How do you detect non-federated SaaS accounts that are often missed in privileged user audits?

2019/10/03

The modern SaaS-powered workplace typically relies on federating SaaS solutions against a single identity directory such as Azure AD, Google Identity or Okta to simplify user onboarding and offboarding in a highly secure manner.

If there are active accounts in a SaaS solution that are not federated because:

  • They were created before federation was enabled
  • They are default admin accounts
  • They have been created incorrectly
  • They are external / shared / guest accounts

These accounts are exceptions and pose a significant security risk to SaaS solutions holding business critical and customer sensitive data. They will often be missed in privileged user audits, have credentials rotated or removed by user offboarding processes.

Secure what you can't see in the cloud

info@detexian.com
710 Collins Street
Melbourne VIC 3008
Australia
 
9848 Mercy Rd #2
San Diego 92129
USA

Get the latest information about SaaS security misconfigurations

Copyright Detexian 2020 All Rights ReservedTerms & ConditionsPrivacy Policy