Skip to content

Working with Discovered Identities

Viewing a Summary of Discovered Identities

Cloud Access Management detects all identities associated with services and users across your cloud infrastructure. You can see a summary of all discovered identities across cloud workloads along with the associated access paths and controls, including:

Users Service accounts
Groups Instances
Roles Lambdas

In addition, Cloud Access Management can detect federated users and groups that have cloud access via a recognized identity provider. See Viewing Access Information from Identity Providers.

Select Identities in the left navigation menu to see a list of all of the identities that Cloud Access Management discovered. Select the name of a type of identity listed (users, groups, roles, service accounts, federated users, or federated groups) to filter the list by that type.

You can see the following information for the different identity types:

  • the name of the user, group, role, service account, federated user, or federated group

  • the source associated with the identity

  • the name of the enterprise directory from which the identity came (federated only)

  • the most recent date and time when the user or role accessed the system

Select the name of an item in the list to view the access details for that specific item.

Viewing Access Details for an Identity

The details page for an identity provides a summary of security and access policies affecting that identity. Information is organized into tiles based on the type of identity and the data discovered by Cloud Access Management. For example, here's what the details page looks like for a user identity:

Alerts — These numbers represent the violations discovered for this identity based on severity. Select this tile for a detailed view into these alerts. For more information, see Viewing and Triaging Alerts.

Objects — These numbers represent the number of cloud objects and services that this identity is using and the total number the identity has access to through cloud security policies and controls.

Privileges — This number refers to the total number of privileges associated with this identity. For users, federated users, and service accounts, the number of privileges currently being used (out of the total) is also displayed. Select this tile to view the list of privileges along with the usage information in the table below.

Roles — This tile displays the total number of roles currently assigned to this identity, as well as the number that are currently being used (displayed for users, federated users, and service accounts only).

Members — This number refers to the total number of members in the selected group (displayed for groups and federated groups only).

Users — This tile displays the total number of users currently assigned this role, as well as how many users are currently using the access privileges granted by the role (displayed for roles only).

Instances — This tile displays the total number of instances accessible to identities with this role, as well as how many instances are currently being accessed by identities with the role (displayed for roles only).

Select a tile to display more detailed information related to that tile in the list below. The access graph is also updated based on your selection. For information about the access graph, see Using the Access Graph to Understand Relationships.

Viewing an Identity's Total Access

By default, the bottom section of the details page for an identity displays a list of all objects the identity can access, as well as the following information:

  • the number of access paths being used to control that access

  • the name of the cloud source associated with the object

  • the region where the associated cloud instance is located

  • a summary of admin/read/write access being used (and available)

Note

When you select a tile, the information displayed in the Objects Accessed list changes to match the context of your selection.

Select the plus + sign in the Access Paths column for an entry in the list to view the name of the specific access path to the identity.

Select an access path name to open the policy details in a JSON viewer below.

Viewing Access Information from Identity Providers

Once you have configured and registered your identity provider, you can see that federated access is properly displaying within Cloud Access Management. Federated access includes any users and groups detected from an enterprise directory that have access to cloud roles configured via a registered identity provider.

Select Identities in the left navigation menu and select the name of the type of identities you want to investigate above the table. These are Users, Groups, Roles, Service Accounts, Federated Users, and Federated Groups. For example, selecting Federated Users will display all users who are authenticated into Cloud Access Management via an identity provider such as Azure AD. With some CSPs, federated users will not have native IAM users or credentials, as they assume temporary cloud role access during their session.

Select an entry to see its access graph and accessed objects.