Week 8, 2023
As we approach the end of February, our engineering team continues to deliver the goods. This week we’re introducing a new check and additional data types for collection.
Modern organizations protect users by placing applications behind a Single-Sign-On provider (SSO). This helps to better secure accounts while adhering to security frameworks like CIS and NIST.
Users should only be accessing applications via SSO and not directly logging into applications. Unfortunately, this can (and does) happen if the application still allows users to log in with a username and password. When this does happen, security teams have no visibility into this login behavior.
We have introduced the Application Login Bypasses SSO check to provide visibility into this issue. This capability is specifically tied to Salesforce for now, but we’re looking to expand this to additional applications soon!
While we pride ourselves on integrating with a broad range of IdPs and HRIS, the depth of each integration sets us apart. To produce the most comprehensive view of your user population, we must ensure we ingest as many data types as possible.
With this release, we have added the following data types:
- If you have integrated Salesforce into Oort, you will now see the option to check the box for “Salesforce authentication configuration.”
- For those who use Azure AD, you will see a new ‘Auethenticators to Users’ checkbox. Enabling this will further enhance our visibility of MFA actors assigned to users.
- Disabled checks. Compliance scores and trends will no longer display for checks that have been disabled.
- Remediation type filtering. Filtering user activity by remediation type is now possible–an essential option as we introduce new remediation options.
- Triggered remediations will display help banner text to help you understand the status of the action.
PIM roles are now displayed under “Type” within the “Groups” tab of User 360 profiles.