Community Newsletter: December 2023
Here's what's been happening in the world of Common Fate over the past month:
Enterprise Privileged Access Management
Exciting news! The enterprise version of our open-source privileged access management framework has been officially released and is ready for deployment. This enterprise edition comes with a host of features and integrations designed to elevate your privileged access management capabilities:
- GCP Support: JIT access workflows for Google Cloud Platform.
- Advanced Policy Layer: Allows for conditional approval based on user and resource attributes, such as tags associated with an account.
- Managed IAM Policies for GCP and AWS: Incorporate best practices and secure policies continuously audited and refined by the Common Fate team.
- On-call Integration: Grant access automatically when a user is on an on-call rotation with OpsGenie and/or PagerDuty integration.
- Improved Slack Integration: Approve Access Requests directly from Slack without needing to open the Common Fate web application.
- Support: Support SLA (24x5) with a dedicated Slack Connect channel.
- SCIM User Provisioning: User profile synchronization via industry-standard SCIM (rather than custom integrations, as is used in Common Fate OSS).
- Multi-region and Multi-cloud High Availability: Host the Common Fate Access Plane workers across multiple regions and cloud providers to improve availability.
Identity Risk Index Assessments
Looking ahead to the coming year, we are actively developing a free identity risk assessment service. This service aims to help you identify and manage risk in crucial areas such as:
- Excessive Permissions
- Policy Misconfiguration
- Privileged Access
If you’d like a FREE identity risk assessment, let us know here and we’ll be in touch early in 2024.
In our ongoing commitment to enhancing Granted, we're excited to share the latest updates:
Generate JSON output for SSO token expiry
sso-tokens expiry --json to print the SSO token expiry in JSON. Additionally, you can use jq to filter and display only the expired tokens in JSON format:
granted sso-tokens expiry --json | jq -r '[. | select(.is_expired == true)]'
Added TTY support for --exec
--exec now uses the shell script to execute commands instead of Go; this enables TTY applications to work as expected.
ExportSSOToken Configuration and --export-sso-token Flag
@cedieio has introduced the
--export-sso-token flag, which exports the SSO token to ~/.aws/sso/cache. The ExportSSOToken configuration automatically exports the SSO token by default.
A big shoutout to our first-time contributors:
- @eserte made their first contribution in #552
- @paulhobbel made their first contribution in #553
- @cedieio made their first contribution in #518
- @Mallear made their first contribution in #561
- @XargsUK made their first contribution in #559
For a comprehensive list of updates, check our changelog.
As the year comes to an end, we want to express our gratitude for being a part of our community. We are so thankful for your support and excited to continue this journey with you into 2024, with exciting things in store. Happy holidays!
Until next time,
The Common Fate Team