Keep up with the latest updates we’ve made in Workato.
Safely retrieve secrets and API tokens, with HashiCorp Vault
We’re excited to share that Workato now supports HashiCorp Vault secrets engine, a security feature many of our customers have been asking for.
HashiCorp Vault is an external secrets manager that lets you store and retrieve passwords and API tokens in a secure way. And trust us, this comes in super handy when you create or update a connection on Workato.
API Clients enhanced
We introduced API Clients for Developer APIs this January, which allows users to grant clients granular role and project-based app access. It’s now enhanced with:
- IP Whitelisting
- Developer APIs to manage API clients
- Support for project-level lookup tables, project properties, API Platform collections and API Platform Clients
- Recipe Operator connector support for API Client tokens
See API Clients’ documentation for more.
More audit controls for workspace security
More audit events have been added, to track changes to a workspace’s security and permissions settings.
This allows admins more visibility to troubleshoot changes.
Get real-time status alerts for incidents
Configure client access with greater security
SCIM Provisioning allows our customers to automate the entire user lifecycle management process. From the time a user joins the company and needs access to Workato (provisioning), requires more privileges (profile updates), and finally, to the time they leave (de-provisioning). This eliminates any manual and error prone actions that IT admins must take on the Workato platform as provisioning actions will be automatically synced with their identity provider (IdP) like Okta, OneLogin etc.. This release includes:
- Full lifecycle management actions (Create users, update user attributes like workato_role, and de-provision users with supported IdP's like Okta, OneLogin, CyberArk Idaptive)
- Ability to provision single or multiple Workato Workspaces from identity platforms
- Ability to remove environment / Workspace access from identity platforms
- Ability to provision, update, de-provision users at the individual or group level
- Track all access related changes on audit logs across all environments and differentiate between automatic and manual changes
Learn more about account provisioning with SCIM by checking out the documentation.
On-Prem Agent IP Allow List
While each Workato data center has its own IPs to use for outbound allow lists, there is a need to restrict inbound requests to Workato for OPA usage. This is where the On-Prem Agent allow lists helps solve for this. Admins can easily add an IP allow list at the group level to restrict agents in the group. These additional IP restrictions will help organizations increase their security by decreasing their network attack surface.
Granular Permissions for Environment Properties
As part of an effort to provide more granular permissions across the platform, Properties are now called “Environment Properties” as they are global properties on an environment level. This allows more control and protection when using Environment Properties.
Previously “full access” was the only permission. New permissions are now available:
- Edit records,
Collaborator roles sync enhancement for SAML SSO
With this SAML SSO enhancement, you will now be able to manage the roles of your collaborators from your identity provider that you used to configure SAML SSO. This allows you to govern roles you already use without having to duplicate in Workato, allowing for a more efficient way of managing role changes across different workspaces.
What this means:
- Admins no longer need to manage collaborator roles manually on the Workato platform
- Users are able to provision / de-provision environment-specific access to your collaborators from their identity provider via custom / system roles.
- Workato roles are automatically synced and updated from user profile data on your organization’s identity provider each time a user signs into Workato via SAML SSO