Oort Knowledge Base

⌘Ctrlk

Oort Knowledge Base

Home
Glossary
📊Dashboards
👥Understanding your users
🗃️Applications
💻Devices
Non-Human Identities (NHI)
🧩Configuring Integrations
☑️Understanding Check failures
⚙️Tenant Settings
🏥Identity Posture Score
🚨User Trust Level
How-to Guides
Public API
Troubleshooting & Support
Best Practices
Blogs
Release Notes

Powered by GitBook

☑️Understanding Check failures

📖Cisco Identity Checks

Cisco Identity Intelligence provides two categories of insights: identity threat detection and identity posture management. More information about the different types of checks can be found here.

Navigate to the relevant section or search for a specific area of interest using either the left hand navigation menu or the list below. Click on any detection to read more information about what criteria is used to fail a user for a specific check, which data sources are compatible with each check, as well as recommendations to remediate and customizable settings.

Access from Denied Territories

Agentic Application Reuse

Allow/Block Email Logins

Application Login Bypasses SSO

Applications with Expired Secret

HRIS Discrepancies

Identity Intelligence Client Secret Expiring Soon

Inactive Account Probing

Inactive Guest Users

Missing Value in Mandatory Field

Never Logged In

No MFA Configured

No Strong MFA Configured

Non-Human Identity Password Expiration Failure

Non-Human Identities with No MFA Configured

Okta Long Running Sessions

Okta Session Length Policy Compliance

Personal VPN Usage

Provider User Type Missing

Rate Limit Alert

Role Assigned to Azure Cloud Only Account

Service Account Reuse

Shared Mailbox Sign In Enabled

Slack User Inconsistencies

Telecom MFA Limit Reached

Unmanaged Devices Access

Unused Application for a User

Upcoming App Key Expiration

User Authorized to Bypass MFA

User Has Directly Assigned Application

User in IDP but not in HRIS

User Password Expiration Failure

User Stuck in Non-Functional State

User Sharing Authenticators

Weak MFA Was Used to Successfully Sign In

A Bypass Code Was Used To Successfully Sign In

Access From Dormant Account

Access From Dormant Non-Human Identity

Accounts With Unusually High Activity

Active Account under Heavy Attack

Activity From Untrustworthy ISP

Admin Impersonation in Okta

Admin Role Assigned to User

Admin Role Assigned to Non-Human Identity

Authenticator Registration Anomalies

Break-Glass Account Successful Sign In

Code Exfiltration By Guest Account

Compromised Sessions

Google Drive File with Excessive Sharing Permissions

Impossible Travel

IP Threat Detected

Login to Admin Console

Microsoft Entra ID Admin Activity Anomaly

New Country for Tenant

New IdP Created

Non-Human Identity with Interactive Browser Access

Okta Admin Activity Anomaly

Rare Browser Activity

Registered Location Mismatch

Risky Parallel Sessions

Service Account Successful Sign In

Service Principal Risk Detected

Shared Mailbox Successful Sign In

Sign In Threat Detected

Sign-in from Recently Created IdP

Successful Access from a Previously Only Failing IP

Super Admin Login to Google

Suspicious Activity Reported by End User

Unusual Repo Access

User IP in Blocked State

User Lock Out Risk Detected

User Trust Level Alert

Users With Defined Email Forward Rules

Users with New Email Forward Rules

Weak MFA Manually Activated and Utilized

PreviousCustomizing Checks NextIdentity Posture Management Checks

Last updated 22 days ago