New EA Feature: Application Access Audit Skip to main content
https://support.okta.com/help/blogdetail?id=a672a000000xcfhqa0&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fblogdetail
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.

New EA Feature: Application Access Audit

Apr 20, 2017 | by Aaron Yee in Lifecycle Management

Introduction 

Hi Okta customers! I'm excited to announce that we enhanced our Application Access Audit reports that were originally introduced in beta in October 2016 (see previous post for details)! We incorporated customer feedback into the new version of these reports, which is now in early access (EA).  

The EA version of Application Access Audit reports comprise two reports: Current Assignments and Recent Unassignments. The former lists users who are currently assigned to an app. The latter lists users who were unassigned from an app during a specific timeframe. The enhancements include the following: 

Current Assignments Report 

  • Better location for easier navigation
    • Listed under the reports page as “Current Assignments” 
    • Reports appear in the admin console and a downloadable CSV 
  • Two views
    • ​By app: list of all users assigned to an app 
    • By user: list of all apps that a specific user is assigned 
User-added image
  • Rich metadata about the assignment
    • ​Okta username, app username, user full name 
    • Date of assignment (when the user was assigned the app) 
    • Assignment type (how the user got access – e.g. individual or group assignment) 
    • Name of individual or group that granted access 
    • Date/time of last login to app 
  • Ability to add other attributes/entitlements to the reports 
    • ​Let the customer choose which additional fields to expose in reports 
    • Fields appear in in admin console and downloadable CSV
User-added image

Recent Unassignments 

  • Better location for easier navigation 
  • ​Listed under the reports page as “Recent Assignments” 


Background 

Many customers are subject to regular audits of access to their applications, and these reports help them. Audits are driven primarily by regulatory compliance and secondarily by company-wide security policies. Performing audits is painstaking since customers must collect data from various sources, filter for meaningful data (attributes/entitlements), and determine whether access is amiss.  This is often done manually for each app. 

These reports are generated per application, so Okta provides separate reports for Box, Office 365, Google Apps, etc. The reports can be downloaded in a CSV format, making it easy for admins to collect data and feed it into other tools. Admins can see how users were assigned to apps (individual assignments, group assignments, group assignments via group membership rules, etc.), and decide which assignments should be scrutinized further. For example, people who were assigned to apps via group membership rules (e.g. anyone with department "sales" gets SalesForce access) might meet your organization's security standards. But people who were granted access to an app by an individual might need to be examined more closely. 

Use-Cases 

This feature is useful in the following situations:    

  • As an admin, I want a list of users who are assigned to app X 
  • ​I want to know what the users' attribute values should be in app X  
  • I want to know how the users got access 
  • I want to know when the users got access 
  • I want to give this list to the app owner, so he can verify access is properly assigned 
  • As an admin, I want a list of all apps that user A, user B, and user C have 
  • As an admin, I want a list of users who were revoked from app X between date A and date B  
  • I want to give this list to the app owner, so he can verify access was revoked 


General Guidance 

Current Assignments Report 

  • This report is not recommended for apps with more than 50,000 users assigned 
  • ​Downloading the CSV report may take up to 15 minutes 
  • If the user navigates away from the page, the download will stop 


Recent Unassignments Report 

  • Downloading the CSV report may take up to 3 minutes 
  • ​If the user navigates away from the page, the download will stop 


To Use this Feature 

We hope you like these improvements! Customers have been asking us to help them identify who has access to what, and these reports offer several views of that data and the flexibility to add other attributes to the reports.

This feature is EA, so it's fully supported. Contact Okta support to enable it in your org. If you have any feedback, please email olm@okta.com (subject line: Feedback for AAA Reports). 

Comments