🔐 SailPoint ISC Updates – June 2025 Highlights
Admins can now fully revoke access across all connected sources automatically when a user’s lifecycle status changes to terminated. This update introduces smarter, rules-based deprovisioning and avoids gaps due to missed certifications or manual errors. All assigned access (entitlements, roles, access profiles) is revoked instantly—no approval delays.
ISC now supports automatic access removal when a Role definition is updated. When an entitlement or access profile is removed from a Role, access is revoked from users assigned to that Role. This helps enforce least privilege policies and keep assignments aligned with intended access design.
A new MySailPoint widget now highlights sources with blank entitlement descriptions, helping admins clean up metadata and generate suggested descriptions. This visibility helps improve certification accuracy and entitlement clarity across platforms like Workday, SAP, and Box.
SailPoint ISC now supports a Credential Provider integration for BeyondTrust Password Safe (Cloud). This allows for secure, automated credential cycling and retrieval without manual updates—enhancing PAM workflows with just-in-time credential injection.
🔐 CyberArk Patch Summary – June 2025 Highlights
A critical vulnerability affecting CyberArk Secrets Manager, Self-Hosted (Conjur Enterprise) has been disclosed and patched. The chain of CVEs (score: 9.1) can allow unauthenticated remote code execution. All versions are affected — customers are urged to upgrade to 13.6.1 or 13.5.1 depending on their installed version. No known exploits have occurred in the wild, but mitigation is only partial without patching.
CyberArk will be removing the “Transparent Connection” feature from PVWA by the end of 2025. Customers using “Connect from Web Portal to Target Device” are advised to migrate to Privileged Session Manager (PSM) workflows to maintain secure connectivity and detailed audit capabilities.
CyberArk’s new Trust Center is now live, offering external stakeholders access to compliance documentation like SOC 2, ISO 27001, and HIPAA reports. This self-service portal improves transparency and simplifies due diligence for security, risk, and procurement teams.
CyberArk has reintroduced Community Self-Registration with an upgraded and secure onboarding flow. Users can now register via role-specific paths: Customer, Partner, or Learner. Complete with time-limited passcodes, stricter validation, and email verification.
🌐 StrongDM & Infrastructure – June 2025 Highlights
StrongDM now offers full platform support for Aerospike, a distributed NoSQL database. You can now manage Aerospike resources directly through the admin UI, CLI, Terraform, and all major SDKs (Go, Java, Python, Ruby).
The workflow assignments and history services have been deprecated due to low utilization. Legacy SDKs will no longer support these services. Admins can still inspect access rules via the CLI:
sdm admin workflow list workflow-assignments
sdm audit workflow-assignments
StrongDM has set new minimum supported versions for production environments:
• Desktop App: 21.72.0
• CLI: 42.42.0
Numerous updates across Control Plane, CLI, and SDKs:
• TLS over DB2 LUN toggle support
• CLI supports SDM node install logic
• Workflow update bug fixed
• Alias and CA bugfixes implemented
🔐 SailPoint ISC Updates – June 2025 Highlights
Admins can now fully revoke access across all connected sources automatically when a user’s lifecycle status changes to terminated. This update introduces smarter, rules-based deprovisioning and avoids gaps due to missed certifications or manual errors. All assigned access (entitlements, roles, access profiles) is revoked instantly—no approval delays.
ISC now supports automatic access removal when a Role definition is updated. When an entitlement or access profile is removed from a Role, access is revoked from users assigned to that Role. This helps enforce least privilege policies and keep assignments aligned with intended access design.
A new MySailPoint widget now highlights sources with blank entitlement descriptions, helping admins clean up metadata and generate suggested descriptions. This visibility helps improve certification accuracy and entitlement clarity across platforms like Workday, SAP, and Box.
SailPoint ISC now supports a Credential Provider integration for BeyondTrust Password Safe (Cloud). This allows for secure, automated credential cycling and retrieval without manual updates—enhancing PAM workflows with just-in-time credential injection.
🔐 CyberArk Patch Summary – June 2025 Highlights
A critical vulnerability affecting CyberArk Secrets Manager, Self-Hosted (Conjur Enterprise) has been disclosed and patched. The chain of CVEs (score: 9.1) can allow unauthenticated remote code execution. All versions are affected — customers are urged to upgrade to 13.6.1 or 13.5.1 depending on their installed version. No known exploits have occurred in the wild, but mitigation is only partial without patching.
CyberArk will be removing the “Transparent Connection” feature from PVWA by the end of 2025. Customers using “Connect from Web Portal to Target Device” are advised to migrate to Privileged Session Manager (PSM) workflows to maintain secure connectivity and detailed audit capabilities.
CyberArk’s new Trust Center is now live, offering external stakeholders access to compliance documentation like SOC 2, ISO 27001, and HIPAA reports. This self-service portal improves transparency and simplifies due diligence for security, risk, and procurement teams.
CyberArk has reintroduced Community Self-Registration with an upgraded and secure onboarding flow. Users can now register via role-specific paths: Customer, Partner, or Learner. Complete with time-limited passcodes, stricter validation, and email verification.
🌐 StrongDM & Infrastructure – June 2025 Highlights
StrongDM now offers full platform support for Aerospike, a distributed NoSQL database. You can now manage Aerospike resources directly through the admin UI, CLI, Terraform, and all major SDKs (Go, Java, Python, Ruby).
The workflow assignments and history services have been deprecated due to low utilization. Legacy SDKs will no longer support these services. Admins can still inspect access rules via the CLI:
sdm admin workflow list workflow-assignments
sdm audit workflow-assignments
StrongDM has set new minimum supported versions for production environments:
• Desktop App: 21.72.0
• CLI: 42.42.0
Numerous updates across Control Plane, CLI, and SDKs:
• TLS over DB2 LUN toggle support
• CLI supports SDM node install logic
• Workflow update bug fixed
• Alias and CA bugfixes implemented
https://www.thirdwaveidentity.com
https://www.thirdwaveidentity.com