Service Accounts
- SecurEnds has updated the process for handling Service Accounts.
- Added a column to the Application page and SOR page with the number of Service Accounts. The count will be 0 until Service Accounts are set up.
- Added the ability to individually assign an identity as a Service Account.
On Application Credentials page, filter status as “Unmatched”, select records and click “Service Account” button.
Selecting “Service Account” in the status dropdown will display all Service Accounts.
A reviewer may be added to a credential by selecting “Update Reviewer” from the action gear.
Assign a reviewer by entering a valid email. Only active emails are valid. Click Update.
Reviewer will now be displayed when clicking Details in the action gear.
- Added the ability to assign identities as Service Accounts in bulk.
Select an application and click “Bulk Assign” in the action gear.
Download unmatched records by selecting type as Unmatched and clicking the Download button.
The file will be downloaded with two additional columns: “Service Account” and “Service Account Reviewer”. Enter “Yes” in the Service Account column to identify the unmatched credential as a Service Account and enter a Service Account Reviewer.
Save the file and upload it to the Bulk Assign page.
The service account count will be updated with the uploaded records.
- Service Accounts are identified on the Application Credentials page, Campaign Review page and Campaign Reports
Review All:
- Service Accounts are included in all campaign types.
SoD – Separation of Duties
- Added the ability to create policies across multiple applications
To create an SoD Policy:
Enter a policy name. If users other than Admin should receive policy violation notifications, add additional user emails. Filter the scope of the policy based on active and inactive users and additional SOR fields via the Identity Filter.
Add a query to set the policy:
Select applications and entitlements to define the policy query.
Use Case 1: Users in application 1 with entitlements A or B cannot have access to application 2 with entitlement C,
To set up the policy, select Application 1 and Entitlements A and B with Entitlement Operator as OR under First Duty. Select Application 2 with Entitlement C under Second Duty.
Use Case 2: No one should have A access to application 1.
To set up the policy, select Application 1 and Entitlement A under First Duty.
Use Case 3: User with access to application 1 can’t have access to application 2.
To set up the policy, select Application 1 and select all entitlements with OR operator under First Duty. Select Application 2 and select all entitlements with OR operator under Second Duty.
- Added a report to show all policy violations
To create an SoD Report:
Enter a unique Report name. Select one or more policies to run the report against and display in the report. Select the frequency of the report – daily, weekly or monthly. Save the report.
In addition to scheduled reports, a report can be run on-demand by selecting Run Report in the action gear. If Last Run Status is “In Progress”, the report may not be re-run. Once the status is success or failure, the report may be re-run.
To view the report, select View in the action gear. If the Last Run Status is in “In Progress” status, the report may not be viewed. To generate a PDF report, click the Export button.
- A new email template was added to notify the Admin of policy violations.
Additional emails will be sent to users set up as “Additional Policy Notifications” when a policy was created.
The report will be attached to the email.
- Added a CSV attachment to the Recipients List email with the list of reviewers. Previously the list was only in the body of the email.
For example, the following file is attached to the Recipients List email below.
Identities
- Added support for mapping of SOR custom fields when ILM is configured. Once mapping has been done, the mapping is retained on subsequent imports of the SOR.
For example, a custom field will be imported in the CSV SOR import file titled “Custom Field” with a value of “Custom Data” for the first record.
“Custom Field” has been mapped to “Employee Type”.
After the import, on the People page, the Employee Type is populated with the value of column “Custom Field”, which is “Custom Data”.
- Added Last Authentication date from connector SORs on the People page.
On the People page, Last Authentication column is now displayed.
When creating a campaign template, the Advanced Identity filter can be selected to filter on Last Authentication Date.
Last Authentication may be selected to filter users in the campaign.
Connectors
- Added Lawson HR connector via sFTP
Campaigns
- Added notes to Campaign PDF Report