A requirement to match records brought in to the SecurEnds system is that an email be associated to that record. For Service Accounts, email is typically not included upon creation, so there is an alternate solution that can be leveraged.
The Psuedo-Account Strategy
You can consider this strategy for those Active/Terminated users and for Service accounts or other records that cannot be matched to a user in the People view.
Simply assigning the unmatched users to an identity in the People view with the manager that you want to perform the review may “muddy” the list of entitlements under that assigned user. Meaning, when you view that person’s list of entitlements, they will have their own entitlements for the respective application PLUS all these others which you want to Bulk Assigned. Not really a true view of that person’s entitlement list.
Instead, we can create a new identity or Pseudo-user within the People tab. Providing a meaningful name, a dummy email address and the actual manager email address who you would like to review these accounts/entitlements. Then Bulk Assign those unmatched records to this pseudo-user. Then that pseudo-user will appear in reviews under that manager. Here is an example.
Then, when you go thru the Bulk Assign, update the IAM User field in the CSV to firstname.lastname@example.org. Then upload. All those records will be assigned to “Mr. Appname Inactive Terminated” who has the manager you provided. You can create as many pseudo-users as you need to account for all the unmatched records that you want to assign to someone. Keep in mind that each pseudo-user will need their own dummy email address.
How do I review service accounts, role or group permissions for CSV applications?
Powered by BetterDocs
Other product and company names mentioned herein are the property of their respective owners.
It’s official, SecurEnds raises $21M Series A! For more details, check out our Press Release and a message from our CEO.