Alira Release Notes

Previously, when a user requested a non-integrated resource and an approver approved it, the resource was immediately marked as provisioned — even if IT or a manager still needed to carry out the manual work. This created a gap between what users saw and what had actually been done.

The Access Portal now includes an explicit manual provisioning step. Once an approval is granted, the resource remains in a pending state until the responsible party confirms the work is complete. Only then is it marked as provisioned for the user.

Key Capabilities

• Explicit provisioning confirmation step for non-integrated resources
• Users see accurate status — provisioned only when the task is genuinely complete
• IT teams and managers can mark provisioning as done directly within Alira
• Improves trust in the platform and sets accurate expectations for end users

The Licence Manager’s auditing capabilities have been significantly improved. All four licence hygiene reports — Terminated Users, Inactive Users, Inactive Licences, and Duplicate Licences — are now consolidated into a single master auditing dashboard.

The dashboard surfaces global reporting on the total number of users at risk of licence bleed, the financial cost and implication of that exposure, and makes it straightforward to action remediation without navigating between separate report views.

Key Capabilities

• Single master auditing dashboard consolidating all four hygiene reports
• Global summary of total users at risk and associated cost exposure
• Financial implication of licence bleed surfaced clearly for decision makers
• Faster remediation across all report types from a single view

The existing Inactive Users report identifies users who haven’t logged in recently. The new Inactive Licence Report addresses a different problem: users who are active and logging in, but are not using a specific high-value licence assigned to them — such as Microsoft Copilot.

These licences represent silent waste. The user is active so they don’t appear in standard inactive reports, but the licence itself is going unused. Alira now surfaces these directly so administrators can reclaim and reallocate them.

Key Capabilities

• Identifies licences assigned to active users who are not actively using the product
• Initial focus on Microsoft Copilot — one of the highest per-seat cost licences
• One-click reclaim directly from the report
• Surfaces a category of waste invisible to standard inactive user reports

Two significant enhancements have been made to the Projects capability within Extended Identities.

Project Owners introduces delegated ownership at the project level. Designated owners can add and remove guests from their own projects without requiring IT involvement, distributing governance responsibility to the people closest to the work.

Project Resources makes the full access context of a project visible. Projects now support four roles which, via extension attributes, map to Entra groups. Wherever those groups govern access to a resource in Entra, Alira pulls in that resource and displays it against the project — making cleanup, offboarding and auditing significantly easier.

Key Capabilities

• Project Owners — delegated responsibility to add and remove guests per project
• Four project roles mapped to Entra groups via extension attributes
• Resources attached to those groups are automatically surfaced against the project
• Administrators can see the full access context of a project at a glance
• Simplifies guest cleanup and offboarding by making access scope visible

Companies within Extended Identities now support two distinct delegated roles: Requesters and Approvers. This allows organisations to distribute guest management responsibility across the business without creating IT bottlenecks.

Anyone in the business can be assigned as a Requester for a given company, allowing them to initiate guest onboarding. Their manager or a nominated Approver can then approve the request. Company Admins retain oversight and management of the company entity itself.

Key Capabilities

• Two delegated roles per company: Requester and Approver
• Any business user can request a guest — no IT ticket required
• Approvals handled by a nominated approver, such as a line manager
• IT retains central oversight without being the bottleneck for every request

Companies in Extended Identities can now be linked directly to the Licence Manager. This surfaces the licence cost associated with guests from a given company — giving administrators a clear view of the financial impact of their external and internal guest population.

Previously, guest users existed as identities in Entra but their licence cost was difficult to attribute back to a specific company or partner relationship. This change closes that gap, connecting identity governance and licence spend in the same view.

Key Capabilities

• Companies can be linked to the Licence Manager for cost attribution
• Licence cost of guests surfaced per company entity
• Connects identity governance and licence spend in a single view
• Supports cost accountability for partner, contractor and guest relationships

Alira now supports the invitation and governance of external guests — people outside your organisation who are not currently in your Entra tenant. External guests can be invited via Alira, authenticate using one-time password or their own work account, and are brought under the same governance framework as internal users.

This completes the full identity coverage story for Extended Identities. Alira can now manage three distinct identity types within a single governed platform: internal orphaned accounts not connected to HR, internal guests, and external guests from outside the organisation.

Key Capabilities

• External guest invitation directly from within Alira
• Authentication via one-time password or existing work account
• External guests governed under the same Companies and Projects framework
• Full coverage across internal orphaned accounts, internal guests, and external guests
• External guests can log in to Alira and interact with the platform directly

Alira now includes a Notification Engine that enables asynchronous notifications and integrations across identity lifecycle events, allowing organisations to integrate Alira events directly into operational workflows beyond Microsoft-native tooling.

Key Capabilities

• Custom email notifications triggered by PIM requests, Access Package requests, and approval and rejection events
• Webhook integration for real-time event forwarding to external systems such as Microsoft Teams and Slack
• Configurable per event type to support differential handling across request, approval, and lifecycle stages

Alira now supports pre-staged Enterprise Application onboarding, reducing friction for end users while preserving administrative control. Users can request access via URL-based redirection, with approval and assignment handled through existing governance controls.

Key Capabilities

• Pre-creation of Enterprise Applications, Access Packages, and Groups
• Application tagging used for discovery in request portals, lifecycle tracking, and reporting
• URL-based redirection for user access requests with full governance controls retained

Application tagging is now leveraged across lifecycle reporting to address a common gap where manual application ownership obscures true leaver exposure. Leaver notifications clearly flag applications requiring human intervention and highlight residual access risk.

Key Capabilities

• Leaver reporting identifies total applications held by a user, which applications are automatically governed, and which require manual offboarding
• Leaver notifications clearly flag applications requiring human intervention
• Residual access risk clearly surfaced for remediation

The Extended Entities module introduces a structured approach to internal guest identity management, providing an authoritative governance layer for internal guests and non-HR users — improving visibility, control, and auditability.

Key Capabilities

• Centralised onboarding, offboarding, and auditing of internal guest users
• Contextual modelling using Companies (logical containers) and Projects (access context)
• Delegated administration with requesters and approvers per entity
• Attribute-driven access assignment and reporting

The Licence Manager now supports third-party SaaS licensing via the Bring Your Own Licence Group (BYOLG) model. Any SaaS licence managed via an Entra ID group can be surfaced, enabling visibility of total SaaS licensing exposure — not just Microsoft-native services.

Key Capabilities

• Bring Your Own Licence Group (BYOLG) model — any SaaS licence managed via an Entra ID group can be surfaced
• Unified reporting of licence allocation, cost overhead, and Organisational Unit (OU) impact
• Applies consistently across Microsoft and non-Microsoft applications

New reporting capabilities clearly surface licence hygiene issues for decision making. These issues are difficult to detect using native tooling and are now clearly identified within the Alira Licence Manager.

Key Capabilities

• Inactive User Report — identifies stagnant users who hold licences but have not been recently active
• Terminated User Report — identifies licences retained post-departure
• Duplicate Licence Detection — surfaces conflicting entitlements (e.g. F3 + E3 assigned concurrently) and highlights optimisation opportunities