Identity and Access Management

The Identity and Access domain provides continuous assurance that your IDAM program is performing as expected.

Panaseer combines data from security, IT and business tools, specifically security and people data, to enhance visibility into your IDAM program. This includes near-real-time analysis for IT operations, asset owners and risk owners to address business risks more effectively. Compliance teams benefit from continuous oversight aligned with NIST CSF and other frameworks.

Benefits

  • Continuously monitor your identity and access management program with near real-time reporting and dashboards.
  • Correlate security, IT and business data into a single, reliable source.
  • Use automation and data science for a comprehensive account inventory enriched with business context.
  • Track, measure and report against your policies, industry standards and best practices. These include impactful “active leavers” metrics, account ownership, and more.
  • Simplify IDAM reporting and prioritize actions to reduce business risks.
  • Get a clear, prioritized view of identities and access privileges, enriched with your unique business context, allowing you to focus on high-risk areas.

Spotlight metric

Active leavers

Quickly close down active leaver accounts to avoid delays or human error creating a risk to critical assets.

This metric identifies active accounts that are owned by former employees, a common KPI for IAM programs. The color-coded metric shows that performance is within the target threshold you’ve set, but is becoming more problematic, as the time is trending up.

Example connectors

Entra ID / Azure AD

Sailpoint

Workday

Available metrics

Type
Name
Description
Diagnostic
Active leaver accounts
The number of active accounts with owner no longer employed
Informational
Admin accounts
The number of active administrator accounts
Informational
Accounts in scope for complete information
The number of accounts in scope for complete information
Diagnostic
Disabled leaver accounts
The number of disabled accounts with owner
Informational
Number of accounts reporting in IDAM (with owner information)
The number of accounts reported in the IDAM module plus information about the account owner
Informational
Accounts in scope for password reset
The number of accounts in scope for a recent password reset
Policy
Accounts with incomplete info
The number of accounts with incomplete information
Diagnostic
Accounts of last month's leavers
The number of accounts with an owner that left in the last month
Policy
Accounts in scope for a recent login
The number of accounts in scope for a recent login
Policy
Accounts without login
The number of accounts without a recent login
Policy
Accounts without owner
The number of accounts without an owner
Policy
Accounts without password reset
The number of accounts without a recent password reset
Informational
Accounts in scope for ownership
The number of accounts in scope for ownership
Informational
Service accounts
The number of active service accounts
Diagnostic
Leavers with active accounts
The number of people that are no longer employed, but still have at least one active account
Diagnostic
Total active days before disabling leaver accounts
The total time in days taken to disable leaver accounts
Policy
Accounts with incomplete information
The percentage of accounts with incomplete information
Policy
Accounts without login
The percentage of accounts without a recent login
Policy
Accounts without owner
The percentage of accounts without an owner
Policy
Accounts without password reset
The percentage of accounts without a recent password reset
Diagnostic
Disabled leaver accounts
Percentage of disabled accounts belonging to people whose employment terminated within the last month
Diagnostic
Average active days before disabling leaver accounts
The average time in days taken to disable leaver accounts
Compound risk
Unique People without Standard Accounts
The number of People without standard accounts
Compound risk
Unique People without Standard Accounts (internal)
The number of People without standard accounts (internal)
Compound risk
Devices and associated accounts linked to people whose employment ended
All devices and associated accounts assigned to individuals whose employment has ended

Application Security metrics

Previous page

Privileged Access Management metrics

Next domain