Veza Product Updates – March 2024

We’re excited to share the latest monthly product update, highlighting major changes highlighting major changes in March’24. In addition to new features and usability enhancements across Veza products, we’ve added integrations and enhanced existing ones to support a wider range of potential configurations, environments, and use cases.

Please read on for details on the March’24 updates. Your feedback is invaluable, and we’d love to hear from you at

Access Intelligence & Visibility

  • Select All Permissions: When picking permissions to filter by, you can now quickly enable all effective or system permissions with a Select All option.
  • Query Performance: Significantly improved query speed for searches returning large amounts of results.

Access Monitoring

  • Activity Monitoring for AWS: You can now configure an organization CloudTrail owned by an AWS account other than the AWS account configured for Activity Monitoring. The trail must be specified by ARN when configuring the AWS integration.
  • “Last Activity With Resource” Time: Query Builder now shows a Last Activity with Resource At column indicating when a principal last interacted with a resource.
  • Snowflake Role Usage: Snowflake Local Roles now have the Last Used At attribute that shows when was this role used by any user to access a resource.

Access Reviews

  • Review Creation: Starting a new Review now opens a full-page wizard for choosing the base Review Configuration, due date, reviewers, automation, and snapshot options.
  • Orchestration Actions: Email notifications can now be configured to trigger when an approved or rejected row is signed off.
  • Enriched Access Review Rows: Reviews can now include an extra column group showing details about the IdP user or HRIS profile associated with each query result. Reviewers can use the column selector to choose the metadata to show in this group. By default, enabling Enrich with IdP/HRIS data shows the name and unique ID of related entities in the chosen IdP or Human Resource Information System.
  • Access Review Product Design Improvements:
    • Reviewers can now use the Decision By filter to find rows acted on by a specified access reviewer.
    • Action history logs are now sorted by timestamp when viewing the action log for an individual row.
    • Improved readability within the Row Details drawer. It is now easier to see which table cell value belongs to which entity group for each row.
    • Improved performance of the Review table, especially when selecting more than one row.

Veza Integrations

Delinia Secret Server, Aspera, Anaplan, Oracle Enterprise Performance Management (EPM), Hashicorp Vault, Dropbox, Databricks (Unity Catalog), Appian.

  • Active Directory: Veza now shows the Manager Principal Name attribute for AD Users whose Manager ID attribute is a distinguished name (DN). For such entities, the Manager Principal Name is the manager’s User Principal Name (UPN).
  • AWS: To indicate when AWS entities are affected by a policy containing conditions not supported by Veza, these entities now have the attributes Unsupported Condition and Unsupported Condition List, showing any condition operators and keys Veza does not yet support.
  • Box: Added an option to prevent the discovery of all Box folders to enable faster user and role metadata extraction in large environments. Administrators can also now set the maximum depth of folders to extract when configuring the integration.
  • Concur: Users now have the Email attribute. The Concur integration must have the additional API scope to ingest this metadata.
  • Coupa: Users now have an additional API User attribute, true for identities marked as API Users in Coupa.
  • Egnyte: Veza now creates Egnyte Local Role entities to represent user types, such as admin, power, or standard.
  • Jenkins: Added support for Project-based Matrix Authorization Strategy, enabling Veza to show user and group access controls defined at the project level in Jenkins.
  • Microsoft Azure: Improved performance when ingesting role-based access controls. Our support team can enable this enhancement to reduce pipeline delays when connecting to environments with complex RBAC hierarchies.
  • Salesforce: Veza now supports Permission Set Groups used to assign sets of permissions to teams of users. A Permission Set Group can relate to a single Muting Permission Set entity, which disables specific permissions in that Permission Set Group.
  • Snowflake: Snowflake Local Roles now have the Last Used At attribute.
  • Workday: Added a configuration option to Use preferred names instead of legal names as Worker display names.

Veza Platform

  • Single Sign-On Configuration: When enabling a SAML identity provider for user login, administrators can now copy Veza’s Single Sign-On URL (ACS) and Audience URI (Entity ID) directly from the Configure SSO wizard.
  • SSO Event Logs: SSO user logins are now shown on the Events page.
  • Team Integration Scope: Administrators can now quickly approve all integrations by clicking the All Providers when creating or editing the team.
  • Webhook and Email Domain Filtering: Administrators can now configure a list of approved domains for email and webhook Orchestration Actions. Messages are not sent to unapproved domains when this option is enabled on the System Settings page.

Lifecycle Management

  • Added support for Microsoft Entra ID (formerly known as Microsoft Azure Active Directory), Workday, and Snowflake as provisioning targets for Lifecycle Management. This extends the range of enterprise systems where Veza can manage local users and assign groups or roles based on configured provisioning policies and access profiles.

Your feedback is invaluable, and we’d love to hear from you at

Table of Contents