Users

Here is a breakdown of all the information the User Inventory offers: i. Name This column holds the name of the user along with the email and profile picture.

ii. Department This holds the team/department the user belongs to in that organization (if assigned). iii. Applications This column holds the integrated SaaS applications that the user is a member of. iv. Shadow Apps As the name suggests, this column holds the total number of the discovered applications that the user has authorized across your SaaS landscape. iv. Scopes Risk This column holds the overall scope risk for the user based on all the scopes of discovered applications that the user authorized across your SaaS landscape. v. Issues This column holds the total number of issues for the user across your SaaS landscape. vi. Severity This column holds the highest severity of and amongst the issues associated with the user identity.

There are multiple filters available to skim through users:

• User Type:

  • External - the user account has a different domain than the directory/IDP domain

  • Unidentified - the user account does not have an associated domain (email address)

  • Internal - the user account has the same domain as that of the directory/IDP

• User Status:

  • Disabled - The user account is temporarily out of service / suspended

  • Active - The user is actively using the application

• User Role:

  • Privileged - Have administrative / management rights

  • UnPrivileged - Having simple nonadministrative rights

• Account Type:

  • Regular - User-handled account

  • Non-Human (Service account) - Accounts created by/for automated processes, integrations, background tasks, or system jobs

• Claim Status

  • Claimed - accept and associate a user identity to a known account

  • Unclaimed - unassociated unidentified user identity

• Severity

  • The users can be filtered based on the Critical, High, Medium, Low, and All Good severity of issues associated with the user

• Scope

  • The users can be filtered based on Critical, High, Medium, Low, and All Good scope risks of shadow apps authorized by that user

  NOTE: You can apply these filters individually or in combinations of multiple.

Unidentified, Disabled, External is also displayed in front of the user name (even when all filters are cleared).

When clicked on a user a side drawer will appear, this contains detailed information about the user.

The Display Name of the user account and associated email address.

NOTE: If the user has administrative roles associated, a crown icon appears at the top right corner. It also specifies (if applicable) user statues - unidentified, disabled,

Here is a breakdown of all the information the user-side drawer includes:

• Issue Trend - Graphical representation of the rise and fall of the number of Issues associated with this account

• Issues Severity - Total Number along with highest severity. Hovering over severity gives a severity-wise issue count breakdown

• Scopes Risk - Total Number of scopes authorized and highest risk. Hovering over risk gives a risk-wise scope count breakdown

• Shadow Apps - Total Apps discovered and percentage of approved apps

• Applications - The applications where identity is detected with the percentage of managed apps.

• Devices - Number of devices associated with this identity

• Activity - Number of Risky events detected

It also mentions the discovery date of this user and the time the information associated with the user was updated.

1. Issues

   1. Rule - The Rule title tells what security conditions fail causing the issue

   2. Issues - The number of times the issue persists for the user account

   3. Application - The application/s where this issue is discovered

   4. Severity - The impact of not remediating the issue

Hovering over issue describes the issue in detail - what it is, and how it impacts the security of the account/organization. To find more details, click on issue name, or click on three dots and select Show More.

1. Applications

   1. Application - Name of applications the user has access to

   2. Roles - The Number of roles assigned to the user in that application

   3. Issues - Number of user-specific issues associated with that application

   4. Severity - Highest severity amongst identified issue

   5. Last Login - Time passed since the user's account was active

More detailed information about Roles can be obtained by clicking on the down arrow alongside the application.

• Role Name: Name of role found in application

• Role Category: Determine the level of access - read, write, admin, superadmin

• Role Type: If the Role is provided by the application developer or customized by the application user.

1. Shadow Applications

   1. Shadow App - The application discovered by Perimeters that user has granted access to.

   2. Applications - The application to which Shadow App has given access

   3. Trust - Parameter that helps judge the dependability of discovered Shadow application

   4. Scopes - Number of scopes approved

   5. Risk - The highest risk of scope granted

   6. Approval Status - The admin has the functionality to Approve the use for organization users or Disapprove based on the Trust profile curated by security personnel at Perimeters. To change/update or view details about the Shadow application, click on three dots next to the Approval status against that application and select Show More. The application access may be revoked by selecting - 'Revoke'

2. Scopes

   1. Name - Name of the scope

   2. Shadow Apps - The application that requested this scope

   3. Applications - The application that was used to grant the scope

   4. Resource - The resource that scope targets

   5. Type - The applicable operation - read, write, admin

   6. Risk - Risk associated with granting such scope

3. Devices

   1. Device Name - Device on which the last user activity was noted

   2. Applications - The application used on the discovered device

   3. OS Type - Operating System which operates the discovered device

   4. Issues - Security shortfalls identified with the use of the device

   5. Severity - Impact level if issue is not remediated

4. Activity

   1. A graphical representation of time series-based events associated with the user account is shown. The view supports the following filters:

      1. Duration - Can be selected based on customized dates or provided frequently used options

      2. Event - Events can be viewed based on Event type and further based on single event belonging to that type

      3. Application - The application in which the event occurred

      4. Location - The location based on the IP address used to carry out the operation

      5. Severity - The security impact the event may have

   2. Event - Name of the event

   3. Event Type - Resource-based event type

   4. Severity - Impact of the event

   5. Application - Application where event was discovered

   6. Location - The location based on IP address used to carry out the operation

   Clicking the down arrow shows details like IP address, User agent, and Resource information associated with the event. Raw Event can be viewed by clicking on the code symbol next to the location.