Phase 10.4 Release Notes
Released on May, 2026
Summary¶
The 10.4 release expands Hire2Retire capabilities across identity management, access workflows, and external identity support. Hire2Retire introduces Contact entity management for AD and Hybrid AD environments, enabling organizations to provision and manage non-employee identities such as contractors for communication and distribution list access. The release also enables Access Requests and approvals directly within ServiceNow, allowing users to create and manage requests directly from the Hire2Retire IGA portal on ServiceNow.
Additional enhancements include support for future-dated leave management with Workday, automated email notifications for application auditing, and access remediation workflows via Email or ServiceDesk integration. Improvements to Exchange Online support in Multi-Domain Controller environments further extend group and mailbox management capabilities, while UI enhancements and configuration flexibility improvements strengthen overall usability and control across the platform.
New Features¶
Automated Contact Management for AD and Hybrid AD¶
Hire2Retire introduces Contact entity support for Active Directory (AD) and Hybrid AD environments, allowing organizations to provision and manage non-employee identities such as contractors and hourly workers as Contacts instead of full user accounts. Based on predefined HR-driven conditions, the system automates Contact lifecycle management by creating, updating, and deleting Contacts, dynamically managing their group memberships in Distribution Lists and Mail-Enabled Security Groups, and triggering configured notifications and service desk workflows. This feature enables organizations to support communication requirements for external users while maintaining strict control over access and avoiding unnecessary user account provisioning.
Support Legal server as a new SCIM application¶
Hire2Retire now supports integration with LegalServer, a cloud-based legal case management platform used by legal aid organizations to manage sensitive client and case data in compliance-driven environments. This integration enables automated provisioning, updates, and deactivation of user accounts, while mapping Identity Provider attributes and roles to ensure secure and compliant identity lifecycle management across LegalServer workflows.
Access Request via ServiceNow¶
Hire2Retire now allows ServiceNow users to request and approve access requests directly from the ServiceNow ServiceDesk. Users can create and manage access requests from the Hire2Retire IGA portal embedded in ServiceNow. This streamlines access workflows, ensuring faster fulfillment without needing to switch platforms.
Enhancements¶
Automated Future-Dated Leave Management for Workday¶
Hire2Retire now supports future-dated leave management in Workday using Leave Start Date and Leave End Date. Previously, leave actions were triggered only based on leave status, Hire2Retire can now detect upcoming leave events and automatically schedule leave actions in advance.
Access Remediation via Email or ServiceDesk¶
Hire2Retire now supports access remediation via Email or ServiceDesk integration. When a reviewer rejects application access, the system automatically triggers a remediation workflow to notify the application owner for removal. Users can choose to send the notification via Email or create a ServiceDesk ticket, with Hire2Retire tracking the ticket and marking the remediation as completed once resolved.
Enhanced Exchange Online Support for Multi-Domain Controller Environments¶
Hire2Retire extends support for Exchange Online downstream groups and features within Multi-Domain Controller (MDC) workflows by enabling consistent user correlation between on-premises Active Directory and Entra ID. This enables seamless use of features such as Shared Mailbox, OneDrive Sharing, Email Forwarding, and membership management for Entra ID Distribution Lists, Mail-Enabled Security Groups, O365 Groups, and Entra ID Security Groups.
Other Improvements¶
- Improved group and OU readability by removing redundant Domain Controller (DC) components from Distinguished Names, making group selection and review simpler across across the Workforce 360, Access Request, and Access Manager module.
- Extending Access Certification email notifications to application auditing, including entitlements, enabling campaign owners and reviewers to receive updates for campaign creation, readiness, start, reminders, and completion events.
- Enables configuration of custom email servers (Outlook or Gmail) for Access Request notifications, allowing emails to be sent from customer-managed connections instead of the default RoboMQ owned domain.