Traditionally - As a process we run collectors to receive active user accounts, accesses & last login date from applications at a set frequency.
Business has a concern - An account is created / re-instated after one collector run, misused & disabled before the next collector run.
To address this, we are asking the application team to send all user accounts (active & deleted) with access details & last login date, there will be alerts generated by the system for any change in permissions / last login date even for deleted accounts.
We are trying to address this by creating & using a customized flag to mark accounts as Inactive / Deleted.
The issue with this approach -
Since the collector is receiving the accounts, the deleted accounts are treated as active & appearing as part of off-boarding requests & user access reviews.
We are looking for a means to mark these accounts as deleted.
- Community Thread
- Data Collection
- Forum Thread
- Identity G&L
- Identity Governance & Lifecycle
- RSA Identity
- RSA Identity G&L
- RSA Identity Governance & Lifecycle
- RSA Identity Governance and Lifecycle
- RSA IGL
I certainly understand the concern, the desire to audit what is happening between collection runs, but really that seems more of an... internal concern as opposed to a product concern. If you have people who are able to create access who you suspect may not be trustworthy... well I don't think any product workaround is going to be able to help with that.