Week 18, 2023

There are plenty of updates to read about this week, including more context on IP addresses and enhancements to the dashboard. Most notably, you’ll now see an additional remediation action for deleting inactive guest accounts in Azure AD.

🚮 Delete Inactive Guest Accounts

Last month, we announced our suite of one-click remediation options, including the ability to quarantine and log out users. In this release, we’re excited to make another new response option available.

Inactive guest accounts tend to accumulate over time, and not be monitored as well as workforce accounts, and therefore present a huge opportunity for attackers. If they take over these accounts, detecting or monitoring their activity becomes extremely hard. That’s why we provide monitoring of inactive guest accounts through the “Inactive Guest User” check.

For users failing this check, you will now see the option to “Delete user from Azure AD” under the Actions button. Note, that you can customize this check so that it fails at a configurable number of days. To learn more about the risks of guest accounts, check out our blog from earlier this week: Restrict Guest Access Permissions: Best Practices and Challenges.

🌐 Quickly Identify Other Users Associated with an IP Address

Following our recent improvements to the Networks section of the User 360 profiles, we’ve made it even easier to identify other users associated with a given IP address in the Networks tab.

⚙️ Slack Integration.

Slack provides useful information about users, making it a good source of identity data (and not just a notification target). In order to reflect this, we’ve made changes to the Integration tab that makes it easier to set up, manage, and remove Slack integrations.

Slack integration for data collection will now appear in the “Providers” section of the Integration tab. Furthermore, Slack will be treated the same as other identity providers for Oort insights and analysis.

Bug Fixes and Minor Improvements

• Workday Users. Oort now loads Workday users that are not matched in an identity provider, giving a more comprehensive view of the user population.

• Dashboard. From the Sensitive Apps widget in the dashboard, you can now click through to the pre-defined query on the User page.

• Tenant Settings. We’ve introduced a “Cancel” button in Tenants Settings forms to make it easier to cancel any incorrect changes.

• Okta Card. Where possible, emails will be shown for the Manager field in the Okta tab within User 360 profiles.