OmniPriv 4.0 Release: AI-Powered Anomaly Detection, Enhanced JIT, and More

After six months of private beta testing with selected enterprise customers, OmniPriv 4.0 is now generally available to all customers. This release represents the largest single update in OmniPriv's history, with over 200 improvements across the platform.

The headline feature of 4.0 is the new Sentinel Engine — a machine learning system that builds a behavioural baseline for each user's privileged sessions and raises alerts when observed behaviour deviates from the baseline.

The Sentinel Engine analyses multiple signal dimensions: the commands executed in SSH sessions, the queries run in database proxy sessions, the destinations reached in RDP sessions, the time of day and duration of access, the source IP and device context, and the volume of data accessed or transferred. Individually, any one of these signals might produce noise. The Sentinel Engine correlates them to produce high-confidence anomaly scores.

In our beta programme, the Sentinel Engine achieved a 94% detection rate for insider threat scenarios and lateral movement activity in controlled tests, with a false positive rate below 3% after a two-week baseline learning period. A number of beta customers reported the Sentinel Engine surfacing genuine security concerns — including an insider data exfiltration attempt and a compromised contractor account performing reconnaissance — that would not have been detected by rule-based alerting.

The JIT access engine has been redesigned from the ground up in 4.0. Key improvements include sub-second access provisioning (down from up to 12 seconds in 3.x), a new mobile approval app for approvers, Slack and Microsoft Teams integration for in-channel approval workflows, and a self-service access request portal with a significantly improved UX.

Policy configuration has been simplified with a new visual policy editor that replaces the YAML-based configuration in earlier versions. Common JIT patterns — maintenance window access, emergency break-glass, vendor access — are available as configurable templates.

OmniPriv 4.0 adds automatic sync for AWS IAM roles and EC2 instance profiles, Azure AD service principals and managed identities, GCP Service Accounts, and GitHub Actions OIDC integrations. Cloud assets discovered through sync are automatically onboarded to the credential vault and rotation schedule, with configurable policies for temporary cloud credentials.

Version 4.0 ships with 12 new integration connectors: HashiCorp Vault (bidirectional), CrowdStrike Falcon, Microsoft Sentinel, Elastic Security, PagerDuty, Jira Service Management, Ansible Tower, Terraform Cloud, Oracle Database 21c, SAP HANA, IBM Db2, and Snowflake.

This brings the total number of supported integrations to 87. The full integration catalogue is available in the documentation.

Upgrading from OmniPriv 3.x to 4.0 is supported in-place for single-node and HA cluster deployments. The upgrade process takes approximately 20 minutes with no downtime for HA deployments. Configuration from 3.x is fully compatible with 4.0 with the exception of the JIT policy configuration, which is automatically migrated by the upgrade script with a preview and confirmation step.

Detailed upgrade instructions are available in the documentation. Customers requiring assistance with the upgrade can contact their Customer Success representative to schedule a guided upgrade session.