July 2025

Admins can now automate access removal by configuring a lifecycle state for terminated users. When enabled, the “Remove All Access” feature instantly revokes all access—roles, access profiles, and entitlements—without needing approvals. This greatly enhances compliance and ensures faster deprovisioning across cloud-connected systems.

A new campaign template feature in Data Access Security allows compliance teams to create pre-defined certification campaigns that can run on a schedule or be launched manually. These templates store key parameters like title, filters, reviewers, and scheduling info—making recurring audits easier to deploy and manage.

Two new SailPoint workflow triggers improve automation around lifecycle events: Identity Lifecycle State Changed and Identity Lifecycle State Change Processed. These additions help enforce business rules and provisioning logic with greater precision.

TDR merges UBA and ISI into one AI-driven layer for contextual alerting and smarter correlation via CORA AI™. Automatic enablement starts July 31.

A high-severity vulnerability has been disclosed affecting multiple CyberArk components, including Secrets Manager (prior to v1.5.0), Certificate Manager, SSH Manager, and Code Sign Manager. These issues may lead to denial of service (DoS) or other critical impact. Patches are available and immediate upgrades are strongly recommended.

CyberArk is inviting customers to join new early access and design partner programs for cloud-native security initiatives including Secure AI Agents, Cloud Discovery, Unified Cloud Directory, and Secure Workload Access.

The latest Desktop App release introduces major improvements to rendering within the resource list. These changes significantly reduce layout shift, resulting in a smoother, snappier user experience and a more performant UI overall.

When configured with SDM_ORCHESTRATOR_PROBES, proxy workers now shut down orchestrator probes and wait 90 seconds for existing connections to drain before completing a shutdown. This update helps ensure graceful disconnections and minimises disruption during upgrades or maintenance.

Admins can now download diagnostics and logs in bulk from the Gateways, Relays, and Proxy Clusters pages in the Admin UI. This capability is especially useful for troubleshooting environments with many distributed nodes.

IdentityIQ 8.5 introduces seamless access request approvals directly within Microsoft Teams. Approvers can now Accept, Deny, Forward, or Assign requests, view work item details, and check policy violations—without leaving their collaboration tool.

Managing large entitlement catalogs is now easier with IdentityIQ 8.5’s GenAI-based description generator. Using large language models, the system auto-suggests accurate, human-readable entitlement descriptions, reducing manual effort and improving clarity across your access reviews and certifications.

To improve data privacy, IdentityIQ 8.5 introduces fine-grained controls for restricting visibility of sensitive identity attributes. Admins can now define exactly who can view personal or confidential fields, like PII or access-related metadata—across Identity Warehouse, Access Reviews, and more—ensuring only users with a legitimate purpose can access this data.

SailPoint has released a new integration between IdentityIQ 8.5 and Non-Employee Risk Management (NERM). This powerful link eliminates the need for custom-built connectors, standardises how non-employee profiles are managed, and allows IdentityIQ to treat NERM as an authoritative source. It supports faster provisioning, improved data integrity, and centralised visibility over third-party identities such as vendors and contractors.

IdentityIQ 8.5 includes extensive UI/UX upgrades for improved usability: revamped Manage Access flow with Sunrise/Sunset date refinements, new filters (Role Owner and Access Type), smarter sorting and due date visibility in reviews, “Show Classifications” toggle in entitlement certifications, and full migration to Angular 18 on key pages.