented a new flow that makes the application deletion process more efficient and convenient for the admin. The admin can easily see what Campaign Templates and Campaigns are associated with the application and choose to delete them all together.
When “Delete” is selected in the Application action gear, all campaigns and campaign templates that include the application are listed with a warning. If the delete is confirmed, the application and associated campaigns, campaign templates, SOD policies and SOD reports will be deleted.
Added Manager and Entitlement Custodian Campaign Type
This feature introduces a new campaign type called “Manager & Entitlement Custodian” to the Campaign Creation Page. It complements the existing “Manager & Application Custodian” campaign type and provides an additional level of review involving both managers and entitlement custodians. When creating a campaign with the Manager & Entitlement Custodian type, the system automatically generates elections for both managers and entitlement custodians.
Select Manager & Entitlement Custodian when creating a new campaign.
Added the Ability to Include Rich Text Editing (Bold, Italics, Indentions, Bullet Points, Hyperlinks, etc.) in Campaign Instructions
Enhanced the campaign instructions functionality by providing administrators with the ability to incorporate various formatting options. With this update, users can now utilize bold and italic styles to emphasize important information, create indented sections for improved organization, utilize bullet points for listing items or steps, and add hyperlinks for easy access to external resources.
Navigate to Administration🡪Configuration🡪Reviewer Notes and modify Reviewer Notes.
Campaign Instructions may include bold, italics, text colors, bullets, numbered lists and more.
Added the Ability to Bulk Assign Notes to Campaign Elections
This feature allows users to add notes to multiple elections in a campaign simultaneously. It provides a pop-up screen with options to select the type of elections and download them in a CSV file format. It streamlines the process of managing and updating election information, enhancing efficiency in campaign management. Users can easily download and review the election data in a structured format, enabling better analysis and decision-making.
On the Campaign action gear, select “Bulk Note”
Select type of elections to add notes (All, Approved, Revoked, Pending) and download the file.
Enter freeform notes in the Notes column. Or, enter a valid dropdown value in the Notes Selection column (defined in Reviewer Notes Dropdown configuration).
Upload the file with Notes added.
Notes will be displayed on the campaign election.
Applications
Azure AD Connector – Pull Employee ID
SecurEnds will pull Employee ID in the Azure AD connector, so the application may be matched by Employee ID.
Azure AD – Limit Additional Data Pulled to What is Configured in the Additional Column Attribute
SecurEnds was pulling createdDateTime, companyName, jobTitle, mobilePhone and city in the Azure AD API by default. Now they will only be pulled if listed in the Additional Columns field.
Okta Connector – Added the ability to pull Manager email, Employee ID and custom Okta attributes
This feature enhances the configuration section for creating or updating OKTA Application/SOR by allowing users to define custom attributes for Manager Email, Employee ID, and Additional Columns. This feature provides greater flexibility in integrating OKTA Application/SOR with existing systems.
AD Connector – Added a check if the account expires. If it does and the date is in the past, the SecurEnds status will be “Expired”.
This feature addresses the issue of including expired accounts in the evaluation of account status within the Active Directory (AD) connector. When pulling the employee access status, the system will now verify if the “Account Expires” option is selected for each account/user. If the option is selected and the End of Date is in the past, the access status will be updated as “Expired” for that account.
Added the Ability to Include a Note when Excluding or Deleting Credentials
Admins now have the ability to include a note when a user is deleted or excluded.
Click unmatched count on Applications page. Select Delete or Exclude in the credential action gear or select the credentials and click the Exclude or Delete buttons at the top of the page. Notes will be able to be entered on the confirmation of the Delete or Exclude. The note will display on the Credential Details page, Credential Export and Downloaded CSV to Restore.
Credential Details
Excluded Credential Export
Added the Ability to Define a Default Reviewer at the Application Level
Added a new feature that allows users to specify an Application Default Reviewer for their campaign flow. If provided, the system will assign election tasks to the Application Default Reviewer instead of the Global Default Reviewer, but only for the specific application.
Previously, if the reviewer was terminated or not assigned, the reviews were sent to the global default reviewer. Now, if the reviewer is terminated or not assigned and an application default reviewer is assigned, the review will be sent to the application default reviewer. If there is no application default reviewer, the review is sent to the global default reviewer.
Assign an application default reviewer when creating the application.
SFTP Connector – Exclude Disabled Credentials When “Include Inactive Credentials” = No
In the SFTP Connector, filtering on Inactive Credentials only pulls active credentials when “Include Inactive Credentials” = No. Disabled credentials are no longer pulled and the bug is resolved.
SOR CSV Import – Handled Cells with Line Breaks
A blank, red message was displaying when a line break was included in an imported SOR file. SecurEnds now recognizes the line break and processes the file.
Users/People
Added User Audit Trail
A new feature that grants administrators comprehensive visibility into user activity throughout the application, encompassing actions from the Application Audit Trail, Campaign Audit Trail, and Delegation Audit Trail. By incorporating a “View Audit Trail” option, users can conveniently access this information on a dedicated page, which includes pagination functionality for effortless navigation. This feature enhances transparency and facilitates tracking and monitoring of user actions within the application.
Select “View Audit Trail” on the People action gear.
Emails
Added User Email ID to Notify Update Manager Email
To help with Review workflows, we have added the User Email when a Reviewer has requested to update the user’s manager. In addition to the first and last name, we now include the user email in the Notify Update Manager Email.
Security/Login
Added Multi-factor Authentication Option for SecurEnds Login
This exciting new feature adds an additional layer of security to the login process of SecurEnds. When this configurable feature is enabled, users are required to undergo a two-factor authentication (MFA) procedure using either email or a mobile authentication app. We recommend all customers to enable MFA to mitigate the risks associated with password-based authentication alone.
SecurEnds supports two different authentication methods: Mobile Authentication Apps and OTP via Email
Please contact the SecurEnds support team to enable MFA.
OTP Email Authentication:
Email with OTP:
Mobile App Authentication:
Mobile App with OTP:
Hybrid/Alternate Login Upgrades
To allow SSO and Non-SSO users to login to SecurEnds, we have implemented a Hybrid or Alternate Login. In this release, we added the ability to support hybrid login for Jumpcloud SAML SSO in addition to Azure, Okta and OneLogin.
To help administrators administer this feature, we have added the ability to export a list of Non-SSO users when HYBRID_LOGIN is enabled.
Made SecurEnds Minimum Password Length Configurable
All Passwords must be at least 8 characters in SecurEnds. To require a longer minimum password length, set the configuration value Minimum_Length_Password..
Navigate to Administration🡪Configuration🡪Default UI Configuration. Change the password minimum required length in the value field.
Required password length is updated on the Password page.
User Report
Removed Disabled Applications From the User Report
Added Additional Search Options on the User Report
Added the ability to search the User Report by Manager Email, Manager First Name and Manager Last Name.
General Improvements
Added Retry Logic When User Network Connection is Lost. Updated Error Page if Connection is not Restored After Three Retries.
Performance Improvement
To improve performance, large Exports, Reports and Downloads will be sent to a queue and processed offline. A link will be sent to the user via email to access the Export, Report or Download when processing is complete. Administrators have the ability to view the status of all downloads under the Administration tab.
After exporting a file, navigate to Administration🡪Export Downloads
The download may be accessed by clicking the link in the email or by clicking the link on the Export Downloads page. After export links have been clicked, they may not be used again. Download links expire after 1 hour. All exports will be deleted after 30 days.