Identities discovery

Overview

In this article we will explain how to use the Identities page for access discovery. Here you will see a list of all the identities in your BalkanID environment, which includes employees, service accounts, and unmapped identities. You can use the filter menu or search bar to drill down for individual identities or groupings of identities, such as identity types, departments, or managers.

Keep in mind that this a list of application identities, not employees, and multiple identities are often tied back to one employee as a user account or service account.

To navigate to the Identities page, select the Identities page from the Entities section.

You can view the various identities associated with different applications.

You can use the search box and filters to explore the applications integrated. The following filter fields are available for this page:

• Identity - This field filters data based on the specific identity within an application. For example, to view information about alicegh in the GitHub (test) integration, use "alicegh (GitHub test)" as a filter in this field.

• Identity type - You can filter your identities based on a user being an employee, service account or an unmapped identity.

• Identity Name - This field filters data based on the name of the identity irrespective of the application integration type. For example, to view information about alice identity in all AWS integrations, enter the filter in this field.

• Identity Status - You can filter your identities based on whether the identity is active or inactive.

• Days Since Last Access - You can filter identities based on their last access times. For example, to see all identities that haven't accessed their account in the last 6 months, you can select "last 6 months" as an option within this filter field.

• User - You can use this filter to look for identities that belong to a particular employee. For example, to see all the identities that belong to an employee Alice, select "Alice" as a filter in this field.

• Application - This field filters based on the specific Application Integration that you would like to explore. For example, to view identities within Azure (Test Environment) data, add it as a filter in this field.

• Connection - This field allows you to filter data based on a connection in an application. For example, to view all identities associated with the admin connection in a group connection type within Confluence, add it as a filter in this field.

• Connection Type - This field filters data based on the type of connections available. For example, to view all the identities that belong to a group connection type, add it as a filter in this field.

• Resource - This field is used to filter out identities which have privileges to a resource. For example, to view all the identities that have access to the sales vault in 1password, pass "1password/vault/sales" as a filter in this field.

• Resource Type - This field is used to filter out identities which have privileges to a resource type. For example, to view all the identities that have access to different vaults in 1password, pass "vault" as a filter in this field.

• Insights - Filtering with insights allows you to see which identities have insights on them. For example, to view the identities which are Privileged, you can add "Privileged" as a filter in this field.

• Manager - You can filter identities based on the manager of the employee that this identity is tied to. For example, to find all the identities associated with employees managed by Bob, add him as a filter in this field.

• Job Title - You can filter identities based on the job title of the employee that this identity is tied to. For example, to find all the identities associated with employees with the job title as ML Engineers, add it as a filter in this field.

• Department - You can filter identities based on the department that the employee belongs to. For example, to find all the identities associated with employees in the Engineering department, add it as a filter in this field.

• Employment Type - You can filter identities based on the employment type of the employee that this identity is tied to. For example, to find all the identities associated with "Part-time Intern" employees, add it as a filter in this field.

• Permission - The Permission field allows you to filter identities based on the permission they have to a resource. For example, to view all identities which have read permission on repositories in GitHub, add "github/read" as a filter in this field.

• Permission Value - The Permission value field allows you to filter identities based on the permission value they have to a resource. For example, to view all identities which have true permission value, add it as a filter in this field.

Using multiple filter fields together will help you navigate through the data swiftly and will make your time spent on discovering entities a lot more productive! Refer to working with filters to learn more about filters.

Viewing Individual Identities

When you click on an identity from the list, a detailed view appears, presenting comprehensive access information specific to that individual or service.

This detailed view provides a granular understanding of an identity's access footprint across your entire system.

The "Has Access To" Tab

The Has Access To tab reveals which connections and resources this specific identity can access. This answers the question: "What can this connection do or reach?"

This tab provides a critical insight into the permissions and scope of the identity itself. For example, if you're examining an identity like "[email protected]" in your Azure integration, the "Has Access To" tab would show you:

• Resources Spencer can access (e.g., the "Production SQL Database," the "Dev Virtual Machine").

• Connections (like Azure groups or Azure RBAC roles) that Spencer is a member of (e.g., the "Admin-HR" group), which in turn grants him further access.

Exploring Entity Details

Every data point listed on the "Has Access To" tab is clickable. Clicking on an entity will open a sidebar providing detailed metadata about that specific entity. Each entity, depending on its type and the application it comes from, has its own unique set of metadata that gives you more context about it within the application.

Understanding Permissions

The "Permissions" column within this tab is also clickable. Clicking on the data in this column will reveal metadata specifically about the relationship between two entities shown in the tab.

To understand what each of these fields (like Connection Provider, Project, and Privileges) indicates, please refer to our dedicated guide on Understanding Entities and Entity Relations.