: Remediate Identity Security Risks
Focus
Focus

Remediate Identity Security Risks

Table of Contents

Remediate Identity Security Risks

Take action on identity security risks that you identified by using the Identity Security dashboard.
SaaS Security Posture Management includes an Identity Security dashboard to help you identify misconfigurations in your identity posture. Specifically, the dashboard gives you visibility into the following types of problems:
  • Problems with your multi-factor authentication (MFA) implementation, such as MFA enrollment and MFA sign-in issues.
  • Problems with Salesforce or Office 365 accounts, such as dormant accounts and accounts that have not had their credentials rotated for a specified period.
After you use the Identity Security dashboard to identify misconfigurations in your identity posture, you can take action to resolve the problems.
  1. Navigate to the Identity Security dashboard (Posture SecurityIdentity).
  2. If you have identified the MFA misconfigurations, take action as needed. If users have no MFA or weak MFA, have them enroll in the strong second factors that your organization requires. If users are logging in to SaaS applications without MFA or with weak MFA, create or modify policies to close the MFA enforcement gaps.
    To help you remediate the risks, you can take the following actions from the MFA view:
    • For MFA enrollment issues, you can open a ticket in a ticket management system to assign a team member to investigate and resolve problems.
      1. Navigate to the User Details and MFA Configurations tab.
      2. Select the user in the table.
      3. File Ticket.
      To view the tickets that you and other administrators have opened, navigate to the Filed Tickets tab.
    • For the Okta identity provider, after you close any MFA enforcement gaps in your policies, you can make a user sign in again. To make a user sign in again, you can force the user out of their current SaaS application sessions.
      1. Navigate to the User Sign-in Activities tab and select the user in the table.
      2. Logout all IdP sessions.
  3. If you have identified problems with Salesforce or Office 365 accounts, take action as needed.
    • Investigate dormant accounts and delete the accounts if they are not in use.
    • Investigate accounts that have not had their credentials rotated for a long period. Identify the person who can rotate the credentials. Delete the account if you are certain it is not in use.
    • For Salesforce accounts, investigate overprivileged accounts and reduce the account permissions if that level or permission is not required.
    • For Office 365 accounts, investigate guest accounts to ensure they are necessary and that their access to your resources is properly restricted.
    • Investigate accounts that were not created through your identity provider. If possible, create a corresponding account through your identity provider so you can delete the local account.
    To help you remediate a risky account, you can open a ticket for the account from the Human/Non-Human Accounts view. To do this, select one or more accounts on either the Human Accounts or Non-Human Accounts tab, and File Ticket. To view the tickets that were created, navigate to the table's Tickets tab.