SSPM Feature Enhancements

• Reduced Onboarding Permission Requirements for Okta: As part of an ongoing effort to reduce the permissions required to connect SSPM to applications, you can now connect to an Okta instance with reduced, read-only permissions. The read-only permissions enable SSPM to perform basic configuration scans. You can still grant SSPM elevated permissions for write access, which enables advanced scans and automated remediation actions.
• Improved Scans to Detect More Application Settings: As part of an ongoing effort to enable SSPM to detect as many application settings as possible, SSPM can now detect more settings for the following applications:
  • Zoom (Available since January 2025)
  • Snowflake (Available since January 2025)
  • Slack Enterprise (Available since January 2025)
  • Google Workspace (Available since January 2025)
  • Salesforce (Available since January 2025)
  • ServiceNow (Available since January 2025)
  • GitLab (Introduced in March 2025)
• Alternative Onboarding Approaches: SSPM uses a number of different approaches to connect to an application to complete its scans. Depending and the application, you might connect by authenticating directly with the application or through the Okta or Microsoft Azure identity provider. Other onboarding approaches include using OAuth 2.0 authorization or a Microsoft Entra (formerly Azure) service principal. As part of an ongoing effort to provide you with more onboarding options for particular applications, you can now onboard Office 365 through a Microsoft Entra (formerly Azure) service principal.
• Added Identity Support: The Identity Security component of SSPM uses information from an instance of a supported application and, optionally, your identity provider to give you visibility into account risks. As part of an ongoing effort to support more applications, we now provide account risk information for the following additional applications:
  • GitHub Enterprise
  • Okta
  • ServiceNow