Changelog

SCIM Provisioning allows our customers to automate the entire user lifecycle management process. From the time a user joins the company and needs access to Workato (provisioning), requires more privileges (profile updates), and finally, to the time they leave (de-provisioning). This eliminates any manual and error prone actions that IT admins must take on the Workato platform as provisioning actions will be automatically synced with their identity provider (IdP) like Okta, OneLogin etc..  This release includes:

• Full lifecycle management actions (Create users, update user attributes like workato_role, and de-provision users with supported IdP's like Okta, OneLogin, CyberArk Idaptive)
• Ability to provision single or multiple Workato Workspaces from identity platforms
• Ability to remove environment / Workspace access from identity platforms
• Ability to provision, update, de-provision users at the individual or group level
• Track all access related changes on audit logs across all environments and differentiate between automatic and manual changes

Learn more about account provisioning with SCIM by checking out the documentation.

While each Workato data center has its own IPs to use for outbound allow lists, there is a need to restrict inbound requests to Workato for OPA usage.  This is where the On-Prem Agent allow lists helps solve for this.  Admins can easily add an IP allow list at the group level to restrict agents in the group. These additional IP restrictions will help organizations increase their security by decreasing their network attack surface. 

As part of an effort to provide more granular permissions across the platform, Properties are now called “Environment Properties” as they are global properties on an environment level. This allows more control and protection when using Environment Properties.

Previously “full access” was the only permission.  New permissions are now available:

• View 
• Edit records,
• Create
• Delete

With this SAML SSO enhancement, you will now be able to manage the roles of your collaborators from your identity provider that you used to configure SAML SSO. This allows you to govern roles you already use without having to duplicate in Workato, allowing for a more efficient way of managing role changes across different workspaces.

What this means:

• Admins no longer need to manage collaborator roles manually on the Workato platform
• Users are able to provision / de-provision environment-specific access to your collaborators from their identity provider via custom / system roles.
• Workato roles are automatically synced and updated from user profile data on your organization’s identity provider each time a user signs into Workato via SAML SSO

Customers can now choose to host their Workato instance in the new Singapore data center.

You can now use AWS Secrets Manager to store credentials for Workato connections. Revoke access to any secret at any time, and rotate secrets as you need.

Generate a unique sharing link for a recipe or custom connector on demand. You can revoke a link at any time to limit the window in which your assets are available.

Maintain total control over your own data by bringing your own master encryption key. Rotate whenever you need to and revoke access instantly at any time.

Protect PII and sensitive data by configuring recipes not to store any data in job logs.