Documents

Coming into implementation it is expected that the SOW will be defined, signed off, and delivered to our implementation team prior to kick-off call. We also ask everyone be familiar with our questionnaire.

Know who’s important 

To ensure automation of your access review process as fast as possible, do some digging internally. Find out who is needed to facilitate connection to your applications. This could be application owners, super admins, senior analysts who run the review process, or your trusted project managers that can run a tight ship. Having all the key players present will reduce repeat questions and the number of meetings required.

Clearly defining who is needed for what part of the review and technical implementation process (ex. SSO admin needed for SSO configuration) will significantly increase time to value.

Prepare you data 

If you know certain applications will be set up with a file upload, pull that data ahead of time and have it cleaned to match SecurEnds’ ingestion formatting. Having clean data available will ensure our team can set up file upload systems of record and applications for you, on a single call.

Please reference File Upload for general formatting best practices.

Please reference Set up SOR  on how to establish a file based System of Record

Please reference Set Up Application on how to properly establish a file based applications

Whitelist SecurEnds Domain 

We ask all our clients to have their email administrators whitelist the @securends.com domain. This will ensure proper functionality of SecurEnds’s features and reduce communication mishaps during implementations. We also encourage everyone apart of the implementation to raise questions, so everyone’s understanding goes up. Ask, learn, own the tool, and save time doing access reviews.

The post Pre Implementation Phase appeared first on SecurEnds.

How To: System of Record File Upload 

File Upload SOR Use Case: When reviewing special employees that are housed in separate applications outside the traditional SOR (ex. Active Directory) a best practice is to establish a separate SOR to review these employees. Common example being contractors whose identities live elsewhere.

NOTE: When establishing multiple System of Records, no one user can exist in multiple SORs. Each SOR must have information unique to itself or overwrite issues will happen when updates are made to SORs which share user data.

All instructions related to setting up a SOR via file upload are located here.

When uploading SOR, column names must exactly match example .csv file headers; however, only some columns are required.

SecurEnds requires certain columns to successfully import, they are shown above. Employee Middle Name and Employee ID can be left blank (as shown above) but the column headers must be present. Additional columns and information beyond what is required can be brought into the system and displayed during a review (see below screenshot for information display), but will not be utilized by the tool.

Required columns:

• Employee First Name
• Employee Last Name
• Employee Email ID
  • Typically an email or other unique identifier
• Employee Type (Four employee types exist. If not matching the four examples, the Employee Type field will be blank in “Peoples” tab within SecurEnds)
  • Regular
  • Contractor
  • External
  • System Account
• Employee Access Status
• Manager Email ID

• Accepted file formats:
  • Comma Separated Values (.csv)
  • .xlsx
  • .xls

How To: Application File Upload 

File Upload Application Best Practice: It is common for entire applications to be established via a file upload. When applications are costly and/or time consuming to connect to the cloud (ex. on-prem or homegrown) or when a specific group of users needs to be reviewed, file uploads are used. Simply retrieve data from the selected application in file format, upload, and sync to SecurEnds.

All instructions related to setting up an Application via file upload are located here.

The application file upload is similar to the SOR upload; the differences are mapping capabilities and the information required. Mapping of columns exists within SecurEnds’ platform. Mapping allows .csv file columns to be custom matched with designated SecurEnds properties. See mapping below.

Within the displayed mapping window, you will be able to select the columns from your file in the drop down to align with the SecurEnds fields on the left. The columns with the red stars are required; however, only some are absolutely necessary. Dependent on a successful file upload is information contained within Email ID and Login ID. Employee First Name and Employee Last Name are required to have a header mapped, but can be void of information and still allow for a successful file load. Not stating First or Last names will not hinder upload, but it will negate the use of fuzzy logic for name and matching suggestions.

• Employee First Name
• Employee Last Name
• Employee Email ID
• Credential
  • Email ID or User ID can also be utilized as Login ID.

