Documentation Index

Fetch the complete documentation index at: https://docs.senhasegura.io/llms.txt

Use this file to discover all available pages before exploring further.

Changelog and Upgrade Notes are now Release Notes. We've unified both so you can find everything about each version in one place.

Segura® Platform v4.2.1

Prev Next

In this article


About this release

On March 18, 2026, we released version 4.2.1 of Segura® Platform. The release includes 17 changes across 5 modules.

  • Release date: 2026-03-18

For information on how to update Segura® Platform, see Update Segura®.


Release highlights

Reporting Interface Usability Improvements

This release introduces several usability improvements to the reporting interface, designed to improve navigation and interaction with large datasets.

New Report Screen - Group action buttons - Light Mode.png

What's new

  • Fixed horizontal scrollbar at the bottom of the window.
  • Sticky action column on the right side of tables.
  • Dynamic column width adjustment based on content.
  • Tooltips when hovering over action buttons.
  • Consistent visual standards applied across reports.
  • Full compatibility with light mode and dark mode.

Customer impact

These improvements enhance the usability of large reports, allowing security analysts and auditors to navigate complex datasets more efficiently while maintaining visual context and quick access to actions.

Just-in-Time (JIT) Windows Access with Kerberos

Grant Just-in-Time (JIT) access to Windows environments using Kerberos authentication.

With this feature, PAM can automatically create a temporary Windows user account at the moment access is requested and remove it immediately after the session ends.

What's new

  • Automated creation of temporary Windows accounts using Ansible templates.
  • Automatic account removal after session completion.
  • Kerberos authentication support.
  • Integration with Network Connector.
  • Support for domain-context environments with locally created users.

How it works

We are providing two new automation templates:

  • Windows User Creation Template.
  • Windows User Removal Template.

When a user requests access to a Windows server:

  1. A temporary account is automatically created.
  2. The user connects using this ephemeral credential.
  3. Once the session ends, the account is automatically removed.

For more information, refer to How to provision JIT local Windows accounts with Kerberos via Ansible.

Customer impact

This feature eliminates the need for permanent privileged accounts, reducing the risk of credential compromise.

Additionally, it supports Zero Trust strategies by ensuring privileged credentials only exist during the authorized access window, with full traceability for each session.

OAuth2 and HTTP PATCH Support for cURL Executor

The cURL password management executor has been enhanced to support modern API authentication requirements.

What's new

  • Support for the OAuth2 scope parameter in set-oauth2 authentication templates.
  • Support for HTTP PATCH requests.
  • Expanded compatibility with REST APIs.

Customer impact

This enhancement enables automated password management integrations with services such as Microsoft Entra ID (formerly Azure AD) and other platforms that require OAuth2 scope parameters and PATCH-based password update operations.

It expands the automation capabilities of the cURL executor, allowing administrators to integrate PAM workflows with enterprise APIs.

For more information, refer to Executors syntax.


Changelog

PAM Core

Added

Item Description
SSGR-8784 Added support for Just-in-Time (JIT) ephemeral account provisioning using Kerberos authentication via Ansible. This enhancement enables automated creation and deletion of local Windows accounts through Ansible templates, removing the need for permanent administrative credentials and NTLM authentication. For more information: How to provision JIT local Windows accounts with Kerberos via Ansible.

Changed

Item Description
SSGR-9868 Improved navigation for managing Audited Commands approvers.

Fixed

Item Description
SSGR-9830 Fixed an issue in Database Proxy that caused all database sessions to return an HTTP 500 error during initialization at the /api/proxy/session endpoint.
SSGR-8684 Fixed an issue that caused RDP sessions (via RDP Proxy and Web Proxy) to disconnect unexpectedly when using the copy and paste functionality.
SSGR-8797 Fixed a recurring issue where AdHoc sessions using RemoteApp would fail to start, resulting in an "Upstream error".
SSGR-9892 Fixed error preventing SSH session start on Cisco devices.
SSGR-10161 Fixed session disconnection when navigating folders in WinSCP.
SSGR-10042 Restored the X11 connectivity option for web sessions, which was removed in the previous update.
SSGR-9821 Fixed an issue in the Last used credentials and Most used credentials panels where, when attempting to start remote sessions with domain credentials, the system would direct the connection to the domain controller where the credential was registered, instead of the previously used domain device.
SSGR-8728 Fixed an issue where attempting to upload files larger than 4MB via the Drag and Drop feature on a Linux session using Web Proxy resulted in an error and terminated the session without the file fully uploaded.

EPM Windows

Fixed

Item Description
SSGR-8927 Updated Parameters field documentation for RemoteApp. For more information: Automation for EPM Windows.

Executions

Changed

Item Description
SSGR-4769 Added support for the HTTP PATCH method in the cURL executor and for the scope parameter in the set-oauth2 authentication template, enabling integration with modern APIs to automate password changes via OAuth2. For more information: Executors syntax.

Framework

Changed

Item Description
SSGR-6681 Improved user experience in the Segura® Platform reports. Now, every option in the Actions column have a tooltip, the color scheme was updated according to the Segura® Platform standards and more.

Fixed

Item Description
SSGR-9870 Fixed non-functional Ignore multi-factor authentication setting.
SSGR-8792 Fixed an issue in the report date filters where the invalid format message remained visible even after correcting the entered value.
SSGR-8717 Fixed an issue in the Approval workflow > PAM Core > All requests screen where only requests assigned to the logged-in approver were displayed. The screen now displays all requests from the last 7 days, ensuring broader visibility while maintaining security standards.

Network Connector

Fixed

Item Description
SSGR-9889 Fixed an issue that prevented RDP sessions from starting when the secondary Network Connector took over after the primary went offline.