Skip to content

Viewing the User Inventory

Select Inventory > Users from the left panel to view of all users discovered across your organization.

Selecting a user record opens the detail panel with detailed contextual information, including user accounts correlated to the user. Selecting a user account record displays the graphical view, highlighting the authentication relationship between a user and an application account.

SaaS View

The SaaS view displays a list of all application accounts an active user has logged into. By default, non-corporate applications that users log in to with their consumer credentials are hidden from the User Inventory. To display all applications, select the Suitcase icon .

When a user leaves the organization and their IdP account is deactivated, SailPoint Accelerated Application Management automatically detects the offboarded state.

When viewing a deactivated user, the SaaS View displays access status as follows:

  • Applications accessed exclusively through SSO display greyed out, indicating that access has already been revoked as a result of SSO deactivation.
  • Applications accessed through local (non-SSO) credentials are marked with a warning indicator, highlighting that access may still be active and require manual offboarding.

Offboarding View

The Offboarding view provides details on the status of application accounts for the offboarded user.

Required tab

The Required tab lists application accounts that must be manually offboarded.

Manually offboarded accounts cover:

  • Access was granted through direct (local) authentication, and is not automatically revoked when SSO is disabled.
  • The application is identified as a corporate asset, either:
    • Explicitly marked as sanctioned or labeled in the application inventory, or;
    • Identified automatically using SailPoint Application Discovery’s out-of-the-box application intelligence.

Important

If the application is not governed by an Identity Governance and Administration process, these accounts will require manual offboarding and should be verified to ensure access is disabled.

Review tab

The Review tab lists application accounts accessed using corporate credentials, but where it is unclear whether the application is a corporate asset.

Examples include:

  • Conference or event platforms.
  • Travel or booking sites.
  • Other third-party services not necessarily work-related.

These applications require a decision:

  • If offboarding is required, the application can be moved to Required.
  • Once moved, the application is treated as required globally and will appear under the Required tab for all future offboarded users.

Excluded tab

The Excluded tab lists applications where access was granted only through SSO. Access to these applications is automatically revoked when SSO is disabled, so no additional offboarding action is required.

Building a Basic User Search Query

Basic search queries can be created by searching for a username or part a username and selecting the filter dropdowns to refine your search criteria.

To build a basic search query:

  1. Go to Inventory > Users from the left panel.

  2. (Optional) Enter a username or part of a username in the search.

  3. Select the Status filter dropdown to refine your search.