Working with Discovered Identities
Viewing a Summary of Discovered Identities
The Identities section provides a summary of all discovered identities across cloud workloads along with the associated access paths and controls.
Cloud Access Management detects all identities — associated with services and users — across your cloud infrastructure, including the following:
In addition, Cloud Access Management can detect federated users and groups that have cloud access via a recognized identity provider. See Viewing Access Information from Identity Providers.
Select Identities in the left navigation menu to view an overview of all identities that Cloud Access Management has discovered across cloud sources, along with the associated access paths and controls.
You can use the top search field to find specific identities. Hover over a colored circle on the graph to view the name of the identity that it represents.
Below the Identities Overview graph is a list of all identities that Cloud Access Management discovered. Select the name of each type of identity listed (users, groups, roles, service accounts, federated users, or federated groups) to filter the list by that type. The selected identity will be highlighted in blue.
You can see the following information for the different identity types:
the name of the user, group, role, service account, federated user, or federated group
the name of the source associated with the identity
the name of the enterprise directory from which the identity came (federated only)
the number of groups the identity is a member of (if applicable)
the number of users within the identity (if applicable)
the number of roles the identity is using out of the total number available (if applicable)
the number of resources the identity is using (out of the total number available)
the number of access privileges the identity is using (out of the total number available)
the most recent date and time when the identity accessed the system (users only)
Select the name of an item in the list to view the details page for that specific item. See below.
Viewing Access Details for an Identity
The details page for an identity provides a summary of security and access policies affecting that identity. Information is organized into tiles based on the type of identity and the data discovered by Cloud Access Management. For example, here's what the details page looks like for a user identity:
Alerts — These numbers represent the violations discovered for this identity based on severity. Select this tile for a detailed view into these alerts. For more information, see Viewing and Triaging Alerts.
Objects — These numbers represent the number of cloud objects and services that this identity is using and the total number the identity has access to through cloud security policies and controls.
Privileges — This number refers to the total number of privileges associated with this identity. For users, federated users, and service accounts, the number of privileges currently being used (out of the total) is also displayed. Select this tile to view the list of privileges along with the usage information in the table below.
Roles — This tile displays the total number of roles currently assigned to this identity, as well as the number that are currently being used (displayed for users, federated users, and service accounts only).
Members — This number refers to the total number of members in the selected group (displayed for groups and federated groups only).
Users — This tile displays the total number of users currently assigned this role, as well as how many users are currently using the access privileges granted by the role (displayed for roles only).
Instances — This tile displays the total number of instances accessible to identities with this role, as well as how many instances are currently being accessed by identities with the role (displayed for roles only).
Select a tile to display more detailed information related to that tile in the list below. The access graph is also updated based on your selection. For information about the access graph, see Using the Access Graph to Understand Relationships.
Viewing an Identity's Total Access
By default, the bottom section of the details page for an identity displays a list of all objects the identity can access, as well as the following information:
the number of access paths being used to control that access
the name of the cloud source associated with the object
the region where the associated cloud instance is located
a summary of admin/read/write access being used (and available)
When you select a tile, the information displayed in the Objects Accessed list changes to match the context of your selection.
Select the plus + sign in the Access Paths column for an entry in the list to view the name of the specific access path to the identity.
Select an access path name to open the policy details in a JSON viewer below.
Viewing Access Information from Identity Providers
Once you have configured and registered your identity provider, you can see that federated access is properly displaying within Cloud Access Management. Federated access includes any users and groups detected from an enterprise directory that have access to cloud roles configured via a registered identity provider.
Select Identities in the left menu and select the name of the type of identities you want to investigate above the table. These are Users, Groups, Roles, Service Accounts, Federated Users, and Federated Groups. For example, selecting Federated Users will display all users who are authenticated into Cloud Access Management via an identity provider such as Azure AD or Okta. With some CSPs, federated users will not have native IAM users or credentials, as they assume temporary cloud role access during their session.
Select one of the entries to see its access graph and accessed objects.