Former Employee Token
Eco-system support
-
AWS Secrets Manager
-
Azure Key Vault
-
GCP Secrets Manager
-
GitHub Action Secrets
Description
Ex-employees cease to be trusted parties, and any lingering access to the organization signifies a potential security threat. To better protect your company, incorporate the removal of former employees' tokens into your off-boarding process.
Risk triggers
-
Identity deactivated in at-least one integration, but not deactivated in others.
-
SailPoint Entro was able to link tokens to the identity owner, across multiple accounts and integrations.
Mitigation
Ex-employee token to be revoked
-
Deactivate Access Token
- here are instructions per integration in the platform to verify activity and revoke the tokens