Applications
Last updated
Last updated
Organizations often have hundreds, or even thousands, of applications connected to their Identity Providers and available to their users; however, understanding what is in their environment, how it gets used, and who it gets used by is a challenging question for many organizations to answer because their applications are sprawled across multiple identity providers (IdPs). When it comes to reporting to answer licensing questions, or compliance and audit purposes, organizations spend countless hours trying to collect the information they can from each system, often painstakingly correlating data across spreadsheets manually, just to answer these simple questions as best they can - and the results often leave much to be desired. The Applications page of Identity Intelligence aims to ease the burden that comes with this sprawling data across disparate systems with a unified view into your organization's applications. Much like the Users page, which provides visibility into an organization's identities across the connected identity sources, the Applications page gives organizations cross-platform visibility into the different applications that exist within their ecosystem.
With this consolidated view, it is significantly faster and easier for organizations to get visibility into their app landscape, answer questions, create reports, and ultimately, take action on the applications within their environment to reduce the possible attack surface and improve their overall organizational security.
This article provides information about the different data and functionality that exists in the Applications page such as:
Customizing the Applications page with sensitive apps and application utilization timeframes
General functionality such as searching, exporting results, sharing, etc
By default, the Applications table is sorted by the largest number of logins and only includes managed apps, which are apps that are managed by an identity source.
The total number of Applications in the table is displayed above the column headers of the table itself.
The section below details the fields that appear in the table, as well as the definition of each field:
Name
The name given to the app and the assigned app ID from the identity source
Status
The current state of an app such as active, deleted, deprovisioned, etc
Sensitive
Source
The identity source where a given application is connected
Tags
#Logins
The number of successful sign in events for a given application across all users in your environment
Assignees
The number of users who are assigned, or entitled to access a given application. Select the value in this column to go to the Users page, pre-filtered for the given app and it's assigned users so that you can filter or investigate further, export the impacted users, etc.
If this column displays N/A for a given application it can indicate that there is no assignment required to access the application or that the data is not available from the source
Used
Unused
Utilization
The percentage of users who have successfully signed in during the configured application utilization timeframe out of the total number of assigned users for a given application.
If this column displays N/A for a given application it can be because there are no assigned users. This column will also display 100% if there are more user utilizing the application, than users assigned to the application.
Like many pages within Identity Intelligence, such as the User 360 pages, selecting the name of an application, or anywhere in the row that is not a link, will open the slide panel from the right side of the page that contains more detailed information about a particular app.
The slide panel has 2 tabs - Summary and Additional Details.
Summary shows you more detailed information about a given app such as created date, sign on mode, App Owners or Notes if available, as well as the Groups assigned to the app and the number of users associated with that group
Select the value associated with a given group to go to the Users page pre-filtered on that group
Additional Details shows you the raw data collected about a given application from the source. The data available will vary from source to source, and even application to application.
To close the slide panel, select the X in the top right corner, or select anywhere outside of slide panel.
Every organization is different. What may be a sensitive application to one organization may not be to another organization. Some organizations may have stricter regulations that govern revoking unused application access, while other organizations may be more lenient. This is why Identity Intelligence allows customers the flexibility to customize certain aspects of their Applications view to better align with their organization's policies, processes and risk tolerance thresholds.
As described above in the Application table elements section of this article, applications can be flagged as "Sensitive" applications using the toggle in the Sensitive column. Applications that are closely monitored because they have access to sensitive data, have a high license costs, are critical to business operations, or any other similar reasons, should be marked as Sensitive using the available toggle.
Identity Intelligence does provide recommendations for certain applications based on apps that are known to typically host sensitive data or are commonly considered sensitive in customer environments; there are no sensitive apps configured by default.
It is critical that your organization's most critical and sensitive apps are flagged appropriately as this information is used throughout Identity Intelligence such as in Dashboard widgets, as a contributing factor of the User Trust Level calculation, as a tag in the Activity tab of the User 360, as a check setting, and much more. Additionally, having these applications marked accordingly allows you to filter on your organization's sensitive apps so that you can more easily prioritize and focus on the most important applications when cleaning up or investigating issues.
