Documentation Index

Fetch the complete documentation index at: https://docs.senhasegura.io/llms.txt

Use this file to discover all available pages before exploring further.

Changelog and Upgrade Notes are now Release Notes. We've unified both so you can find everything about each version in one place.

Segura® Platform v4.2.7

Prev Next

In this article


About this release

On June 24, 2026, we released version 4.2.7 of Segura® Platform. The release includes 29 changes across 9 modules.

  • Release date: 2026-06-24
  • Patch: segura | v4.2.7-1

For information on how to update Segura® Platform, see Update Segura®.


Release highlights

ITSM Connector Engine: Centralized ServiceNow Integration

Version 4.2.7 introduces a new ITSM integration engine, enabling organizations to centrally configure and manage connections to ServiceNow instances within the Segura® Platform.

This capability serves as the foundation for the evolution of ITSM governance workflows across the platform and will be leveraged by multiple modules, including PAM Core, EPM, Domum, DSM, and Certificate Manager.

What's new

  • Centralized configuration of ServiceNow connections.
  • Support for multiple ServiceNow instances.
  • Secure OAuth 2.0 authentication.
  • Connection health monitoring (Health Check).
  • Automatic retry and fallback mechanisms.
  • Secure storage of ServiceNow credentials in the Segura® vault.
  • Reusable integration engine across platform modules.

Customer impact

This enhancement eliminates fragmented integrations and enables more consistent ITSM governance across enterprise environments.

Organizations can now operate multiple ServiceNow instances with greater flexibility, simplifying approval workflows, compliance processes, and change management operations on a global scale.


Registration Wizards: Usability and Navigation Enhancements

The registration wizard experience has been enhanced to make configuration processes more intuitive, guided, and efficient.

What's new

  • Visual numbering of wizard steps.
  • Highlighting of the active step.
  • Contextual descriptions for each stage.
  • Simplified navigation between steps.
  • Visual indicators for progress and completion.
  • Confirmation prompts when leaving with unsaved changes.
  • Improved responsiveness across different screen sizes.

Customer impact

These improvements reduce uncertainty during configuration processes and help users complete registrations with greater confidence and accuracy.

The result is a smoother user experience, fewer operational errors, and reduced dependency on support teams.

Wizards - Segura Upgrade Notes 4.2.7.png


Orbit Proactive Alerts for Resources Below Recommended Levels

Version 4.2.7 expands Orbit monitoring capabilities with new alerts designed to identify infrastructure resources operating below recommended thresholds.

What's new

  • Continuous monitoring of CPU, memory, and disk space.
  • Automatic Orbit incident generation.
  • Configurable thresholds through Orbit CLI.

Customer impact

This capability increases operational visibility and enables administrators to take preventive action before capacity-related issues affect platform availability.

As a result, organizations can reduce operational risks and improve overall platform resilience.


CLM API: New Endpoint for Request Status and Certificate ID Retrieval

Introduced a new Certificate Lifecycle Management (CLM) API endpoint that allows customers to query request status and retrieve the certificate_id once the certificate signing process is completed.

What's new

New API endpoint to track certificate request status and retrieve the signed certificate identifier (certificate_id) after the signing process is completed.

Customer impact

This enhancement provides a reliable mechanism for retrieving the certificate_id in asynchronous certificate signing workflows.

Because the signing process may depend on external validation steps, the certificate request can initially return a Pending status in the immediate response of the POST operation. The new endpoint enables developers to query the request status and retrieve the certificate_id as soon as the status changes to Signed, making automated integrations more predictable, resilient, and easier to manage.


EPM Windows: Rule Precedence for Directory and Registry Policies in Privilege Profiles

Version 4.2.7 enhances EPM Windows Privilege Profiles by introducing rule precedence for Directory and File Control and System Registry Control policies.

As organizations scale privilege management through Privilege Profiles, multiple policies may apply to the same directory, file, or registry object. This enhancement establishes a consistent precedence model, ensuring predictable policy enforcement across endpoints.

What's new

  • Rule precedence support for:
    • Directory and File Control policies.
    • System Registry Control policies.
  • Consistent policy evaluation when multiple Privilege Profiles contain rules targeting the same object.
  • Improved traceability of policy origin for auditing and troubleshooting purposes.
  • Full compatibility with existing Privilege Profile workflows.

Customer impact

This enhancement improves governance and operational scalability by eliminating ambiguity when multiple Privilege Profiles contain overlapping policies.

Organizations can now adopt Privilege Profiles more broadly while maintaining consistent policy enforcement across large Windows environments.


New Audit User Role in DSM

Segura® introduces a dedicated audit role in DSM, enabling access to Audit Tracking menus without requiring broad administrative permissions across the platform.

What's new

  • New DSM - Audit User role.
  • Permission to view logs and reports related to DSM usage.
  • Inclusion of DSM.Applications.List and DSM.Secrets.List permissions to support auditing and report export.

Customer impact

This enhancement removes the need to grant excessive permissions just to enable auditing. As a result, Segura® strengthens the principle of least privilege and improves segregation of duties in regulated environments.

