- 29 Sep 2023
- 5 Minutes to read
- Print
- DarkLight
- PDF
Step 5: Running an Access Review
- Updated on 29 Sep 2023
- 5 Minutes to read
- Print
- DarkLight
- PDF
Generating an Access review
We want to verify the access people have to the SOC 2 - SQL database application, and for that, we will run a User Access Review (UAR) to visualize the current state of access for that application, and approve or deny access easily.
You can name your review whatever you would like, but it is best to be descriptive. For this example, we'll go against that advice and give it the name "Getting Started".
We will then assign the items to be reviewed by the user's supervisor, and if there is not one, it will fall back to the Default Reviewer we select. This will let you select Identities that have the Manager or Access Certification Admin Entitlement.
As this is a one-time review, we will set the frequency to Once, a start date of Today, and how many business days to complete the review. (This features takes into account not only weekends but, US bank holidays as well.)
Finally, we will set the Rubber Stamping Risk threshold to 70. If the Risk Score is under the threshold you set for Rubber Stamping you will be able to perform bulk approval or denial actions within the UAR.
Next, we will select Material Apps for the Type and SOC 2 - SQL for the Application. We do not need to add any exclusions at this time. If you wanted to exclude Supervisors for example, you could select one, or all that you do not want to be included in the Review.
Once you have these fields filled out, you can click Create Review.
Depending on the number of items in the review, it may take some time to compile before it is shown in the list. Once your review has been generated, you should refresh the Access Reviews page to see the review you just made listed.
By default, all Access Reviews are collapsed and show the Summary view. Using the arrow next to the Actions button will expand the UAR and show you a more detailed overview of the progress.
Reviewing
Now we need to review the items assigned to us. Click the Actions button and select Review My Items from the dropdown menu.
For more information on the other options for the Actions menu, see the What are Access Reviews? article.
This will open the Review, and present you with the items assigned to you. By default, the list is sorted by descending Risk score, and the first item is expanded to show details on the access.
This includes an Access Overlap that compares the Identity to others in the same Role. You will also see other contextual information, such as when they were granted access, if the access expires, when the last review occurred, and by whom, and how many times it has been reviewed.
If the Entitlement has a definition, it will be listed in this view as well. As well as any notes added by the Reviewer or Remediator will be shown here to both people. You can add notes by clicking the Pencil Icon next to the Red X.
The Role, or Access, Overlap feature provides you with a percentage of the overlap between other Identities in your organization. This will provide you with information based on your Role configuration in your Organizational Units. The example above breaks this down by Global (Company-wide), the Department, and then the Job Title. The lower the percentage, the higher the chance of the access being anomalous.
There are two actions you can choose to take on this item. We will select Access is Inappropriate.
Action | Description |
---|---|
No Longer Needs Access | Informs the Remediator that the Access should have expired, and removed from the associated Identity. |
Access is Inappropriate | Lets the Remediator know that this Identity should not have had this access, and may prompt investigation into why they have it. |
We have reviewed some of the High Risk items and want to Rubber Stamp the selected items. Clicking Approve Selected items, will launch a popup with the number of items you have selected, your threshold, and the number of eligible items. We will Approve the Eligible Items..
As you can see in the screenshot above, we selected 9 items, but only 7 were Approved. The remaining items, due to being over the threshold, will still require manual review.
You can opt to show your completed items by clicking the toggle for Show Completed Items at the top right of your Access Review. This will show both complete and incomplete items. If you have approved or denied anything, they will show on this list with a highlighted button for the action taken.
Now, to review the final remaining items to complete the review.
Remediating the Access Review
Now that the Access Review has been completed by those assigned to it, it's time to Remediate. In this process, we will be approving or denying the suggestions made by the reviewers.
For more information on the other options for the Actions menu, see the What are Access Reviews? article.
This will bring you to the Remediation view of an Access Review. You can view any notes added by the reviewer, and add your notes as well under the Remediator's Notes section.
Clicking the red Remediate button will open a popup allowing you to choose to Auto or Manually Deprovision the access, or Reject the recommended action. We highly recommend using the notes, especially if you are Rejecting the recommendation of the Reviews.
Auto Deprovisioning requires your applications to have the Trust Permission set to Write or Read + Provision/Deprovision Entitlements and Users. If you do not have Provisioning enabled, the Remediation status will show as "Pending Manual Deprovision" on the UAR after the next application sync.
Manually Deprovisioning will set the Remediation Status to Pending Manual Deprovisioning, and require Deprovisioning in the Downstream Application.
Congratulations, you've completed an Access Review, and our Getting Started With Clarity series.
If you have any problems, contact your customer success team. You can also get in touch with our general support via email, open a support ticket. Our general support team is available Monday - Friday from 8:00 AM - 6:30 PM CST.