Opal now allows teams to assign service accounts or external automations as reviewers on access request stages, automatically approving or denying requests via API. These automated reviewers can work alongside human reviewers and enforce least-privilege access to lay the foundation for future AI-driven approval workflows.

Opal’s new Service Accounts and Scoped API Keys give teams granular, least-privilege control over machine identities in Opal. Create purpose-built service accounts with scoped permissions for faster, safer automation—complete with real-time auditing and lifecycle management.

Opal now connects with Cursor, enabling teams to pull user and usage data directly via the Admin API. Surface insights in Opal’s Risk Center to identify exposure and strengthen your security posture.

Securely manage access to the Anthropic Claude Developer Platform through an Opal integration. Control organization and workspace membership, assign roles, and bolster AI governance within your environment — all from one place.

Integrate Opal with OpenAI’s developer platform to manage organization and project-level access. Gain visibility and enforce least privilege access patterns across AI platforms so the business can continue building and innovating safely.

Gain centralized visibility and control over access to your critical business systems in Oracle Fusion Cloud to streamline provisioning, strengthen governance, and simplify compliance.

We’ve also added Delegating Reviewers. When managers are out of office or executives are overloaded, they can delegate their approval responsibilities to someone else – keeping requests moving without bottlenecks.

With Request Extensions, Opal admins can allow users to extend access to resources without repeating the approval cycle. Users can also re-request access in Slack using the “Quick Request” button, which is included on notifications for expired access.

Opal can now remove users from Okta, Duo, Google Workspace, Salesforce, PagerDuty, and Snowflake. Deprovisioning can be triggered manually, after access reviews, or automatically via IDP/HRIS events—closing the loop on leaver workflows

Opal now integrates with Notion ticketing to track access requests, reference tickets for added context, and ticket propagation for manual grants or revocations. With these capabilities, customers can centralize access workflows in Notion.

Opal now supports using a GitHub organization owner account and owner personal access token to fully manage your org’s access. This enables improved control over repository and team entitlements while preserving security boundaries through scoped permissions.

Opal now offers a native integration with Coupa, enabling customers to seamlessly sync users and manage role assignments directly within the platform. This lays the foundation for Separation of Duties analysis by providing visibility and control over entitlements in Coupa.

Opal now integrates with Freshservice to streamline ticketing workflows. The integration supports creating audit tickets from Opal requests, linking existing Freshservice tickets, and generating tickets for manual access grants or revocations.

Introducing Max User Limits—set resource capacity and automatically block requests when limits are reached to manage access and costs.

The new Explore Graph in Opal visually maps relationships across users, groups, and resources helping teams reveal hidden access and risks, investigate, and act in one view. Read more here.

Opal now supports DataStax, giving teams real-time, fine-grained control so users receive precisely the access they need.

With IDP support for Active Directory, you can now leverage Opal to manage on-prem users and groups, streamline access reviews, and enforce least privilege across hybrid environments.

User Access Reviews now include usage history, request justifications, and team benchmarks for faster, smarter approval decisions.

Opal now offers support for Jira Service Management, making it simple to link JSM tickets to Opal access requests and more easily manage and approve access across ticketing systems.