Product Scoop – November 2022
November is full of security and management capabilities as we push to make it easier to manage and govern across various parts of the platform.
Easier management and increased security for On-Prem Agent (OPA)
Workato uses OPA to access data from your on-prem systems. A single OPA can connect to multiple on-prem applications, but it requires editing a local configuration file to manage it.
Introducing Cloud Profiles for OPA
On-Prem Agent IP Allow List
While each Workato data center has their own IPs to use for outbound allow lists, there is a need to restrict inbound requests to Workato for OPA usage. This is where On-Prem Agent allow lists helps solve for this. Admins can easily add an IP allow list at the group level to restrict agents in the group. These additional IP restrictions will help organizations increase their security by decreasing their network attack surface.
On-Prem Agent (OPA) release 2.15 release and management updates
The 2.15 release introduces Cloud Profiles, which allow you to set up on-prem connections directly in Workato rather than messing with local configuration files. This release also includes other enhancements, which you can read about in the full release notes.
Collaborator roles sync enhancement for SAML SSO
Your identity manager is the source of user truth – so why should you have to recreate roles in Workato? With this SAML SSO role sync enhancement, managing roles just got easier. This feature allows you to sync user roles from your identity provider directly into Workato, simplifying the process of managing access to the platform.
Implementation of this enhancement requires a one-time configuration. Once set up, Workato automatically synchronizes role assignments with the roles configured in the identity provider. This allows you to govern roles you already use without having to duplicate in Workato, allowing for a more efficient way of managing role changes across different workspaces such as in employee onboarding or off-boarding use cases.
What this means:
- Admins no longer need to manage collaborator roles manually on the Workato platform
- Users are able to provision / de-provision environment specific access to your collaborators from their identity provider via custom / system roles.
- Workato roles are automatically synced and updated from user profile data on your organization’s identity provider each time a user signs into Workato via SAML SSO
Read more on SAML SSO roles sync.
AWS Secrets Project Level Management
AWS Secrets Manager is a useful tool for centralizing the storage and use of secrets, such as passwords for important systems. This helps to keep these secrets out of the hands of your users and Workato, and also provides a centralized way to revoke access when needed. In the past, IAM roles were assigned at the Workspace level, but this new update allows admins to have more granular control and assign them at the Project level as well.
Project level Secrets Manager settings allows you to specify Secrets Manager settings at the Project level, which allows connections within the project to assume the role specified in the project settings. This way, you can create project-specific IAM roles to limit the use of secrets to connections within the project. This gives admins more control over who has access to specific systems and can further refine the permissions needed for a given system.
For example, the Marketing Ops team may have multiple projects, and one project may require read/write access to Snowflake for automation purposes, while another project and set of users may only need read access. This can all be managed within the same Marketing Ops workspace, but with more granular control at the Project level.
Read more on AWS secrets manager for project level access.
Granular Permissions for Environment Properties
Workato places a strong emphasis on governance and security. To provide more granular permissions across the platform, properties are now called “Environment properties.” These properties are global and apply to the environment level. They can be useful for setting commonly used values such as a sender email address or URL for an application that can be accessed across Recipes.
However, it’s important to have control over who can modify these properties. The new permissions levels of View, Edit, Create, and Delete allow admins to govern who has access to these properties and what actions they can take with them. This helps to ensure that common properties are used correctly and not accidentally modified by unauthorized users.
Connector Highlights: New Oracle Fusion Cloud & Excel enhancements
Oracle Fusion Cloud
The Oracle Fusion Cloud platform connector is a new tool that allows you to automate processes across various Oracle Fusion Cloud modules such as CRM, Financials, Procurement, HCM, and SCM. It supports objects across these modules, including CRUD operations and extensive search support, as well as batch and object triggers. This is huge for Oracle Fusion users who need to automate processes related to HR, sales and marketing, and finance.
Check out the Oracle Fusion Cloud connector documentation to learn more.
Excel Connector Enhancements
Getting data out of Excel has always been easy, but what about adding or updating? Excel docs are still, and will likely be a system of record for quite some time. With the new Excel actions such as Add rows or Add Bulk rows, Update row and Search rows, users can create automations that add rows to easily append records in an Excel doc or simply update a given row.
This is useful when Excel is not just a one time simple datasource to read information from, but to help keep the Excel docs alive and up-to-date. Think about a simple example of having a price list in an Excel doc – when a sales manager adds a new product or updates a price in Excel, they would want that change to flow down into their quoting and invoicing tools. New triggers, that are are also available, can respond when a new row is added or updated allowing for recipes to respond to Excel change and update downstream systems.