Explore Identities and Identity Policies
The Explore page provides a list of identities or policies and their summary information.
- By default, the page displays identities from the latest week that are not disabled and have more than 0 entitlements.
To display policies instead, select Policies from the dropdown. (Only summary information is currently available for policies.) - Use the filters or search if you want to display a subset of identities or policies. By default, the page displays all identities from the latest week.
- Locate the identity that you want to investigate.
- Observe some of the identity information available in the table:
- Risk severity - Identify the most important to address
- Risks - Discover what types of risks exist
- Unused entitlements % - Determine which identities have excessive privileges
- Click an identity in the list to display its details.
- Save and share a view.
The following sections detail the actions you can take and the information you can view when exploring identities and policies.
Identities
To display identities, select Identities from the dropdown menu.
Identity Filters
Use the following methods to refine what is displayed in the identities list:
- Use the search function at the top of the page to select a filter, operator, and values.
- Click the filters along the top of the page, select your choices, and click Show results. Click an active filter to remove it or click Reset and click Show results.
The following table lists available identity filters.
| Filter | Description |
|---|---|
|
Hide disabled and 0 entitlement identities |
Display or hide identities that are disabled or have zero entitlements. |
| Risk | Display identities with the selected risks. |
| Risk severity | Display identities with the selected severities. |
| Unused entitlements % | Display identities with the selected percentage of the total granted entitlements that are unused. |
| Cloud provider | Display identities for the selected cloud provider. |
| Identity type | Display identities of the selected types. |
| Principal name | Display identities with matching names. |
| Principal ID | Display identities with matching principal IDs. |
| Account/Project | Display identities for the selected accounts/projects. |
| Tags | Display identities with the selected tags. |
| Access keys | Display identities with the selected access keys. |
| Used entitlements % | Display identities with the selected percentage of the total granted entitlements that have been used. |
Identities List
The list of identities appears below the filters and has the following information available.
Click the icons to refresh the table, download the table as a CSV, select columns, and search for specific text in the columns.
To go to an identity's details page, click an identity.
| Column | Description |
|---|---|
| Identity name | An identity name is a unique identifier or name assigned to an individual or entity within the cloud environment. It represents a specific user, service account, group, or role that has access rights and permissions to interact with the cloud resources and services. |
| Identity type | An identity type refers to the classification or category of an identity within the cloud environment. Refer to Identity Types for a list of supported types. |
| Risk severity | The risk severity is the highest severity of the risks that are associated with the identity. Click the risk severity for details about the associated risks. |
| Risks | The risks that are associated with the identity. Color-coded icons indicate the risks' severities. Click the risks for details about the associated risks. Refer to Entitlement risks for a list of all possible risks. |
|
Number of alerts |
The total number of alerts generated for this identity in the specified date range. |
| Used entitlements | The percentage and number of the total granted entitlements that are used. |
| Unused entitlements | The percentage and number of the total granted entitlements that are unused. |
| Resources used | The percentage and number of resources that the identity has used (in the past 180 days) that it is entitled to. A used resource refers to any digital asset that is utilized or interacted with by users, applications, or processes within the cloud environment. |
| Services used | The percentage and number of services that the identity has accessed (in the past 180 days) that it is entitled to. A used service refers to a specific cloud service that is utilized or interacted with by users, applications, or processes within the cloud environment. |
| Linked identities | The number of identities that are linked to this identity. When a linked identity is established, it lets users authenticate themselves using their credentials from the external identity provider, and the cloud service provider verifies the identity and grants access based on the linked association. To view the specific identities, expand the value. |
| Last used | The last time the identity was used to access a resource or entitlement. |
| Created on | The time and date the identity was created. |
| Principal ID |
The principal ID of the identity:
|
| Provider | The cloud service provider. |
| Account/Project | The account/project from the cloud service provider. |
| Tags | The tags assigned to the identity for categorization. |
| Key ID | The key ID from the cloud service provider. |
| Access keys | The access keys associated with the identity and whether they are active or inactive. You must guard them carefully because they can be used to access your cloud resources and perform unauthorized actions or compromise security. |
|
Excessive entitlements |
The percentage and number of the total granted entitlements that are excessive. |
Risk Severity
The overall risk window provides a description and severity for each risk. To open this window, click the risk severity or risks.
The overall risk is the highest severity of the risks that are associated with the identity. To lower the overall risk, address all of the highest severity risks. This would lower the risk score to the highest severity of the remaining risks.
For example, if an identity has a critical overall risk with two critical risks and three medium risks, fixing all critical risks would lower the overall risk to medium.
To view the identity's details, click Investigate.
Policies
To display policies, select Policies from the dropdown menu.
Policy Filters
Use the following methods to refine what is displayed in the policies list:
- Use the search function at the top of the page to select a filter, operator, and values.
- Click the filters along the top of the page, select your choices, and click Show results. Click an active filter to remove it or click Reset and then click Show results.
The following table lists available policy filters.
| Filter | Description |
|---|---|
| Cloud provider | Display policies for the selected cloud provider. |
| Account | Display policies for the selected accounts. |
| Policy type | Display policies of the selected types. |
| Policy name | Display policies with matching names. |
| Last updated | Display policies with matching update times. |
| Created on | Display policies with matching creation times. |
| Tags | Display policies with the selected tags. |
Policies List
The list of policies appears below the filters and has the following information available.
Click the icons to refresh the table, download the table as a CSV, select columns, and search for specific text in the columns.
To go to a policy's details page, click a policy.
| Column | Description |
|---|---|
| Policy name | Name of the policy. |
| Policy type | Type of policy. Supported types include inline (group, role, user), managed (AWS, customer), and resource. |
| Account | The account ID from the cloud service provider. |
| Provider | The cloud service provider. |
| Last updated | The last time the policy was updated. |
| Policy ID | The policy ID from the cloud service provider. |
| Tags | The tags assigned to the policy for categorization. |
| Created on | The date the policy was created. |