Changelog

Ploy now surfaces recommended source of truth configurations in a review queue, so you can set up cascade access relationships in bulk instead of configuring each app one at a time. When Ploy notices a group, license, or role granting access to an app that has no source of truth yet, or a connected integration whose domain matches an app, it adds a suggestion to the queue with sensible defaults already filled in.

For each suggestion you see the target app, its existing sources, and the recommended source, along with a short explanation of why those defaults were chosen. For group, license, and role suggestions you can adjust the defaults before applying: whether the source is the authoritative identity, whether its identities take priority, whether removing someone there revokes their app access, and whether only active members count. Then choose to apply it alongside your existing sources, apply it and replace what's there (with a confirmation step, since that one is destructive), or dismiss it.

Once you apply or dismiss a suggestion, Ploy won't surface that same pairing again. New pairings show up within a minute or two. To get started, open the new Source of Truth Suggestions tab on the Resources page, where a badge shows how many are waiting for review.

Access request policies can now specify time windows users are able to make requests within, such as “only between 9-5”. Combined with conditions, you’re now able to craft complex logic around access policy approvals.

Ploy now has a public API allowing you to manage everything from user access to resource access policies programatically, including via IaC tools.

Ploy now scans Anthropic and OpenAI for API keys, service accounts, and other non-human credentials, and surfaces them in your NHI inventory. Each key shows up alongside the workspace or team it belongs to, when it was created, when it was last used, and what scopes it carries.

This is a starting point for governing shadow AI usage - every API key your team has created sitting in .env files, terminal history, and contractors' laptops - without having to chase down individual developers. Combined with the rest of the NHI feature set, you can review and attest AI credentials the same way you handle any other access grant.

To get started, integrate with either of the applications and then visit the non human identities page in your dashboard to see them.

We’ve now released the ability for anyone to build a integration with Ploy via our Custom connectors. This means tools, applications and databases that were impossible to integrate with before due to being on-prem or generally in-accessible from third party systems can now be integrated with Ploy and enjoy the full suite of Ploy features including user scanning and identity lifecycle management.

Three new connectors landed recently:

• Calendly: pull Calendly user accounts and access into Ploy so scheduling tooling shows up alongside the rest of your SaaS.

• monday.com: full coverage including users, accounts, and access.

• Kandji: device management visibility, with a setup flow that surfaces device counts and ownership during onboarding.

These join the eight integrations we launched in February and continue our push to cover every SaaS your team actually uses.

You can now track what your SaaS access actually costs, right alongside who has it. Open the new Licenses tab on any app to record a license, cost per seat, billing cycle, currency, and the seats you've purchased, and Ploy uses the activity it already tracks to show how many of those seats are recently active, lightly used, or sitting idle.

Each app's tab totals up purchased seats, annual cost, and potential savings, and you can flip any license card to see the exact low-usage accounts behind a wasted-spend figure. Licenses in different currencies roll up to your primary currency automatically, and you'll find new license modules across Reports, including total spend, your biggest savings opportunities, and licenses already at capacity.

To get started, open any app and visit its Licenses tab.

Agents and NHI service accounts, bots, API users, integration credentials, shared mailboxes: are now a first-class identity type in Ploy, alongside humans. Every NHI gets its own page, its own access review treatment, its own status workflow, and lives in a dedicated Non-Human Identities tab in the Identities view.

You can convert existing human-classified identities to NHIs one at a time from a member page, or in bulk from the Identities list, and Ploy preserves the existing group memberships and access grants when it does. NHI-specific filters (provider, type, last seen, MFA status) make it possible to actually act on the long tail of service accounts that have accumulated over years.

This is the foundation a lot of upcoming work builds on: your AI provider keys, scan tokens, integration credentials, and shared mailboxes are no longer mixed in with your humans.