Blog

November 2025 Release Notes

November 23, 2025

What’s new in November 2025: simpler access for growing teams

This month’s YeshID product updates focus on giving IT & Security leaders more control with less manual work. We’ve tightened group-based access, made large task and workflow views easier to manage, and improved how user data flows into downstream apps and directories.

TL;DR

  • 🧩 Group-first access — manage app access through groups and see where entitlements don’t match expectations.
  • 📋 Task & workflow clarity at scale — faster filtering, cleaner views, and better behavior when you’re working through hundreds or thousands of tasks.
  • 🧑‍💼 Manager-aware workflows & email — assign tasks to managers, email multiple stakeholders at once, and keep replies pointed at IT.
  • 🔗 Stronger identity integrations — push profile updates to SaaS apps, add UKG HRIS, and support more directory fields and IDs.
  • Performance & admin upgrades — more custom fields, more technical owners, and faster People/Directory pages for large orgs.

Group-based access — more control, less drift

We’ve made it easier to treat groups as the source of truth for application access, and to see when reality doesn’t match policy.

For applications that should only be accessed via group membership, admins can now mark them as “group-only.” When that’s on, end users will only see those apps in the request catalog if they’re already in an enabled group that grants access. That keeps high-risk or tightly-governed apps from being requested by anyone outside the right groups, without extra manual reviews.

On the Person view, you’ll now see:

  • Which YeshID groups a user belongs to.
  • For each application, whether access is expected, not expected, or not applicable based on those group rules.

That makes it much easier to spot entitlement drift: for example, when someone has access to a group-managed app but isn’t in any group that should grant it.

In the Audit view, there’s also a new Groups column (for orgs using the Groups feature). This lines up with the application accounts view so you can audit by role and group in the same place.

How to try it

  • In an application’s settings, configure which groups grant access and enable group‑managed access where appropriate.
  • Open a person’s details to see their group memberships and whether each app’s access is expected.
  • Use the Audit view to review group membership alongside application roles.

Tasks & workflows — easier to work big queues

The All Tasks view got a significant usability upgrade aimed at teams that live in YeshID every day.

  • A new unified search bar lets you combine filters (assignee, status, due date, application, and more) in one place, with keyboard support and smarter handling of advanced filters.
  • Due date filters (like “Today”) now behave correctly, so you don’t see tasks from unrelated dates mixed in.
  • Automated tasks are hidden by default, which makes queues less noisy—but you can still surface them when you need to.
  • Tasks now clearly indicate when they have approvers attached, helping prevent “complete” actions on tasks that aren’t actually actionable yet.
  • There’s a new “skipped” status and icon for tasks that were intentionally skipped (for example, when a user already had access to an application via a group), so automation behavior is more transparent.

Access to the All Tasks view is also smarter: non-admins see only tasks where they’re an assignee, while application admins can still see the broader queue for the apps they manage.

On the Workflows page, we’ve reorganized the table and header so it’s easier to scan:

  • Status and workflow type now show as separate pills.
  • The “details” column is cleaner and focuses on the essential context (user, app, etc.).
  • The workflow run header shows user details, workflow type, and status clearly—even if the user has since been removed.
  • Server-side pagination now supports viewing beyond 100 workflows, with a visible total count so you know how big the queue really is.

How to try it

  • Go to Tasks → All tasks and start typing in the search bar to mix filters (e.g., app + due date + assignee).
  • Use the status and due date options to narrow down what needs attention today.
  • Visit Workflows to see the new table layout and run header.

Manager-aware workflows & smarter email

We’ve made it easier to keep managers and other stakeholders in the loop without creating extra manual steps for IT.

First, you can now:

  • Assign workflow tasks directly to the user’s manager as a built-in assignee option.
  • Target the manager as a recipient in Send custom email tasks, just like the employee themselves.

We also cleaned up how custom emails work:

  • The Send custom email task now supports multi-select recipients. For example, you can email the new hire, their manager, and HR all at once.
  • Email templating always uses the workflow’s target user as the source of variables, so your templates stay consistent even if you change who receives the email.
  • You can set a Reply-To address, including a templated support contact, so replies land in the right shared mailbox instead of personal inboxes.

On the identity side of onboarding, we fixed an issue where recovery/personal emails could be lost when creating Google users. Those values now persist reliably so access emails have a valid personal email to send credentials to.

Finally, from the end-user dashboard, requesting a new application now works as expected even when the app doesn’t exist yet in YeshID. Previously, requests for “new” apps could fail silently after the user clicked Submit.

How to try it

  • In a workflow template, add or edit a Send custom email task and choose multiple recipients plus an appropriate Reply-To option.
  • In task configuration, select Manager as an assignee for steps that the hiring or line manager should own.
  • Test a new app request from the self-service app request flow using a name that’s not yet in your catalog.

