Segura® introduces version 4.2.1, designed to improve infrastructure flexibility, privileged access security, and operational usability.
This release expands integration with external services, strengthens Just-in-Time access controls, improves automation compatibility with modern APIs, and enhances the user experience for reporting and monitoring.
Below are the main improvements included in this release.
Reporting Interface Usability Improvements
This release introduces several usability improvements to the reporting interface, designed to improve navigation and interaction with large datasets.
What’s new:
- Fixed horizontal scrollbar at the bottom of the window.
- Sticky action column on the right side of tables.
- Dynamic column width adjustment based on content.
- Tooltips when hovering over action buttons.
- Consistent visual standards applied across reports.
- Full compatibility with light mode and dark mode.
Impact:
These improvements enhance the usability of large reports, allowing security analysts and auditors to navigate complex datasets more efficiently while maintaining visual context and quick access to actions.
Just-in-Time (JIT) Windows Access with Kerberos
Grant Just-in-Time (JIT) access to Windows environments using Kerberos authentication.
With this feature, PAM can automatically create a temporary Windows user account at the moment access is requested and remove it immediately after the session ends.
What’s new:
- Automated creation of temporary Windows accounts using Ansible templates.
- Automatic account removal after session completion.
- Kerberos authentication support.
- Integration with Network Connector.
- Support for domain-context environments with locally created users.
How it works:
We are providing two new automation templates:
- Windows User Creation Template.
- Windows User Removal Template.
When a user requests access to a Windows server:
- A temporary account is automatically created.
- The user connects using this ephemeral credential.
- Once the session ends, the account is automatically removed.
For more information, refer to How to provision JIT local Windows accounts with Kerberos via Ansible.
Impact:
This feature eliminates the need for permanent privileged accounts, reducing the risk of credential compromise.
Additionally, it supports Zero Trust strategies by ensuring privileged credentials only exist during the authorized access window, with full traceability for each session.
OAuth2 and HTTP PATCH Support for cURL Executor
The cURL password management executor has been enhanced to support modern API authentication requirements.
What’s new:
- Support for the OAuth2
scopeparameter inset-oauth2authentication templates. - Support for HTTP PATCH requests.
- Expanded compatibility with REST APIs.
Impact:
This enhancement enables automated password management integrations with services such as Microsoft Entra ID (formerly Azure AD) and other platforms that require OAuth2 scope parameters and PATCH-based password update operations.
It expands the automation capabilities of the cURL executor, allowing administrators to integrate PAM workflows with enterprise APIs.
For more information, refer to Executors syntax.