DSM audit - segura upgrade notes 4.2.7.png


Changelog

API

Added

Item Description
SSGR-8796 Added API v2 endpoints to manage AD/LDAP group synchronization configurations. You can create, list, retrieve, update, and delete group sync settings, and activate, deactivate, or trigger a sync enabling automated, end-to-end directory governance without the web interface.
SSGR-9822 Added API v2 endpoints for full lifecycle management of AD/LDAP servers. You can create, list, retrieve, update, and delete servers, manage activation, and test connections automating directory onboarding at scale without the web interface.
SSGR-9825 Added API v2 endpoints to manage user groups and access policies. You can perform full CRUD on user groups, manage members and associated access policies as sub-resources, and filter by external_id to support AD/LDAP-synced automation without the web interface.

Certificate Manager

Changed

Item Description
SSGR-3501 Created the endpoint /api/certificate/request/status/{request_id} to retrieve the certificate ID for a signed request. See the documentation: GET | List a request status by [id].
SSGR-10324 Improved report titles to better support user navigation through menus, ensuring consistency and usability. The changes are:
- Certificates AWS > AWS.
- Certificates Azure > Azure.
- All Operations > Operations.
- SSL/TLS (Reports > Certificates > Certificate without devices) > Certificates without devices.
- Automations > Automate flow.
- Cloud certificate authorities > Cloud providers.

Fixed

Item Description
SSGR-11068 Fixed an issue where wildcard certificates were not being imported into Certificate Manager after performing a domain discovery.

Discovery

Fixed

Item Description
SSGR-10798 Fixed an issue where, when trying to access a device’s latest debugs, an error 500 was displayed.
SSGR-10799 Fixed an issue where attempting to edit the Plugin field of a newly discovered device resulted in a 500 error.

Domum Remote Access

Fixed

Item Description
SSGR-9942 Fixed an issue in Domum Remote Access where a third-party user's email address could not contain more than two dots in its local part. Addresses such as [email protected] are now accepted.
SSGR-10576 Fixed the access-request flow so it now prompts you to configure a vendor's access policy when one is missing, instead of failing.
SSGR-10789 Fixed the email approval flow so it again detects the responder's sender address.
SSGR-10807 Fixed a security issue in Domum Remote Access where the control governing whether limited third-party users can request their own access was not always enforced. The setting is now enforced, and self-extension of access requires the configured approval workflow.
SSGR-10904 Fixed an error when viewing the access history details of internal and third-party users.

EPM Windows

Changed

Item Description
SSGR-9838 Improved the connection between EPM and the Segura® Platform. Now, if the agent’s authentication token is rejected, it will be automatically renewed, allowing EPM to resume operations without interruption. See the documentation: How to install the EPM Windows agent.

Fixed

Item Description
SSGR-10426 Fixed an issue where the operational system version wasn’t properly displayed in the EPM Windows Admin Web Interface.
SSGR-10569 Fixed an issue where it was not possible to access files within a network shared folder.

Framework

Added

Item Description
SSGR-3160 Added new Orbit alerts that notify administrators when an instance runs with CPU, memory, or disk resources below the recommended levels. The alerts give teams time to take preventive action before the system becomes unavailable.
SSGR-8762 Added the ITSM Connector Engine, a centralized integration with ServiceNow over REST API. Administrators can configure and manage multiple ServiceNow connections with OAuth 2.0 authentication, health checks, and retry. A single engine is reused across PAM Core, EPM, Domum, DSM, and Certificate Manager for consistent ITSM validation.

Changed

Item Description
SSGR-6680 Applied usability improvements to the registration wizards on the Segura® Platform to make navigation clearer and more guided. Wizards now include step numbering, short descriptions, visual highlighting of the active step, and completion feedback.
SSGR-7491 Improved the scalability and performance of Segregated Parameters when managing large device sets. The Devices side panel and selection modal now support pagination, hostname search, and a total-count header, and you can associate devices in bulk by uploading a downloadable XLSX template.

MySafe

Fixed

Item Description
SSGR-10600 Fixed an issue in the MySafe API that prevented querying secrets by ID when the access key did not have full access permission.

PAM Core

Fixed

Item Description
SSGR-9925 Fixed an issue where session input and output were not fully recorded in Session text logs for some access protocols, depending on the segregated parameter type (group, device, credential, or origin). All parameter types and protocols now record input and output correctly.
SSGR-10285 Fixed an issue where the downloaded RDP Proxy shortcut file did not support non-ASCII characters, such as the Cyrillic alphabet, causing them to be incorrectly replaced in the credential and device fields when opening the session.
SSGR-10423 Fixed an issue where passwords containing a single quote (') were altered or truncated during bulk credential import. Imported passwords now match the import spreadsheet exactly.
SSGR-10543 Fixed an issue where the livestream of a remote session was displayed as disconnected when viewed from a different node than the one running the session. The livestream can now be viewed from any node in the cluster.
SSGR-10605 Fixed an issue where the download button for a generated Oracle Wallet did not appear under My certificates, even though the wallet was created successfully. The generated wallet is now linked to the user's certificate and available for download.
SSGR-10668 Fixed an issue where RemoteApp script steps were cleared and the configuration was not saved when returning to the editing tab after a period of inactivity.
SSGR-11104 Fixed an issue where processing of recorded SSH and TELNET sessions could fail when a recording contained an empty or truncated data segment. The converter now handles these segments without aborting, so input logs, session playback, and text indexes are generated and the processing queue is no longer interrupted.

Proxy

Fixed

Item Description
SSGR-10881 Fixed an issue where accented and other special characters were replaced by incorrect symbols when pasting text into a Web Proxy with HTTP/HTTPS session.