Identity & provisioning — richer data, better sync

Several updates this month help keep user profiles and entitlements consistent across your stack.

Push profile updates to SaaS apps

For SCIM-based integrations and other supported apps, YeshID can now push user profile updates downstream when a user is changed in YeshID. Behind the scenes, we fetch the current user record from the app, merge in your updated fields (like name, title, location, or role), and send an update—rather than forcing you to wait for a full re‑provision.

UKG HRIS support via code-based integration

We’ve added a code-backed HRIS connector for UKG that uses UKG’s reporting service to bring employee data into YeshID while still letting you map fields like any other HRIS. This is especially helpful for organizations that rely on UKG but still want consistent field mappings (title, department, location, and more) into directories and downstream apps.

Directory and SCIM improvements

  • You can now edit a user’s manager directly from the person edit screen in YeshID and have that change sync back to your primary directory (Google or Microsoft).
  • During onboarding, additional Google Workspace fields, including title, are now set correctly on new accounts.
  • For admins building custom integrations around Okta, the Okta user ID is now available as a mappable field. That makes it easier to call other APIs that require the Okta ID in the URL.
  • Notion SCIM configuration was updated so group imports and related operations work as expected.

We also improved how directory statuses and org units behave:

  • Directory identity statuses now support Okta “staged” users, so workflows can trigger accurately before users become fully active.
  • Tasks that set a user’s Google org unit now include retry logic, reducing the chance of failures when the org unit update runs just before the account is fully created.

How to try it

  • Review a SCIM-connected app’s provisioning settings and confirm which profile fields you want YeshID to own.
  • For UKG customers, talk to your YeshID contact about enabling the new UKG HRIS connector and mapping your fields.
  • Edit a person’s manager in the People section and verify the update in your directory.

Performance, limits & lab tools

As datasets grow, we spent time making the UI feel faster and more flexible for larger organizations.

Faster People, Directory, and pickers

Profile images were previously included in every /users payload, which added up when you had thousands of identities. We now:

  • Skip profile picture imports on the very first Microsoft 365 sync to get you to a usable state faster.
  • Serve profile images via a separate URL with long-lived caching instead of embedding them in every user response.

The result: snappier loads for People, Directory, and any user picker components, especially in orgs with 2,000+ identities.

We also fixed a subtle scheduling issue where integrations set to run around the end of the UTC day could occasionally slip by a day. Preferred run times are now handled more predictably.

More room for metadata and owners

Two small but impactful limit increases:

  • Custom fields per org increased from 10 → 25, giving you more room for HR or business-specific attributes.
  • Technical owners per app increased from 5 → 10, so broader infrastructure teams can be represented without workarounds.

Google Workspace group scanner (lab)

We’ve brought our Google Workspace group scanner into the main app as a lightweight lab experience. It’s a static, read‑only tool that helps you explore how groups are structured in your Google Workspace tenant and spot potential issues faster.

  • The experience has been refreshed with a light theme and UI aligned to other YeshID cards.
  • We’ve also hardened sign-in so only valid Workspace accounts can use it.

If your environment has the lab enabled, you’ll find it under the Google Workspace group scanner path in your YeshID instance.

Voice input on policy assistant

On the policy page, the built‑in assistant now supports microphone input in supported browsers. That makes it easier to talk through policy changes instead of typing long prompts—handy when you’re drafting or revising security and access policies.

Finally, we’ve made a round of behind‑the‑scenes security and library updates to keep dependencies current.

Admin tips

  • For high‑risk applications, consider turning on group‑managed access and using the “Access expected” view on a person’s Applications tab to quickly spot users who shouldn’t have access.
  • Use the unified task search bar plus due date filters to build saved “ways of working” (for example, a morning view of “My tasks due today”) and delegate broader queues to app admins.

Availability & rollout

All changes described here have been rolled out to production over the course of November 2025. Some group-related features may depend on your org having Groups enabled; if you don’t see them yet, reach out to your YeshID contact or support team.

Helping IT & Security leaders run lean, secure access programs is the core of what we’re building. November’s updates make YeshID more usable at scale, more aligned with your org structure, and better connected to the HRIS and SaaS tools you already rely on.

We’d love to hear what would save your team the most time next—whether that’s deeper integrations, new workflow types, or reporting. Share feedback with your YeshID contact or support team.

Recent Posts
Why ITSM Isn’t IAM, And Why AI Ticketing Tools Don’t Solve Access
Free Tool: Google Groups Should Not Be a Mystery
Starting SOC 2 Without the Burnout: A Practical Guide for Lean Teams
October 2025 Release note
Identity & Access Management: Stop Chasing Integrations. Start Orchestrating.
Ready to take control of your identity access management?
Sign up