Skip to main content

June 2026

Who this is for

Admins and developers tracking monthly changes.

Goal

Understand what changed in June 2026 and how it affects setup.

Prereqs

  • None

Success criteria

You can identify relevant changes and update your workflows if needed.

Highlights

Access requests

  • Deny policies and request exceptions — Owlie can enforce deny policies that block, revoke, route, or park access for review, while request-time gates can warn or require exception approval before access proceeds and admins can track live exemptions with approver, reason, and expiration context.

Access reviews

  • Access review campaigns — Admins can create ad-hoc or reusable access review campaigns, define scopes by users, resources, entitlements, and grant types, preview campaign size and reviewer load, schedule recurring runs, launch campaigns, and track review progress from the dashboard.
  • Review remediation and evidence exports — Review outcomes can drive remediation through connector, manual ticket, virtual, or function routes, with safeguards for re-applicable access, source-addressed holds, due-date extensions, item evidence packets, review timelines, and downloadable campaign evidence exports.
  • Reviewer workspace and staged decisions — Reviewers get a dedicated work queue with only their assigned review steps, decision context, reason requirements, bulk decision support, and real-time updates, while admins can configure staged review policies, reviewer routing, timing, fallback behavior, and separation-of-duties protections.

Auth

  • Owlie-hosted OIDC identity provider — Owlie can act as a tenant identity provider for OAuth and OIDC applications, with admin-managed clients, redirect URI and scope controls, PKCE and refresh-token settings, client secret rotation, signing key rotation, rate-limit visibility, and IdP audit events.

Connectors

  • AI-assisted connector builder and OpenAPI scaffolding — Connector authors can scaffold draft connectors from OpenAPI definitions, get AI help for schemas, handlers, errors, and attribute mappings, run pre-publish conformance checks, test individual handlers, and review runtime failures before publishing changes.
  • Expanded integration catalog — Owlie's connector catalog now covers many more SaaS and business systems across identity, HR, productivity, CRM, finance, support, and marketing, including Okta, Slack, GitHub, Jira, Salesforce, ServiceNow, Workday, NetSuite, Zendesk, Zoom, Box, Dropbox, Notion, HubSpot, Shopify, Stripe, Xero, QuickBooks, Microsoft Teams, SharePoint, and OneDrive.
  • On-prem connector gateway — Admins can enroll tenant gateways, monitor live connection state and gateway versions, bind integrations to a gateway, and run private-network or gateway-required connectors such as Active Directory, Generic LDAP, Generic Database, SAP HANA, and flat-file feeds.

Platform

  • Notification center and delivery policies — Users can receive in-app notifications with unread counts, mark messages read, dismiss items, and review recent activity from the dashboard, while admins can configure tenant-level delivery policies by transport and notification category.
  • Source-prioritized identity attributes and lifecycle state — Admins can manage built-in and custom identity attributes with ordered source precedence, manual overrides, self-service visibility, and rule-derived values such as lifecycle state, so directory data can reconcile cleanly across manual entries, integrations, and derived rules.

Provisioning

  • Policy-driven access automation — Admins can author versioned grant policies that match identities by governed predicates, preview activation impact before rollout, apply access changes through provisioning, explain why an identity has access, and use blast-radius controls for large or destructive changes.
  • Time-bound access windows — Access requests and provisioning can carry start and end times so approved access can begin later, expire automatically, and remain auditable through scheduled activation and revocation states.

Security

  • Tenant audit log — Admins can query tenant-scoped audit events by namespace, event type, outcome, and time cursor, giving security and operations teams a centralized record of important administrative and system actions without exposing secrets.

Sync

  • Identity graph explorer — Admins can inspect the tenant identity graph across synced, provisioned, manual, and derived records, search graph nodes, view neighborhoods and relationships, and understand assignment links and stale external state from one governance view.

Example

Review this month's changes before enabling a new workflow in production.

Troubleshooting

  • If a feature is missing, check later release notes.

Next steps

  • /release-notes
  • /implement