Action Center

Introduction

The BalkanID Action Center brings together insights in the form of findings based on two criteria:

(a) BalkanID Admin pre-defined rules and; (b) BalkanID system identified outliers that could have risk implications. These insights help IAM and GRC teams preemptively resolve security or compliance related risks while also providing BalkanID users proactively focus on outlier identities and entitlements that require more attention.

Action Center Overview

The Action Center main page provides a snapshot of all findings, organized by the user (employee name and email) that the finding is related to. This main page also provides the applications that the findings are associated with and the finding labels (SoD - segregation of duties, terminated, privileged or outlier/over-entitled). Once the user clicks on the "view findings" button they are taken to the detailed findings for the user in question. The second icon is the "finding activity" icon that provides the user the logs associated with this finding on what action was taken by whom and when.

Action Center Detail View

The finding detail is organized by the identities associated with the user and aligned to the application where the identity finding was detected. Further, when clicking on the finding description, the user is provided details on the finding in a separate dialogue box. Finally the user is able to dig into the finding status by click on the two action icons. The first icon is the "view finding" icon and provides the following finding detail, finding summary and allows the user to take the following actions on the finding:

1. Accept Risk

"Accept Risk" is one of the five options a user can take on an action center finding.

Once a user selects the "accept risk" option, (s)he is required to fill in the details in the "add explanation" box. Once this is done, the user can press the "accept risk" button as shown above and a confirmation page is shown. The finding in question will move to a "completed" state with all finding details logged in the finding activity page.

2. Notify

"Notify" is one of the five options a user can take on an action center finding.

Once a user selects the "notify" option, (s)he is required to choose the BalkanID user to notify from the drop-down list. Optionally, the user can provide a reason for the notification. Once this is done, the user can press the "Notify" button as shown above and a confirmation page is shown. The finding in question will remain to a "in-progress" state with all finding details logged in the finding activity page till the finding is closed / remediated either via acceptance of risk or an action like "revoke user" or "review user".

The following email is an example of what the notified user will receive:

3. Revoke

"Revoke" is one of the five options a user can take on an action center finding.

Once a user selects the "revoke" option, the user connections associated with the finding will be revoked via the IdP provider in question. The finding in question will move to a "completed" state once user connections have been revoked.

4. Review

"Review" is one of the five options a user can take on an action center finding.

Once a user selects the "review" option, (s)he can edit the name of the pre-populated review, the start/end date of the review (again pre-populated for ease of use) prior to submitting the finding for review. The individual required to perform this review is defined in settings -> application integrations -> setup actions.

Once the review is submitted, the responsible party will be notified via email that they have been assigned a review with all the details mentioned above. The finding in question will move to a "completed" state once the review of the finding has been completed.

5. Execute Playbook

Once a user selects the "execute playbook" option, (s)he can see the actions that will be executed as part of that playbook.

Once the playbook has been executed, the finding will remain in an "in-progress" state till all steps of the playbook have been completed (reviews, revoke etc.)

6. Execute Webhook