4.0
Version: cloud_4.0 product release
Date: 10 October 2025
Frontend Framework Upgrade
Upgraded Node.js version to v20.16.0 for frontend build generation.
Spring Boot Upgrade
Migrated the backend framework to Spring Boot v3.4.4 and upgraded multiple dependent libraries.
Amaya Enhancements
Multi-role Support
Supports multiple role assignments if the application supports it.
New Node Types & Capabilities
Conditional Node: Expression builder support using forwarded data variables.
Transformational Node: Modify or add new attributes (primarily used in sync operations).
API Node:
Create/Update/Delete/Role Assign/Unassign operations.
Resolved a bug which previously required calling an additional API to get UID.
Iterator Node: Transform and update object lists for synchronization.
Subflow: Sub-process specifically applicable within an Iterator context.
Run Flow: Allows debugging with mock data to validate flow logic.
Run Request: Preview flow execution with input variables, bypassing actual provisioning.
Quick Setup Templates Updated
New templates added in AMAYA for:
Zoho Expenses
Zoho Books
Zoho CRM
Zoho Desk
SSO Policy
12-hour frequency added for MFA enforcement on applications.
Separation of SSO and PAM
Based on a configuration property, SSO and PAM can now be enabled/disabled independently for flexible access control.
SOD
Enhanced UI with conflict details on Teams & Inbox pages.
Bug fix for handling multiple conflicting rules under the same SoD policy.
External SoD Violation Handling (Preventive)
Preventive approach for checking the potential violation of the user to stop violations from occurring.
Reconciliation
Reconciliation History UI
Users can now view reconciliation summaries directly from the table view.
Reconciliation Improvements
Skip updates if the application is not assigned.
Skip user update if already linked; remarks added to history.
For both-exist update case: if application is not assigned then user update will not happen; remark “Application not present so skipping” added and marked as error.
For both-exist link case: validation added — if the application is already assigned, the user will be skipped and a remark added in the reconciliation history.
Multipod reconciliation support added.
Assign a deleted or inactive user as a manager to users (updation provided to allow creation and updation of users with inactive RM).
Role Reconciliation Enhancements
This release extends reconciliation capabilities to include both users and their associated roles.
Role Synchronization: Along with users, one or more roles (if present) can now be synced into Cymmetri. Supported sources include REST API applications, database applications, and Amaya.
Role Reconciliation Dashboard: A new dashboard provides visibility into roles, with options to keep or remove stale roles (roles not present in the source but existing in Cymmetri).
Suspend to Archive Enhancements
Final delete provisioning call triggered by default unless explicitly disabled.
Property-based toggle: cymmetri.suspend.to.archive.provision.triggered = false disables it.
Suspend During Deletion Logging
Application and status logs are now captured under USER_CHANGE_STATUS for traceability.
Bulk User Actions
Bulk actions introduced via the dashboard:
Lock/Unlock User
Activate/Deactivate User
Delete User
Assign Local Group
Bulk Action Summary Dashboard
Assign Delete Manager to user
Post-Commit Hook for Application Update
New hook: Application Post Update After Commit — provides enhanced support for executing actions after an application update is finally committed in Cymmetri.
Redis Stream Support
Support for JMS with Redis Streams is provided now.
Workflows
Enhanced logic for unique Task ID generation.
Task ID format can now be configured (length, characters).
New notification templates added for application assign / un-assign / update, post-workflow emails:
Target User Notification (the user for whom application event is triggered)
Requester Notification (the user who initiated application event for the target user)
Inbox - Bulk Action: Approvers can perform bulk actions on multiple access requests directly from their inbox (select several requests and approve or reject in one operation).
Pending Workflows – Unclaimed Workflows:
On the Pending Workflows page, workflows not yet claimed will display "UNCLAIMED" in the Current Assign column.
A note will be shown: “Pending claim with group, grade, userlist, or no approver found. See details for actual assignment.”
Annotations
Annotations enable dynamic approver configuration in access reviews and workflows. They can be assigned as reviewers or approvers for both Application and Group Reviews. Supported combinations include:
User only
User + Application
User + Application + Role
User + Group
Approvers can be individual users or groups.
Group Review
Introduced the Group Review capability in access reviews. Admins can now initiate reviews based on:
All Groups
Specific multiple Groups
Specific multiple Applications
Exclusion Access Types in Campaigns
Support for Exclusion Access Types has been introduced in Application Access Review Campaigns, allowing more granular control over which accesses are excluded from reviews. The following types are now supported:
On Create by Provision Rule
On Update by Provision Rule
Exception Applications
Global Applications
On Demand Applications
Data Pipeline
The Data Pipeline enables merging and processing of data from multiple sources for views, such as:
MongoDB to ClickHouse
ClickHouse to ClickHouse
The processed data is stored in ClickHouse, and can be leveraged in hooks, APIs, and for reporting.
Policy Simulator
Cymmetri's Policy Simulator enables rule-based enforcement of access and compliance policies by evaluating "Should" and "Should NOT" scenarios. It identifies access gaps or violations (e.g., missing MFA or conflicting roles) and allows launching targeted review campaigns based on these insights.
CAPTCHA Support
Cymmetri now supports CAPTCHA validation using hCaptcha and Traditional CAPTCHA, enhancing protection against automated and bot-based attacks.
Ticker
The Ticker feature allows administrators to broadcast time-bound text-based updates, announcements, or alerts directly within Cymmetri. Messages can be broadcasted to specific users before and after login based on rules.
Self Registration
Cymmetri now supports configurable Self Registration, allowing users to securely register themselves based on defined parameters and policies.
Sub User Creation
Admins can configure registration fields and hook code for creating and updating sub users (Team Members).
Activation Link
New self-registered users can set their login passwords using the Activation link support.
Reset Password Link
Admins or Managers can send a reset password link to registered users so they can set their login passwords.
Role Management
Cymmetri’s Role Management enhancements improve handling of roles at an individual level, including:
Role-wise Status Management (e.g., Success, Fail) for better visibility and traceability of role lifecycle events.
Single Role Retry Mechanism.
Time-based Role Management with Status Tracking.
Old vs. New Role List Management.
360 Generate Comparison Report
The 360 Degree Reconciliation feature allows pulling user and role information from target applications connected to Cymmetri, enabling comparison of users and their entitlements across applications, the source of truth, and the Cymmetri identity store. Use cases include:
Identities present in Source application but not in Identity Store.
Identities present in Source but not in Target application.
Similar reports for entitlements across applications.
Team Configuration Changes
Admin can provide configuration, registration fields, password reset activation link, and hook code for creating and updating sub users (Team Members).
Admin can configure the Manager Application setting in the Assign Application setting to restrict the Manager to assign and the user to request only applications that are assigned to the manager.
Banner
The Banner feature allows administrators to broadcast time-bound image-based updates, announcements, or alerts directly within Cymmetri. Banners can display scrolling images or carousels and can link to an external page via a valid URL. They can be broadcasted to specific users before and after login based on rules.
Advanced Analytics (Cube.js) – Custom Reports & Dashboards
Enhancements provide more control and flexibility over Cymmetri data:
Custom Reports (Dashlets): End users can create reports with various dimensions and measures.
Export & Share: Download reports as CSV/PDF or send via email.
Custom Dashboards: Combine multiple reports into personalized dashboards for a complete view of KPIs and metrics.
Last updated
Was this helpful?
