Starling Identity Analytics & Risk Intelligence Hosted - User Guide

Starling Identity Analytics & Risk Intelligence Getting started Settings Collaborators Collector agents Licensing Rules Risk Verification Reports

Verification

Topics:

Introduction to Verification

Starling Identity Analytics & Risk Intelligence allows administrators and verifiers the ability to review entitlement verification requests for the high risk users within their data sources. Verification does not automatically alter your data source to correspond with the decisions recorded for a user within Starling Identity Analytics & Risk Intelligence. Instead, the verification feature is a way for you to easily understand, make, and track decisions regarding user access.

For example, Starling Identity Analytics & Risk Intelligence alerts you to there being a new high risk user due to an account being granted the ability to create groups within Active Roles. This capability is outside the normal responsibilities for this account, so you request that a verifier (other than yourself) take a second look at the appropriateness of this access (see Requesting verification). That verifier can then either approve it as being acceptable or they can mark it as being unacceptable (see Verifying high risk entitlement requests). Once a response has been received, you will have a record of the request within Starling Identity Analytics & Risk Intelligence in case this access level is ever questioned. And in cases where the decision was that the access was inappropriate, you have a record of that user needing to be removed from the rule within Active Roles.

This verification process is available to users designated as administrator or verifier for the Starling Identity Analytics & Risk Intelligence service using the Collaborators page.

NOTE: Collaborators that are only assigned the verifier role will only be allowed to access this page within Starling Identity Analytics & Risk Intelligence. All other configuration pages will be hidden from verifiers unless they are assigned the administrator role. In addition, verifiers will only see the items assigned to them on this page whereas administrators will see all verifications.

Verification page

The Verification page is displayed when the Verification link is clicked in the navigation bar. The Verification page is used for reviewing entitlement verification requests for high risk users.

IMPORTANT: Administrators will see information on all verifications while verifiers will only see the items assigned to them.

IMPORTANT: Should a data source instance be purged, account data related to the instance will be permanently removed from the verification history. This includes verification details for the requests related to the purged data source instance and requests with no remaining associated data source instances.

The following information and options appear on this page:

Approved Requests

This is the number of requests that have already been approved.

Pending Requests

This is the number of requests that have yet to be responded to by the assigned verifier.

Rejected Requests

This is the number of requests that have been rejected. The rejected requests should be reviewed and any necessary changes made within the data source to ensure a user has not been granted access beyond that which is required for their position.

NOTE: Customers that use ServiceNow can create incident tickets for rejected requests. For more information, see Connecting with ServiceNow.
Show

This drop-down menu is for selecting the types of requests to display on this page. The following options are available: All requests, Approved requests only, Pending requests only (default), Rejected requests only, or Canceled requests only.

Hovering over this button displays a search box used to locate specific requests within the listed verifications. To search, click in the empty field and start typing the name of the request in the field and the table will automatically update to display requests that match. If you have configured ServiceNow (Connecting with ServiceNow) then you can also search based on the ticket number.

The following information and button appears in the list of verifications on this page:

(Account name)

This displays the name of the account to which the rule applies and shows the rule that needs to be verified.

Requested by

This displays the name of the person requesting the verification.

Assigned to

This displays the name of the person who is responsible for verifying the request.

(Status)

This column displays the current verification status for the associated rule and the time at which the status was last updated. The following statuses may appear and when selected will direct you to the Verification Details page for more information:

  • Pending verification: This status indicates that a request for verification has occurred but has not yet been completed. A pending verification request may be canceled by an administrator manually, or may be canceled automatically by Starling Identity Analytics & Risk Intelligence if the configuration or data is changed which causes the rule to no longer be matched for the account. This can occur when the rule is disabled or deleted, a default rule is replaced with a cloned rule, the data source instance is unlicensed, or the matched entitlements are removed from the data source instance for the account.
  • Risk verified: This status indicates that the user has been confirmed as needing to match the listed rule.
  • Requires mitigation: This status indicates that although the data source currently has the user matching this rule this should not be allowed for the user. Any rules marked as Requires mitigation should be removed for the user within the data source.
  • Canceled: This status indicates that a pending verification has been canceled. The verification request can be canceled by an administrator manually, or may be canceled automatically by Starling Identity Analytics & Risk Intelligence if the configuration or data is changed which causes the rule to no longer be matched for the account. This can occur when the rule is disabled or deleted, a default rule is replaced with a cloned rule, the data source instance is unlicensed, or the matched entitlements are removed from the data source instance for the account.

NOTE: The following options appear for each request depending on the role of the current account.
(administrators)

This displays additional options for administrators regarding the request. The following options appear:

  • Review: This opens the Verification Details page.
  • Re-send request: Selecting this option will re-send the email request to the verifier.
  • Cancel request: Selecting this option allows you to cancel the verification request. You will be prompted for confirmation before the request is canceled.
Review (verifiers)

Clicking this link opens the Verification Details page where the verifier can select whether they agree or disagree with this level of access for the user. Once they have made their selection, the status of the request will be updated.

Verification Details page

The Verification Details page is displayed when you click on the verification status for a rule on the Account Evaluation Details page or you click on a verification request listed on the Verification page. The Verification Details page is used for reviewing information on a specific entitlement verification request and is also used by verifiers to respond to their requests.

The following information appears on this page:

(Account name)

This pane displays the name and information regarding the account.

High risk access

This pane displays why the access is considered high risk.

Verdict Summary

This pane displays the current status of the request, who initiated the request, the name of the verifier, and when the request occurred.

IMPORTANT: This pane is replaced with response options when the verifier opens the page. Verifiers use this pane to select whether they agree or disagree with this level of access for the user. For information on how to respond to requests, see Verifying high risk entitlement requests.
Additional information

Clicking this button will add a new pane that shows specific information regarding the rule. It includes the following information:

  • Rule name: This is the name of the rule. A rule that resulted in an increased risk level for an existing high risk account is indicated by a icon. A new high risk rule that is associated with the account is indicated by a icon.
  • Entitlements: This displays the total number of entitlement matches within the entitlement classification rule. Depending on the data collected, there may be multiple permissions listed that are related to a single entitlement. For example, a permission may be assigned to both a local and built-in account, however it is still related to the same entitlement and so is only counted once. In some cases there may be multiple entitlements that when combined will match the entitlement classification rule. When this occurs a Multiple Entitlements drop-down menu can be expanded to show the entitlements which were combined.
  • Permissions: This is the type of permission assigned to the entitlement classification rule. A icon appearing to the left of a permission name indicates the entitlement is new.
  • Trustee Type: This is the type of trustee associated with the rule. The following types may appear: Direct which indicates a direct membership, Group which indicates a direct member of a group that gives them rights to the trustee, Group (Member & Nested) which indicates both a direct member and a member of a nested group that gives them rights to the trustee, and Group (Nested) which indicates a member of a nested group that gives them rights to the trustee.
  • Trustee: This is the trustee associated with the rule. If the permission is granted due to a nested membership, indicated by a Trustee Type of either Group (Member & Nested) or Group (Nested), the name of the trustee can be clicked to open the Group Membership Details dialog. This dialog displays the name of the account, the trustee, whether it is a direct (true) or indirect (false) group membership, and lists the nested groups that allowed for rights to the trustee.
  • Data Source: This is the type of data source associated with the rule.
  • Instance: This is the instance associated with the rule.
  • Granted Target: This displays the name of the target or, in cases where multiple targets apply, the type of target. It also displays the number of targets that have been granted the permission when there are multiple targets.
Related Documents