Do we have any OOTB feature to identify or flag the change of access if it is being done outside RSA IAM solution?
Do we have any OOTB feature to identify or flag the change of access if it is being done outside RSA IAM solution?
Yes, you can use the Unauthorized Change Detection rule type for this purpose. The first time you run the rule it will create a baseline and from the next run it will start detecting these changes.
Yes, you can use a rule type Unauthorized Change Detection
This rule detects entitlements to business sources granted to accounts that were not approved in a change request in RSA Identity Governance and Lifecycle.
For example, a user is granted an entitlement to a business source through his/her account outside of RSA Identity Governance and Lifecycle.
Subsequent data collections collect the account and the entitlement. When the rule is processed, it detects that there is no record of an approved change request for the addition of such entitlement in RSA Identity Governance and Lifecycle.
That constitutes the unauthorized change you can choose to address with email notification and change request generation actions.
Please clarify, does this rule also checks for unauthorised accounts as well.
e.g. someone with admin access created an account directly in application's repository.
Regards
Yes it checks only unauthorized accounts as mentioned in the description of the rule.
As far as I know, if it's only an account with no authorizations, the rule will not detect it.
Yes, you can use the Unauthorized Change Detection rule type for this purpose. The first time you run the rule it will create a baseline and from the next run it will start detecting these changes.