Release Date: 2025-08-18
Certificate Manager
Bug fixes
| Item | Description |
|---|---|
| SSGR-6900 | Fixed a bug where, in the Certificate authorities screen, the filters Name and Created by were filtering values from each other. |
DevOps Secret Manager
Bug fixes
| Item | Description |
|---|---|
| SSGR-7042 | Fixed the processing of updates to “child credentials” linked to secrets in Azure KeyVault. Previously, changing a “child credential” did not trigger automatic secret rotation, disrupting the expected functionality. Now, updating any linked credential correctly triggers the rotation of the parent secret, restoring the behavior of version 3.33. See the documentation How to integrate the Segura® Platform DevOps Secret Manager and the Azure Key Vault |
Discovery
Bug fixes
| Item | Description |
|---|---|
| SSGR-7206 | Improved scan speed in the Discovery module, reducing the time required to locate and identify devices in the network. This update provides a faster and more efficient experience for users working in environments with a high number of assets. |
Domum Remote Access
Bug fixes
| Item | Description |
|---|---|
| SSGR-7216 | Fixed an error where, when confirming the selection of multiple devices from a domain credential, only one credential was displayed. |
EPM Windows
Bug fixes
| Item | Description |
|---|---|
| EPM-679 | User validation fix in EPM, resolved an issue that could open multiple connections during user validation, overloading the Segura® server. Validation is now handled correctly through the logged-in session. |
| EPM-411 | After MFA validation during sign-in, EPM Windows now supports resetting an expired Windows password. When Windows reports the password is expired, a dedicated Password reset screen appears so users can enter and confirm a new password and complete sign-in without IT assistance, preserving secure access continuity. See the documentation How to Reset an Expired Windows Password with EPM and MFA |
MySafe
Product Updates
| Item | Description |
|---|---|
| SSGR-6814 | Improved the batch file import process in MySafe in a SaaS Shared environment, making imports via the tool’s spreadsheet much faster and free of delays. |
PAM - Credential Management
New Feature
| Item | Description |
|---|---|
| SSGR-6705 | Added a field to describe the justification for a credential not being managed when it doesn't have password rotation enabled. See the documentation Credentials registration. See the documentation How to setup up a credential. |
| SSGR-6965 | Added a parameter in the Application tab under System parameters to enable or disable the justification for not rotating a credential. See the documentation Application. |
Product Updates
| Item | Description |
|---|---|
| SSGR-6713 | Removed the Just-in-time and Last view fields from the report displayed in All credentials. These fields will still be available in the exported {{.csv}} report. See the documentation All credentials. |
| SSGR-7123 | Implemented the visualization of the complete list of devices available to be associated with a credential. |
PAM - Session Management
Bug fixes
| Item | Description |
|---|---|
| SSGR-7071 | Fixed the session drop when using Continuous Identification in full screen mode in a Web Proxy or RDP Proxy session. |
| SSGR-6318 | Fixed performance issues in SaaS clients when using the Database Proxy MSSQL Studio. |
Product Updates
| Item | Description |
|---|---|
| SSGR-7058 | Fixed the missing option to start a session with an SSH key from the action menu available in the SSH Keys report record. |
| SSGR-6976 | Added the ID field as the first field in the records displayed in the RemoteApp report, following the standardization of other Segura® reports. See the documentation RemoteApp. |
| SSGR-7066 | Implemented a restriction to prevent creating an access policy with a name already in use. Each policy must have a unique name. See the documentation How to add an access policies. |
| SSGR-7226 | Implemented the association of multiple access policies to a device, preserving the rules and controls of each policy. |
| SSGR-7087 | The system information banner that appeared after logging in through the Terminal Proxy has been removed. From now on, only the Segura Shell message is displayed, following security best practices. |
| SSGR-6805 | Fixed the reload behavior of the waiting page when a request was rejected, allowing the user to return to the page flow normally. |
| SSGR-6580 | Fixed broken characters in the QRCode image displayed on terminals during proxy sessions, and the issue where the authorization link wasn't fully displayed. |
Settings
New Feature
| Item | Description |
|---|---|
| SSGR-6325 | Configuration adjustments were implemented to ensure compatibility with OpenID providers that do not accept the WantAssertionSigned and WantSAMLResponseSigned parameters directly in the AuthnRequest. Previously, the integration failed with IdPs that rejected these specific parameters. Now, Segura® offers flexible configuration options to support different types of IdPs. |
| SSGR-6013 | Modified the business rule for user review expiration. Previously, users automatically lost access when the review deadline expired without owner action. Now, roles and access policies are retained even after deadline expiration, while administrator notifications remain active with updated messaging, ensuring continuous access while maintaining review visibility. |
Product Updates
| Item | Description |
|---|---|
| SSGR-7225 | Implemented administrator user groups as an additional layer to define users who can edit devices. The solution allows multiple users to manage devices through groups centrally managed by Sysadmin, maintaining complete auditing and granular access controls. This functionality resolves the current limitation where only direct owners or access policy members can administer devices, creating an additional rule to assign multiple administrators more easily. |
| SSGR-7105 | Fixed access control to segregated parameters for custom operator roles. Previously, users with operational roles could access system parameters that should remain restricted, compromising segregation of sensitive configurations. Now, the system properly applies access restrictions based on role context, ensuring operators see only parameters appropriate to their authorization level. |
| SSGR-7043 | Has been implemented a conditional control to hide Self Service menu based on system parameters. Previously, Self Requests items appeared always visible in the interface, regardless of context or specific configurations like dynamic processing. Now, the system automatically controls menu visibility according to applicable settings, displaying only relevant functionalities for each usage scenario. |
| SSGR-7217 | The SSO authentication process has been fixed to automatically reactivate inactive users with valid entitlements. Previously, users deactivated due to missing base entitlements remained blocked even after obtaining correct permissions, requiring full integration execution for reactivation. Now, the system checks and automatically reactivates users during SSO login when valid entitlements are detected, eliminating unnecessary downtime periods. |
| SSGR-6613 | Have been implemented the email template layouts for Self-service Panel request flow notifications. Previously, notifications used generic formats without visual standardization. Now, the system features specific templates for all request states (creation, approval, rejection, and cancellation) across access, administration, transfer, and account provisioning flows, providing clearer communication and consistent experience for users and approvers. |
| SSGR-6413 | Has been implemented in Segura Platform the OIDC login support using preferred_username field (or other configurable mapped field). Previously, users could only authenticate when local username matched email format. Now, the system supports flexible username mapping through configurable field selection, enabling authentication with non-email usernames and ensuring broader compatibility with diverse identity provider configurations. |