Application Upload Use Case: A company once conducted a review of their devices (telephones, headsets, etc.) which had been loaned to employees to allow Work From Home. A “Devices” application was set up within SecurEnds to review these devices. Naturally, Employee First Name and Employee Last Name left blank, while Email ID was the device owning employee’s email and Login ID was the same. Entitlement and Entitlement Description columns were assigned details about the object. Data was successfully imported and select reviewers were able to manage their devices amongst WFH employees.

Using the nuances of the file upload allows creative application set ups and reviews. Also allows creation of applications for users/objects with little information present.

Pictured above is a sample application .csv file. Columns headed Entitlement and Entitlement Description are not required but are a recommended to add as the information will be displayed in the review screen for the end reviewer.

Below is the view of a user being reviewed within SecurEnds. User Adam Nevaeh is being reviewed by Austin Baker. Austin will see any additional information like Entitlement & Entitlement Description within the box.

• Accepted file formats:
  • Comma Separated Values (.csv)
  • .xls
  • .xlsx

Note: In the case a user has multiple entitlements, their separate entitlement must exist in a separate row.

Note: The nature of file uploads requires updating and syncing the information between reviews. Remember to upload updated files for your SORs and applications before conducting new reviews.

You should now be able to create systems of record and applications using file uploads within SecurEnds. This is a DIY way to add and review as many applications as needed. 

The post File Uploads appeared first on SecurEnds.

• Set up and understanding of instance
• Installation of SecurEnds agent *on premise only*
• Configure System of Record (SOR)
• Configure Applications
• Data Validation

Understanding your Instance

SecurEnds stands up organization specific instances. The domain will always be “companyname.securends.com” unless specified otherwise.

Your first interaction with SecurEnds will look like this:

Selecting New User will prompt you to submit your email to which you will receive a link to set a password for your new account.

Note: New SecurEnds admins are to set up selected users and designated access to the user within the Peoples tab in the tool. Users can be provisioned SecurEnds access (ADMIN, APPLICATION, AUDIT, or ACCESS) within Configuration > Roles > Configure.

For more information regarding logging into your new instance please navigate to Login

Installation of SecurEnds Agent

In pre implementation, scope should be defined and decision to utilize and deploy our agent is determined. If deploying agent please see here for additional resources.

Configure System of Record (SOR)

Deciding the chosen SOR is key to successful reviews within SecurEnds. It can be a singular SOR or multiple as long as it is a comprehensive list of users within scope of upcoming reviews. Everything related to SOR information and set up is listed here.

Configure Applications

Applications in scope for review need to have their information brought into SecurEnds. This happens via connector, flex connector, or file upload. Documentation for each exists in this help center. During implementation, clients will need to designate application owners to own the notifications related to the application’s review.

Data Validation

We ask that you familiarize yourself with SecurEnds’ methods of data ingestion. We have a solution for ingesting information from all applications (on-prem, cloud / SaaS, homegrown, etc.) but each method is different. Know which application’s are going to be brought into SecurEnds and familiarize yourself with our variety of data ingestion methods.

Browse the list of SecurEnds connectors: here.

Data Validation Steps Performed by Client:

• Confirms imported data from CSVs and connectors are correct
• Performs data clean up if needed
• Matches unmatched records between application and SOR
• Excludes records not in scope
• Review any skipped records and remediate exceptions

Data Formatting

Data formatting is the foundation for bringing your data into SecurEnds, to do this efficiently, please follow the proper file upload formatting. We have a section dedicated to proper data formats and file types for proper upload into SecurEnds, in the event application data is best to be uploaded via .csv / excel file.

Many questions arise during implementations due to file formatting issues. We request you familiarize your team with SecurEnds file upload standards now so they can have greater success going forward.

Please see file formatting here.

The post Set up Phase appeared first on SecurEnds.

Steps to Completion:

1. Walkthrough the process to create, launch, and review a campaign
2. Provide Managers (reviewers) with training documentation
3. Discuss lessons learned and any items brought up from the test review
4. Finalize any issues found during User Acceptance Test (UAT) Campaign
5. Sign-off on UAT Testing and ready for a Production launch of a Campaign

The post Testing and Review Phase appeared first on SecurEnds.