In this article
It’s long been a cliche in the identity world that “you can’t govern what you can’t see”. Visibility is certainly a foundational competency for identity governance, but visibility doesn’t just include what access an identity has. It also includes visibility into whether that identity is being used. Many legacy IGA tools don’t capture and utilize activity monitoring—data on how access is actually being used—in a systematic way.
Let’s examine three use cases that activity monitoring can open up, and how to implement them in Lumos, the Autonomous Identity Platform.
Reclaim Unused Licenses
Increasing efficiency is high on the priority list for most IT teams and it seems obvious that you shouldn’t be paying for SaaS licenses that aren’t being used. However, manually implementing license reclamation across all of the apps you use simply isn’t practical. Lumos combines activity monitoring across all your apps with the ability to automate deprovisioning. This means that you can easily create an “inactivity workflow” in Lumos to automatically reclaim licenses that aren’t being used.
You can remove a license entirely or, if appropriate, simply downgrade the user to a less expensive, or free tier. For example, this workflow automatically downgrades any premium Zoom license holders who haven’t created a meeting in the last sixty days to the free tier.
Pro tip: you can also define groups to exclude from the inactivity workflow. This means you can protect users with occasional but critical needs, and avoid upsetting VIPs - no risk of having to explain to your CEO why you revoked all his apps!
Make the Right Decision in Access Reviews
One of the key goals of access reviews is to cut unnecessary access, in order to apply least privilege, reduce your access footprint and, subsequently, reduce risk. However, in practice, decision makers conducting an access review often don’t have much context to base their decisions on. Without much to indicate if access is needed or not, and with thousands of rows to get through, access reviews can often amount to a rubber stamping exercise with almost all access approved.
Building activity monitoring into your reviews can provide a key piece of context for decision makers. For example, in this Lumos review, we can see that while most users have logged into Salesforce in the last few days, one identity hasn’t logged in for four months. This is a good indication that access is probably unnecessary and should be revoked.
Optimize Your Role-Based Access Control
In addition to being able to reclaim unused licenses, a great next step would be to use activity monitoring data to optimize your role-based access contro (RBAC)l to give employees more of the access they need from day one, and less of what they don’t.
Albus, Lumos’ AI Agent for Autonomous Identity, continuously compares your current access policies against up-to-date usage data and access requests to optimize your onboarding policies. For systems like AWS this activity can be applied not just at the app level, but to specific entitlements!
So for each team or group, Lumos helps you make the best decision on which apps and entitlements should be part of your birthright access, which should be available for pre-approved access, and which should require approval from a manager or app admin.
This way, employees start on day one with the access they need, without IT having to grant excessive birthright access that increases cost and risk.
Learn More About Autonomous Identity
These use cases are just scratching the surface of what Autonomous Identity can achieve in your organization. To learn more, schedule a personalized demo today.
