Skip to content

Working with Discovered Identities

Viewing a Summary of Discovered Identities

The Identities section provides a summary of all discovered identities across cloud workloads along with the associated security policies and controls.

Cloud Access Management detects all identities — associated with services and users — across your cloud infrastructure, including the following:

  • Service accounts

  • Roles

  • Groups

  • Users

  • Instances

  • Lambdas

Select Identities in the left navigation menu to view an overview of all identities that Cloud Access Management has discovered across cloud accounts, along with the associated security policies and controls.

Hover over a colored circle on the graph to view the name of the specific identity that it represents.

Below the Identities Overview graph is a list of all identities that Cloud Access Management discovered, along with the following information:

  • the name of the user, group, role, or service account

  • the name of the account associated with the identity

  • the number of groups the identity is a member of (if applicable)

  • the number of roles the identity is using out of the total number available (if applicable)

  • the number of resources the identity is using (out of the total number available)

  • the number of access privileges the identity is using (out of the total available)

  • the most recent date and time when the identity accessed the system (users only)

Select the name of each type of identity listed (for example, users, groups, roles, service accounts) to filter the list by that type.

Select the name of the user, group, role, or service account to see the access graph for that identity.

You can also use the search field above the list to search for a specific identity by name.

Select the name of an item in the list to view the details page for that specific item.

Viewing Access Details for an Identity

The details page for an identity provides a summary of security and access policies affecting that identity. Information is organized into tiles, based on the type of identity and the data discovered by Cloud Access Management. For example, here's what the details page looks like for an identity:

Alerts — These numbers represent the violations discovered for this identity based on severity. Select this tile for a detailed view into these alerts. For more information, see Viewing and Triaging Alerts.

Objects — These numbers represent the number of cloud objects and services that this identity is using and the total number the identity has access to through cloud security policies and controls.

Privileges — This number refers to the total number of privileges associated with this identity. For users and service accounts, the number of privileges currently being used (out of the total) is also displayed. Select this tile to view the list of privileges along with the usage information in the table below.

Roles — This tile displays the total number of roles currently assigned to this identity, as well as the number that are currently being used (displayed for users and service accounts only).

Members — This number refers to the total number of members in the selected group (displayed for groups only).

Users — This tile displays the total number of users currently assigned this role, as well as how many users are currently using the access privileges granted by the role (displayed for roles only).

Instances — This tile displays the total number of instances accessible to identities with this role, as well as how many instances are currently being accessed by identities with the role (displayed for roles only).

Select a tile to display more detailed information related to that tile in the list below. The access graph is also updated based on your selection. For information about the access graph, see Using the Access Graph to Understand Relationships.

Viewing an Identity's Total Access

By default, the bottom section of the details page for an identity displays a list of all objects the identity can access, as well as the following information:

  • the number of policies being used to control that access

  • the name of the cloud account associated with the object

  • the region where the associated cloud instance is located

  • a summary of admin/read/write access being used (and available)

Note

When you select a tile, the information displayed in the Objects Accessed list changes to match the context of your selection.

Select the plus + sign in the Policies column for an entry in the list to view the name of the specific policy that is granting the access to the identity.

Select a policy name to open the policy details in a .json viewer below.

Viewing Access Information from Identity Providers

Once you have configured and registered your identity provider, you can see the federated access is properly displaying within Cloud Access Management. Select Identities in the left menu and choose an identity to view its access.

In the example below, the Azure AD group has access to AWS resources (KMS and Lambdas services) via the IDP mapping to an AWS role: