Former Employee Token Is Enabled
Description
Ex-employees cease to be trusted parties, and any lingering access to the organization signifies a potential security threat. To better protect your company, incorporate the removal of former employees' tokens into your off-boarding process.

Risk triggers
-
Identity deactivated in at-least one integration, but not deactivated in others.
-
SailPoint Entro was able to link tokens to the identity owner, across multiple accounts and integrations.
Mitigation
Ex-employee token should be revoked.
-
Deactivate Access Token.
-
There are instructions per integration in the platform to verify activity and revoke the tokens.
JSON Example
Risk JSON
Linked Element (Vaulted Secret/NHI Token) JSON