# Identities discovery
## Overview
In this article we will explain how to use the **Identities** page for access discovery. Here you will see a list of all the identities in your BalkanID environment, which includes employees, service accounts, and unmapped identities. You can use the filter menu or search bar to drill down for individual identities or groupings of identities, such as identity types, departments, or managers.
Keep in mind that this a list of application identities, not employees, and multiple identities are often tied back to one employee as a user account or service account.
To navigate to the **Identities** page, select the *Identities* page from the *Entities* section.
You can view the various identities associated with different applications.
You can use the search box and filters to explore the applications integrated. The following filter fields are available for this page:
* **Identity** - This field filters data based on the specific identity within an application. **For example,** to view information about *alicegh* in the GitHub (test) integration, use "*alicegh (GitHub test)"* as a filter in this field.
* **Identity type** - You can filter your identities based on a user being an *employee*, *service account* or an *unmapped* identity.
* **Identity Name** - This field filters data based on the name of the identity irrespective of the application integration type. **For example,** to view information about *alice* identity in all AWS integrations, enter the filter in this field.
* **Identity Status** - You can filter your identities based on whether the identity is active or inactive.
* **Days Since Last Access** - You can filter identities based on their last access times. **For example,** to see all identities that haven't accessed their account in the last 6 months, you can select "last 6 months" as an option within this filter field.
* **User** - You can use this filter to look for identities that belong to a particular employee. **For example,** to see all the identities that belong to an employee *Alice,* select *"Alice"* as a filter in this field.
* **Application -** This field filters based on the specific Application Integration that you would like to explore. **For example**, to view identities within *Azure (Test Environment)* data, add it as a filter in this field.
* **Connection -** This field allows you to filter data based on a connection in an application. **For example**, to view all identities associated with the *admin* connection in a *group* connection type within *Confluence,* add it as a filter in this field.
* **Connection Type -** This field filters data based on the type of connections available. **For example**, to view all the identities that belong to a *group* connection type, add it as a filter in this field.
* **Resource** - This field is used to filter out identities which have privileges to a resource. **For example,** to view all the identities that have access to the sales vault in 1password, pass *"1password/vault/sales"* as a filter in this field.
* **Resource Type** - This field is used to filter out identities which have privileges to a resource type. **For example**, to view all the identities that have access to different vaults in 1password, pass *"vault"* as a filter in this field.
* **Insights -** Filtering with insights allows you to see which identities have insights on them. **For example**, to view the identities which are *Privileged*, you can add *"Privileged"* as a filter in this field.
* **Manager** - You can filter identities based on the manager of the employee that this identity is tied to. **For example,** to find all the identities associated with employees managed by *Bob*, add him as a filter in this field.
* **Job Title** - You can filter identities based on the job title of the employee that this identity is tied to. **For example,** to find all the identities associated with employees with the job title as *ML Engineers*, add it as a filter in this field.
* **Department -** You can filter identities based on the department that the employee belongs to. **For example**, to find all the identities associated with employees in the *Engineering* department, add it as a filter in this field.
* **Employment Type** - You can filter identities based on the employment type of the employee that this identity is tied to. **For example,** to find all the identities associated with "*Part-time Intern"* employees, add it as a filter in this field.
* **Permission** - The Permission field allows you to filter identities based on the permission they have to a resource. **For example,** to view all identities which have *read* permission on repositories in *GitHub*, add *"github/read"* as a filter in this field.
* **Permission Value** - The Permission value field allows you to filter identities based on the permission value they have to a resource. **For example,** to view all identities which have *true* permission value, add it as a filter in this field.
Using multiple filter fields together will help you navigate through the data swiftly and will make your time spent on discovering entities a lot more productive! Refer to [working with filters](/getting-started/entitlement-data-discovery/filters.md) to learn more about filters.
## Viewing Individual Identities
When you click on an identity from the list, a detailed view appears, presenting comprehensive access information specific to that individual or service.
This detailed view provides a granular understanding of an identity's access footprint across your entire system.
### The "Has Access To" Tab
The **Has Access To** tab reveals **which connections and resources this specific identity can access.** This answers the question: "What can *this* connection do or reach?"
This tab provides a critical insight into the permissions and scope of the **identity itself**. For example, if you're examining an identity like "" in your Azure integration, the "Has Access To" tab would show you:
* **Resources** Spencer can access (e.g., the "Production SQL Database," the "Dev Virtual Machine").
* **Connections** (like Azure groups or Azure RBAC roles) that Spencer is a member of (e.g., the "Admin-HR" group), which in turn grants him further access.
#### Exploring Entity Details
Every data point listed on the "Has Access To" tab is **clickable**. Clicking on an entity will open a **sidebar providing detailed metadata** about that specific entity. Each entity, depending on its type and the application it comes from, has its own unique set of metadata that gives you more context about it within the application.
**Understanding Permissions**
The "Permissions" column within this tab is also **clickable**. Clicking on the data in this column will reveal **metadata specifically about the relationship between two entities** shown in the tab.
To understand what each of these fields (like Connection Provider, Project, and Privileges) indicates, please refer to our dedicated guide on [**Understanding Entities and Entity Relations**](/getting-started/entitlement-data-discovery.md#key-metadata-for-entity-relations).
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.balkan.id/getting-started/entitlement-data-discovery/identities-discovery.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.