Changelog

We’re excited to share that Workato now supports HashiCorp Vault secrets engine, a security feature many of our customers have been asking for.

HashiCorp Vault is an external secrets manager that lets you store and retrieve passwords and API tokens in a secure way. And trust us, this comes in super handy when you create or update a connection on Workato.

Here’s a quick guide on setting it up for your workspaces.

We introduced API Clients for Developer APIs this January, which allows users to grant clients granular role and project-based app access. It’s now enhanced with:

• IP Whitelisting
• Developer APIs to manage API clients
• Support for project-level lookup tables, project properties, API Platform collections and API Platform Clients
• Recipe Operator connector support for API Client tokens

See API Clients’ documentation for more.

More audit events have been added, to track changes to a workspace’s security and permissions settings.

This allows admins more visibility to troubleshoot changes.

See the full list of account activities tracked.

We have launched status pages for each region, so users can monitor our systems’ status, check for incidents—and subscribe to email updates.

• USA status page
• Europe status page
• Singapore status page
• Japan status page 

With API Clients, users can now grant clients granular role and project-based app access. For greater security, view-once tokens are now available. Read this update’s documentation, or go to the revamped Workspace Access to start configuring.

SCIM Provisioning allows our customers to automate the entire user lifecycle management process. From the time a user joins the company and needs access to Workato (provisioning), requires more privileges (profile updates), and finally, to the time they leave (de-provisioning). This eliminates any manual and error prone actions that IT admins must take on the Workato platform as provisioning actions will be automatically synced with their identity provider (IdP) like Okta, OneLogin etc..  This release includes:

• Full lifecycle management actions (Create users, update user attributes like workato_role, and de-provision users with supported IdP's like Okta, OneLogin, CyberArk Idaptive)
• Ability to provision single or multiple Workato Workspaces from identity platforms
• Ability to remove environment / Workspace access from identity platforms
• Ability to provision, update, de-provision users at the individual or group level
• Track all access related changes on audit logs across all environments and differentiate between automatic and manual changes

Learn more about account provisioning with SCIM by checking out the documentation.

While each Workato data center has its own IPs to use for outbound allow lists, there is a need to restrict inbound requests to Workato for OPA usage.  This is where the On-Prem Agent allow lists helps solve for this.  Admins can easily add an IP allow list at the group level to restrict agents in the group. These additional IP restrictions will help organizations increase their security by decreasing their network attack surface. 

As part of an effort to provide more granular permissions across the platform, Properties are now called “Environment Properties” as they are global properties on an environment level. This allows more control and protection when using Environment Properties.

Previously “full access” was the only permission.  New permissions are now available:

• View 
• Edit records,
• Create
• Delete

With this SAML SSO enhancement, you will now be able to manage the roles of your collaborators from your identity provider that you used to configure SAML SSO. This allows you to govern roles you already use without having to duplicate in Workato, allowing for a more efficient way of managing role changes across different workspaces.

What this means:

• Admins no longer need to manage collaborator roles manually on the Workato platform
• Users are able to provision / de-provision environment-specific access to your collaborators from their identity provider via custom / system roles.
• Workato roles are automatically synced and updated from user profile data on your organization’s identity provider each time a user signs into Workato via SAML SSO

Customers can now choose to host their Workato instance in the new Singapore data center.