Skip to content

Phase 10.3 Release Notes

Released on April, 2026

Summary

The 10.3 release introduces key enhancements in integrations, security, and entitlements management in Hire2Retire. Introducing Peer-Based Entitlements for recommending group memberships based on peer access patterns. This helps teams assign access more consistently, reduce manual effort, and support both review-based and automated provisioning workflows.

Hire2Retire now adds support for Cornerstone OnDemand and UKG Ready, enabling organizations to automate identity lifecycle management using HR and talent systems as a source of truth. The release also strengthens offboarding security by adding an option to reset multi-factor authentication (MFA) during termination, ensuring users must re-enroll MFA when the account is reactivated. Additional enhancements include pre-boarding improvements with early employee data sync from BambooHR, automatic restoration of shared access on rehire, and improved visibility into provisioning operations through Access Event Details.

New Features

Peer Based Predictive Group Assignment

The Peer-Based Entitlements feature enables discovery and recommendation of group memberships for employees based on the entitlements held by their peers. When a new employee is onboarded or an existing employee undergoes a title change, Hire2Retire automatically identifies peer employees and recommends appropriate group memberships, including Security Groups, Distribution Lists, Entra ID Security Groups, Microsoft 365 Groups, and Mail-Enabled Security Groups. This feature reduces manual group assignment effort, ensures consistent access across similar roles, and supports both supervised review and fully automated (Autopilot) provisioning workflows.

HR Application Support: UKG Ready

Hire2Retire now supports API-based integration with UKG Ready HR application. Organizations can fetch employee data from UKG Ready and automate identity lifecycle management across Active Directory, Entra ID, Google Workspace, and Okta.

Support Cornerstone as a new SCIM application

Hire2Retire now supports integration with Cornerstone OnDemand, a cloud-based talent management platform used for learning, performance, recruiting, and HR functions. This integration enables automatic provisioning, updates, and deactivation of user accounts in Cornerstone, along with seamless mapping of Identity Provider attributes and user roles.

Enhancements

Check Provisioning Operation Type in Access Event Details

Access Event Details now display the type of provisioning operation performed on employee accounts, such as provisioning or deprovisioning, along with the status of related integration events. This makes it easier to track and understand actions executed on employee records.

Reset MFA upon Termination

Hire2Retire now provides an option to reset multi-factor authentication (MFA) as part of the termination process. When a user is terminated, the system revokes all active sessions to invalidate existing access tokens. If the Reset MFA on Termination option is enabled, it also removes all enrolled MFA factors, such as authenticator apps and registered phone numbers. If the account is reactivated later, the user must re-enroll MFA. This ensures previously trusted devices and authentication methods cannot be reused, adding an extra layer of protection against unauthorized access after rehire or account reinstatement.

Shared Mailbox Access Restoration on Rehire/Return from Leave

Hire2Retire now ensures a smooth and consistent access restoration without manual effort when an employee is rehired or returns from leave. The changes made for sharing the mailbox, email forwarding and OneDrive access on termination or start of leave are reverted when the employee is rehired or returns from leave. Their mailbox is converted back from shared mailbox to a user mailbox, and access is removed for all secondary users it was shared with. Any email forwarding configured on the mailbox is also removed. The OneDrive access granted to secondary users is also removed on rehire or return from leave.

Other Improvements

  1. Added support for group membership changes as a condition in Communication Hub for sending email notifications. Notifications can now be triggered based on group-based conditions, in addition to user attributes, allowing targeted and flexible communication.
  2. Group and OU selection process is now easier with domain controller details removed, improving browsing and search.
  3. Hire2Retire now fetches employee attributes from BambooHR before the employee’s start date, enabling complete profile setup and access assignment in advance. This ensures licenses and permissions are pre-provisioned, eliminating delays and ensuring day-one readiness for new hires.