Changelog

AWS IAM Role Sharing is now available for Automation HQ (AHQ) customers, streamlining AWS access management across parent and child workspaces:

• When enabled, child workspaces now inherit the same External ID as the parent workspace's environment, removing the need to manage workspace unique IDs individually.
• Simplifies access control for AWS resources like Secrets Manager, S3, and IAM-authenticated connectors.
• Improves security and governance by enforcing consistent IAM policies across all workspaces.
• Reduces administrative overhead and minimizes compliance risks for enterprises with complex AHQ environments.

Learn more in the AWS IAM Role Sharing documentation.

To prevent unauthorized access to your Workato workspaces, password reset links will have a validity period of 10 minutes from the time of request. This update is now in effect for all users.

Workato now supports Client Credentials-based authentication across all Microsoft Suite applications, including Excel and Outlook, enabling enterprise-grade security and efficiency:

• Improved Security: Application-level access eliminates user dependencies, enhancing data protection and reducing risk.
• Streamlined Maintenance: Simplifies setup by removing reliance on individual user credentials, lowering administrative overhead.
• Cost Efficiency: Optimized license management reduces costs associated with user-specific access.

Learn more in our Microsoft Suite Documentation.

We’re excited to share that Workato has achieved PCI DSS Level 1 (v4.0), ISO 27001, and ISO 27701 certifications. These milestones reinforce our commitment to safeguarding customer data and providing a secure platform for industries like financial services, fintech, e-commerce, and retail to build trusted, compliant workflows with confidence. Check out our certifications here.

Several changes have been made to provide clarity about each setting, and promote discoverability of settings that could serve your needs. These settings can be found in Workspace admin > Settings.

• Renaming of Profile tab to General
  • Addition of Workspace email display
  • Migrated Session timeout duration from personal profile to workspace settings
• Renaming of Authentication provisioning tab to Authentication, with new subsections of Login methods and SCIM provisioning
• Renaming of Project notifications tab to Error alerts
• Separation of Debugging into Network trace and Log streaming tabs
• Renaming of Key management tab to Encryption keys
• Renaming of Secrets management to External secrets manager
• Renaming of Advanced settings to Amazon Web Services IAM
• Introduction of environment tags (Dev, Test, Prod) on environment-specific settings

Available features vary depending on purchased add-ons and privilege levels determined by role-based access control.

• On-prem secrets management: Connect Conjur to a running on-prem group (Conjur Enterprise / Conjur Open Source) for a full on-prem configuration
• Credential rotation: Call the clear_cache API to retrieve the latest secret versions if credential rotation is enabled on Conjur

In the event Workato is unable to stream a log to the specified destination, Workato will retry sending the log repeatedly using an exponential backoff formula. To enable this, logs are kept in a persistent cache until:

1. The audit log reaches its destination successfully, or
2. Seven (7) days have passed.

Each retry attempt is logged in the Workato Logs service for visibility into the process.

Our latest update introduces a new Deployment permission for deploying project across environments. Effective December 12, 2023, users need this permission in both Development and target environments in order to deploy, replacing the Recipe lifecycle management requirement.

The Deployment permission is enabled for system roles and custom roles as follows:

• Admin: Enabled
• Analyst: Enabled
• Operator: Disabled
• Custom: Disabled until an admin manually enables it

This security enhancement provides better control over who can deploy to production or test environments by separating deployment permissions from recipe lifecycle management permissions.

The developer API just got more powerful with the addition of the user resource. This new set of endpoints allows you to perform the following actions:

• Get details of the authenticated user
• Get a list of members in your workspace
• Get details about a user you specify
• Get the role and privileges for a workspace user you specify

Starting today, we're allowing our users to opt in remove access to their collaborator's personal Workato workspaces so that they'll only be able to build inside of pre-approved  workspace. For companies with strict security and compliance protocols, we highly recommend opting in to this security update as this leaves no action taken by your collaborators unlogged and unauditable. This change is compatible with both direct and embed customer accounts.

For maximum activity logging, we recommend setting up audit log streaming too!