As described above in the Application table elements section of this article, the default timeframe utilized to determine whether an application is used or unused is 30 days. If you would like to adjust the default application utilization timeframe to be longer or shorter, you can do so via the Custom Detection Settings within the Unused App by Many Users check.
The text above the Application table column headers will reflect the timeframe setting that is configured on the check.
There are several general actions that exist across the Identity Intelligence platform that are also available on the Applications page:
Search
Sort columns
Download results
Share
Navigate through the tabs below to read more about how to utilize each available action.
Use the search bar to search based on application name or ID, source, or status. When searching, you do not need to provide an exact value. Typing a piece of the word will return related results.
If you have searched on a particular parameter, the search criteria is retained as you navigate between different tabs within the platform.
To clear the search bar, select the X on the right most side of the search bar.
Much like the Users table, the Applications table is filterable by a number of attributes, enabling you to slice and dice your apps based on the parameters that are important to you. Filtered results can be saved to access later or share with teammates. To learn more about how to save filters, see Saved Filters to learn more.
Applying filters
You can see all the available filters on the left hand side of the Applications page. To enable additional filters, select the value(s) for the attribute you would like to filter by. The applied filters will be added to the search bar, as seen in the screenshot below.
The number of apps that you are currently viewing, based on the filters and searches used, will appear in the top left corner of the Apps table above the column headers.
To remove a filter, you can either deselect the attribute from the filters list on left hand side of the Applications table, or select the X on the right hand side of the filter box within the search bar. If you select the X on the right end of the Search bar, it will remove all filters and search inputs except for the default Type filter.
As mentioned above, the Applications table is pre-filtered by default to only include managed apps, which are apps that are managed by an identity source. If you want to remove this filter and include the other app types - unmanaged apps (appear in SSO events, but are not managed by the provider) or service apps (not directly managed by provider by used to access others apps) - you can do so in the same way as the other filters.
After you have selected your filters, the filters are retained as you navigate between different areas within the platform.
Distinct filters are separated by an AND operator. For example, if you select the Duo value from the Sources filter and the `Yes` value for the Sensitive filter, the table will display all Duo apps that are flagged as Sensitive.
For most filters, you can select more than one value to filter by. Within a given filter, selecting more than one value will separate the values with an OR operator by default. For example, if you select the values Okta and Duo for the Sources filter, apps coming from either Okta OR Duo will be displayed.
However, if you would like to filter for apps in both Okta AND Duo, you can select the OR operator found in the filter box within the search bar or in the left hand filter menu (screenshots below), to switch it to AND. Doing this will allow you to see users that are in both Okta AND Duo.
Filters that use radio buttons cannot have more than one value selected at once (for ex: Sensitive)
Specific values can also be excluded from the results for most filters, except for those that cannot have more than one value selected at once. To exclude a value from filtered results (ie: NOT), you can click on the 🚫 icon in either the filter box in the search bar or the left hand filter menu.
Similarly, you can 'include all' values in the results, except for filters that cannot have more than one value selected at once. To select all values within a given filter, click All next to the filter value title.
Applications that have been flagged as sensitive for your organization will have an enabled (blue) toggle. Applications that are not marked as sensitive will have a disabled (grey) toggle.
Identity Intelligence will apply tags to an application if it matches certain criteria, such as Key Expires Soon , Password Expires Soon or No Assignment Required, to highlight applications that may require action or clean up. If you hover over a tag regarding a password or key expiration, a tool tip with more information will appear
An application can have more than one tag applied to it. All the tags present in your environment are displayed in the relevant Tags
The number of users who have successfully signed in to a given application during the configured application utilization timeframe. Select the value in this column to go to the Users page, pre-filtered for the given app and the users who accessed the app, so that you can filter or investigate further, export the impacted users, etc. By default, the utilization timeframe is set to 30 days but this can be modified if needed.
The number of users who have no successful sign in events to a given application during the configured application utilization timeframe. Select the value in this column to go to the Users page, pre-filtered for the given app and the users who have not accessed the app, so that you can filter or investigate further, export the impacted users, etc. By default, the utilization timeframe is set to 30 days but this can be modified if needed.
By default, the utilization timeframe is set to 30 days but this can be modified if needed.
