Now Hiring: Are you a driven and motivated 1st Line IT Support Engineer?

Applications exist in SecurEnds just like they would exist within an organization. Each application set up in SecurEnds contains the user information relating to that user’s access of that application.

Functionality #

Admins are able to add Applications to match identities across the established System of Record. Applications in SecurEnds reflect the applications within the organization, usually being a mirror image. You can connect your Application to SecurEnds via a CSV file, Flex Connector, or Pre-built Connector.

Applications within SecurEnds can show credentials and/or entitlements in list view, with ability to export. Application data plugs in with Identity Mindmap allowing tracking of identities across multiple applications. Upon setting up an application within SecurEnds, you are prompted to choose your desired ticketing method. The desired ticketing output is application specific or can be universally configured.

Interpreting Application Data within SecurEnds #

This is a view of the landing page under the Applications tab. When creating a new application, all users will fall into one of six buckets designating status of user information. All numbers present under the headers can be clicked into for list view. Report is exportable. Notice the outlined column headers below:

  • Skipped: Two reasons why a user is “skipped”
    • User is missing required information
    • Duplicate user/entitlement/credential
  • Matched: The ideal bucket
    • Shows a user’s unique identifier (email, user ID, etc.) in the application has matched with the same identifier in the SOR.
  • UnMatched: Means the application user data is in SecurEnds, but no match found within SOR
    • Reasons for UnMatched:
      • User has different unique identifier in SOR
      • User is not in SOR
      • Service Accounts

Service Account Use Case: Service accounts are housed within an application and rarely present in an HRIS system or chosen SOR. This commonly causes service accounts to fall in the “UnMatched” bucket. A best practice for accurately identifying service accounts is to create a SOR specifically for service accounts. This will allow matching upon loading application data and an easy viewable list of all service accounts in scope for reviews. Or service accounts can simply be Excluded.

  • Excluded: Destination for users which will be left out of access reviews and associated campaigns
    • Exclude users by clicking into “Matched” users pool and clicking “Action” > “Exclude”
    • Can restore “Excluded” users to normal status
  • Deleted: Similar function to Excluded
    • Deleted users are left out of access reviews and associated campaigns
    • Can be restored to normal status
  • Purged: Acts as a historical record of access changes within your application
    • Users who have had accesses revoked during a review will fall into this bucket
    • System detects access changes when resyncing post review and “purges” users within SecurEnds who have had their access revoked. This allows admins to determine best course of action for purged users

For more information regarding adding Applications via CSV file upload, click here

For more information regarding adding Application via Connector, click here.

Powered by BetterDocs