February 2023 Product Updates

This month, we’ve introduced quite a few new features and improvements.

Improved Identity Attribute Mapping

Clarity has always been able to accommodate multiple sources of truth. However, this update now allows for:

-Better mapping of identity attributes across multiple sources of truth
-Better management of conflicting naming conventions
-The ability to define custom identity attributes
-The ability to select which source of truth takes precedence for specific identity attributes

All of these changes mean it’s easier to accommodate unique access requests; like updating an employee’s FTE status within your HR system while still maintaining an active status in Active Directory.

“This update is a big win for minimizing conflict within your RBAC structure and makes it more feasible to accommodate unique access needs. It also prevents a source of truth from firing off unintentional lifecycle management events that could introduce serious security implications.”

– Greg Glass, Co-Founder and CTO

Flexible Org Units for Simplified RBAC

This update also made improvements to Clarity’s automated role mining engine. We’ve introduced flexible org units to allow you to be as granular, or high-level, as you need with your RBAC structure. You can still default to the standard RBAC structure that Clarity automatically generates for you. Or you can create highly specialized birthright access by using organizational units such as division, region, tax status, and more.

“It’s common to be intimidated by RBAC because you have to sit and think about every department and title and who should have access to what. To do this manually, it’s a monumental task. But Clarity’s Role Mining makes it a much less daunting project. When you initially stand up your environment your RBAC is immediately generated and then you can use these flexible identity attributes to modify and tweak as much as you want. Create new roles, clone roles, alter roles, add exceptions or exclusions, all to your hearts content. Click a button, and RBAC is done.”

– Greg Glass, Co-Founder and CTO

Even More Workflow Customization

After a lot of feedback from our customers, we’ve expanded your ability to customize Lifecycle Management (LCM) workflows within Clarity with new triggers and event cascades. This gives you a lot of freedom over how Clarity should respond to identity creation events, changes in the lifecycle, and more. There’s also a new workflow trigger for “Orphan Account Detected” so that you can tell Clarity exactly how it should handle those expensive, and risky, orphaned licenses.

“We don’t want our platform to be so prescriptive that our customers have to overhaul all of their existing processes just to use Clarity. Instead, Clarity should be able to easily adapt to their unique processes. We’ve had workflows for a while now, and they just keep getting better and better”

– Greg Glass, Co-Founder and CTO

ClarityConnect Changes

Quite a few updates were made to ClarityConnect, our virtual appliance that lets you connect to your on-prem applications without punching holes in your firewall.

-Added ability to have multiple ClarityConnect instances across one or more separate infrastructures
-Logic updates for how a source of truth imports inactive users
-Updates to On-Prem import syncing/cleanups
-Added an ability to filter/restrict your Active Directory connector to specific OUs.
-Batch import detection, processing, and logging.
-Ability to “clean up” stale and missing entitlements
-Enjoy more consistent and complete asynchronous imports

Additional Updates and Fixes

In addition, here’s a quick rundown of all the improvements that have been made to Clarity recently.

-Upgrades to notification/alert functions
-Dashboard got some nice performance upgrades
-Some nice improvements to the UAR admin user interface
-Ability to toggle automatic role mining entitlements
-Reworked the way roles are created or inherited
-General improvements for role assignment of aliased roles
-Added more granular Active Directory group types for local, domain, and universal security and distribution groups
-Changes to what happens to service users who go missing on subsequent imports
-We’ve added support for PostgreSQL Database connectors
-Refactored the existing AtlassianCloud/Jira connector
-Lots of new application connectors in the Marketplace, including a new Reports as a Service connector
-General connector performance and reliability improvements
-Exterminated some bugs
-Some standard infrastructure updates to keep things running efficiently behind the scenes