Coming Soon

Here’s a deeper look at what’s coming to GrantFlow over the next releases. We’re investing in clearer communication (notifications), safer and faster approvals, efficient directory sync, and high‑confidence operations at scale. Timelines and scope may evolve as we incorporate feedback.

note

This roadmap highlights planned capabilities at a high level. Details may change before GA.

Unified Notifications (Email, Teams, In‑App)

Stay on top of approvals, activations, expirations, and more with a dedicated notification service and an admin UI that puts configuration in one place.

What you’ll get:

• Channels: Email via Microsoft Graph and Microsoft Teams (channel webhook) to start
• Templates: MJML with variables, theme alignment, and live preview
• Policies: Per‑event recipients (users, roles, dynamic sets)
• Actions: “One‑click” Approve/Deny links secured by short‑lived tokens

Who benefits:

• Approvers: Faster triage with actionable alerts
• Requesters: Clear status updates without polling the app
• Admins: Central control with safe defaults and audit

Rollout notes:

• Starts with high‑value events (Approval Requested, Activation Failed/Expired)
• Teams Graph chat messages may follow the webhook approach

See also: Notifications

AI‑Assisted Approvals (Risk Scoring)

Help approvers focus where it matters most. Requests will include a risk score and rationale so queues can be sorted by likely impact.

What you’ll see:

• Score (0–100), level badge, and a short “why this score” explanation
• Contributing factors (e.g., role sensitivity, duration, unusual patterns)
• Sorting and filtering by risk level

Who benefits:

• Approvers: Prioritize high‑risk items quickly
• Security teams: Consistent evaluation signals

Rollout notes:

• Phased rollout: shadow mode → opt‑in beta → GA

See also: Requests & Approvals

Real‑Time Drift Enforcement (Cloud + AD)

Detect and respond when managed access changes outside of GrantFlow. If a user, group, or role diverges from policy, we’ll create an incident and (per policy) notify, request approval, or remediate.

What it does:

• Ingests near real‑time signals from Microsoft Entra and fast deltas from AD
• Applies per‑role “Drift Reaction” policies: Notify / Require Approval / Remediate
• Surfaces incidents with status, timestamps, and actions

Who benefits:

• Admins and auditors: Clear evidence and control over out‑of‑band changes
• Operators: Faster time to resolution when drift occurs

See also: Role Management

Faster Directory Sync (Delta + Smart Scheduling)

Short, efficient sync cycles keep data fresh without heavy scans. A built‑in scheduler coordinates per‑connector jobs safely—even when multiple instances are running.

What changes:

• Delta sync for AD users, groups, and memberships
• Per‑connector schedules with jitter and guardrails
• Observability for lag, success rates, and backoff

See also: Connectors · AD Agents

Smarter Role Assignment Validation

Assign roles with confidence. We validate at assignment time that the principal, connector, and provisioning details line up—so users only see roles they can actually activate.

What to expect:

• Immediate, clear feedback on misconfigurations
• Shared rules with activation validation for consistency

See also: Assignments

Password Rotation Policies (Automation)

Automate password rollover for privileged accounts according to policy windows and complexity rules.

What’s included:

• Scheduled rotations with retry/backoff and audit
• Validation to confirm the new password is effective
• Admin tools for manual rotation and history

See also: Account Checkout

LDAPS Trust Anchors for AD Connectors

Upload and manage domain controller trust certificates (root/intermediate) for LDAPS. View certificate metadata, expiry, and early warnings in the UI.

At launch:

• Support for PEM/CER/DER/PFX
• Expiry badges and upcoming‑expiry warnings

See also: Connectors

Profiles & Preferences

Per‑user profiles for preferences (theme, locale, time zone, notification preferences) and future features like passkey enrollment status.

What users gain:

• “Settings” backed by profiles for a consistent experience
• Room to grow into additional personal controls

See also: Profile Settings

Reliable Scheduling & Cancellations

Deprovisioning and other time‑based actions will use a more resilient scheduler so end times are predictable—and manual deactivations cleanly cancel future tasks.

Why it matters:

• Predictable expirations for activations and checkouts
• Safe cancellations when users end access early

Reliability, Observability, and Scale

Under the hood, we continue to harden the platform for scale and operability.

You’ll see:

• Retries with exponential backoff and dead‑letter handling
• Idempotency to prevent duplicate work
• End‑to‑end tracing and metrics for supportability

Preparing your team

If you want early access to any of the items above, contact your GrantFlow representative. We can coordinate enablement, test tenants, and feedback windows ahead of GA.

---

Questions or feature requests? Open a ticket in your organization’s channel or reach out to your GrantFlow contact. We’d love your feedback.