Now Hiring: Are you a driven and motivated 1st Line IT Support Engineer?

How do I manage unmatched Service Accounts?

Unmatched Service Accounts in your System of Record (SOR) #

A requirement to match records brought in to the SecurEnds system is that an email be associated to that record. For Service Accounts, email is typically not included upon creation, so there is an alternate solution that can be leveraged.

The Psuedo-Account Strategy

You can consider this strategy for those Active/Terminated users and for Service accounts or other records that cannot be matched to a user in the People view.

Simply assigning the unmatched users to an identity in the People view with the manager that you want to perform the review may “muddy” the list of entitlements under that assigned user. Meaning, when you view that person’s list of entitlements, they will have their own entitlements for the respective application PLUS all these others which you want to Bulk Assigned. Not really a true view of that person’s entitlement list.

Instead, we can create a new identity or Pseudo-user within the People tab. Providing a meaningful name, a dummy email address and the actual manager email address who you would like to review these accounts/entitlements. Then Bulk Assign those unmatched records to this pseudo-user. Then that pseudo-user will appear in reviews under that manager. Here is an example.

  • People -> Select Add
  • Employee Type = Regular
  • Employee First Name = AppName
  • Employee Last Name = Inactive Terminated
  • Employee Email Address = noemail1@mycompany.com
  • Manager Email ID = The email address of the manager who will be reviewing the inactive/terminated entitlement or users.
  • You can add additional attributes if needed but that is options

Then, when you go thru the Bulk Assign, update the IAM User field in the CSV to noemail1@mycompany.com. Then upload. All those records will be assigned to “Mr. Appname Inactive Terminated” who has the manager you provided. You can create as many pseudo-users as you need to account for all the unmatched records that you want to assign to someone. Keep in mind that each pseudo-user will need their own dummy email address.

How do I review service accounts, role or group permissions for CSV applications?

Powered by BetterDocs

open

It’s official, SecurEnds raises $21M Series A! For more details, check out our Press Release and a message from our CEO.