🔐 SailPoint ISC – August 2025 Highlights
Access request approvals now support re-authentication requirements for sensitive or regulated access requests via the Update Access Request Configuration API. Admins can enforce re-authentication through SSO when approving these items.
The Core Access Model now supports attributes with date periods in naming conventions for automatic role assignment, improving clarity and lifecycle alignment.
GenAI now uses source name and source type to generate smarter entitlement descriptions. Governance groups can also review generated content, enabling scalable and accurate access reviews.
The redesigned Admin → Tasks interface improves usability with better filtering, reassignment options, and expanded task visibility. Boosts admin efficiency across workflows.
🔐 CyberArk – August 2025 Highlights
Addresses a high-severity vulnerability in Secure Infrastructure Access, with CVSS score 8.1. Admins should enable PIN-based auth for federated user access to mitigate risks.
"Defender – Access" has been renamed to "Defender – IAM" to reflect CyberArk’s broader identity security scope. Study guides have been updated accordingly.
CyberArk’s new SRS Community Group offers plugin templates, compliance resources, and tenant-wide rotation tips for secrets management at scale.
Plugin lifecycle management, privileged compliance reports, and 10,000-account bulk rotation capabilities have been added—boosting control and visibility.
Addresses a new vulnerability related to Prototype Pollution (CVE-2024-38996) affecting PVWA versions earlier than 14.2.4. Affected environments must upgrade to either 14.2.4 or 14.0.6, depending on compatibility. No temporary mitigation is available, and the issue has not been exploited in the wild per CyberArk. Documentation and download links are provided in the official bulletin.
🌐 StrongDM – August 2025 Highlights
StrongDM now defaults to Virtual Networking Mode (VNM) or loopback mode for resource IP allocation across all major components: Control Plane, CLI (v50.8.0), Terraform Provider (v15.7.0), Java SDK (v15.7.0), Python SDK (v15.7.0), Go SDK (v15.7.0), and Ruby SDK (v15.7.0). This change simplifies Infrastructure-as-Code deployments and ensures that IP addresses are automatically allocated when using VNM, reducing configuration errors. Port override behavior has also been updated to support automatic allocation when updating resources from loopback to VNM.
Certificate-based RDP authentication now supports Windows SIDs in Identity Aliases, eliminating reliance on registry bindings for AD resource compatibility.
New CLI parameter improves automation by allowing VNM mode to be enforced in CLI workflows, aligning with UI behavior and improving provisioning consistency.
Slack integration now supports refreshable approval messages. UI enhancements include better MFA prompt flows and additional connector detail columns.
🔐 SailPoint ISC – August 2025 Highlights
Access request approvals now support re-authentication requirements for sensitive or regulated access requests via the Update Access Request Configuration API. Admins can enforce re-authentication through SSO when approving these items.
The Core Access Model now supports attributes with date periods in naming conventions for automatic role assignment, improving clarity and lifecycle alignment.
GenAI now uses source name and source type to generate smarter entitlement descriptions. Governance groups can also review generated content, enabling scalable and accurate access reviews.
The redesigned Admin → Tasks interface improves usability with better filtering, reassignment options, and expanded task visibility. Boosts admin efficiency across workflows.
🔐 CyberArk – August 2025 Highlights
Addresses a high-severity vulnerability in Secure Infrastructure Access, with CVSS score 8.1. Admins should enable PIN-based auth for federated user access to mitigate risks.
"Defender – Access" has been renamed to "Defender – IAM" to reflect CyberArk’s broader identity security scope. Study guides have been updated accordingly.
CyberArk’s new SRS Community Group offers plugin templates, compliance resources, and tenant-wide rotation tips for secrets management at scale.
Plugin lifecycle management, privileged compliance reports, and 10,000-account bulk rotation capabilities have been added—boosting control and visibility.
Addresses a new vulnerability related to Prototype Pollution (CVE-2024-38996) affecting PVWA versions earlier than 14.2.4. Affected environments must upgrade to either 14.2.4 or 14.0.6, depending on compatibility. No temporary mitigation is available, and the issue has not been exploited in the wild per CyberArk. Documentation and download links are provided in the official bulletin.
🌐 StrongDM – August 2025 Highlights
StrongDM now defaults to Virtual Networking Mode (VNM) or loopback mode for resource IP allocation across all major components: Control Plane, CLI (v50.8.0), Terraform Provider (v15.7.0), Java SDK (v15.7.0), Python SDK (v15.7.0), Go SDK (v15.7.0), and Ruby SDK (v15.7.0). This change simplifies Infrastructure-as-Code deployments and ensures that IP addresses are automatically allocated when using VNM, reducing configuration errors. Port override behavior has also been updated to support automatic allocation when updating resources from loopback to VNM.
Certificate-based RDP authentication now supports Windows SIDs in Identity Aliases, eliminating reliance on registry bindings for AD resource compatibility.
New CLI parameter improves automation by allowing VNM mode to be enforced in CLI workflows, aligning with UI behavior and improving provisioning consistency.
Slack integration now supports refreshable approval messages. UI enhancements include better MFA prompt flows and additional connector detail columns.
https://www.thirdwaveidentity.com
https://www.thirdwaveidentity.com
Start writing here...