2024.05.30

SCIM auto-provisioning  

Reporter now supports SCIM identity providers, such as Microsoft Entra ID and Okta, for user provisioning. SCIM groups can be used to quickly and automatically assign Reporter roles to users in those groups.

Zapier Integration Published

Seamlessly integrate popular applications into your workflow. For instance, connect systems like ServiceNow, Jira, Azure DevOps, or PowerBI. Over time, we'll add more one-click integrations, enhancing your productivity and connectivity.

https://zapier.com/apps/security-reporter

Account Manager Role

We have added an 'Account Manager' role. This role is perfect for delegating client-specific assessment management without granting access to all assessments in the application.

Key Features of the Account Manager Role:

• Client-Specific Access: Account Managers can only access the clients and assessments they are assigned to manage, ensuring focused and secure management.
• Client Creation: Account Managers have the ability to create new clients. They are automatically assigned as the Account Manager for any client they create.
• Assessment Creation: Account Managers can create assessments for their assigned clients. They will automatically be designated as the manager for any assessments they initiate.

The existing 'Project Manager' role has been renamed to 'Project Admin' to highlight the admin-level access they have to all assessments.

Enhancements

• Give and receive quick feedback using Emoji Reactions, avoiding a long comment thread.
• Assessment versioning:
  • See what changes have been made by whom and at what time.
  • Adds the 'Last edited X% by/on' bar to the shared information, internal details, and researcher briefing tabs.
  • Users who can see the tab can see and compare versions of those fields.
• The researcher panel has been rebuilt from the ground up with a cleaner, more modern look, opening the doors to some exciting new features.
• The font casing for the severity scores is now customizable. See the theme options. 
• Finding templates can now be sorted by severity, weight, last used at, and created at.
• SAML2: support nameid-format:emailAddress. This improves the handling of SAML2 responses by attempting to read the user's email address from the NameId element rather than just the attributes. This behavior can be customized to only look for the NameId element or only look at attributes; see the updated documentation.
• Add comment functionality to more finding events, such as finding rejected events after a review.
• New parsers for output files of well-known tools, such as Tenable Nessus, have been added, and existing parsers have been updated.
• You can now add Authorization: Bearer tokens to webhooks.
• Made several performance tweaks for the report generation.

Bug Fixes

• Fixed missing language option in the evaluate new template suggestion form.
• Fixed an issue where headers above h6 would crash PDF report compilation.
• Fixed an issue where the 'reviewed at' timestamp was displayed incorrectly.
• Fixed an issue that would sometimes incorrectly show an 'Unspecified' badge in the findings table on the report.