Oort Knowledge Base
  • Home
  • Glossary
  • 📊Dashboard
    • Get Started Dashboard
    • Overview Dashboard
    • MFA Dashboard
  • 👥Understanding your users
    • 📇Users
      • 💾Saved Filters
      • ❓Basic Search & Advanced Query Mode
    • 🩻User 360
      • 🗺️Overview Tab
      • 🔬Activity Tab
      • 📶Networks Tab
      • 💻Devices Tab
      • 🪺Applications and Groups Tabs
      • ✅Checks Tab
    • 🛠️Triaging Alerts and Remediation Actions
    • 🔗Linking User Accounts
    • 🤷User Statuses
  • 🗃️Applications
  • 💻Devices
  • 🧩Configuring Integrations
    • Managed Integrations
    • Auth0
      • Auth0 Data Integration
      • Auth0 Log Streaming & Marketplace App
    • Microsoft Entra ID (Azure AD) Data Integration
    • Microsoft Entra ID (Azure AD) SSO Integration
    • Azure Event Hub Log Streaming for Microsoft Entra ID (Azure AD)
    • Azure Sentinel SIEM Integration
    • AWS
    • AWS User-Based Access [Deprecated]
    • Duo Security Integration
    • Email Notifications
    • Github
    • Google Workspace Integration
    • Jamf
    • Jira Integration
    • Mailgun Integration
    • Microsoft Teams Notification Integration
    • Okta Log Streaming AWS EventBridge Integration
    • Okta Data Integration
    • Okta Workflows
    • Okta Integration Network - Production SSO App
    • Okta SSO
    • Polarity Integration
    • Salesforce Integration
    • SendGrid Integration
    • ServiceNOW Integration
    • Slack
    • Snowflake
    • Webex Notification Integration
    • Webhooks
    • Workday
      • Manual Import (CSV)
      • Report as a Service (RaaS)
  • ☑️Understanding Check failures
    • 🔍Reviewing Check Results
    • 🧹Customizing Checks
    • 📖Cisco Identity Insights
      • Identity Posture Management Insights
        • Access from Denied Territories
        • Allow/Block Email Logins
        • Application Login Bypasses SSO
        • Applications with Expired Secret
        • HRIS Discrepancies
        • Identity Intelligence Client Secret Expiring Soon
        • Inactive Account Probing
        • Inactive Guest Users
        • Inactive Users
        • Missing Value in Mandatory Field
        • Never Logged In
        • No MFA Configured
        • No Strong MFA Configured
        • Okta Long Running Sessions
        • Okta Session Length Policy Compliance
        • Personal VPN Usage
        • Provider User Type Missing
        • Rate Limit Alert
        • Role Assigned to Azure Cloud Only Account
        • Salesforce Direct Login Settings
        • Shared Mailbox Sign In Enabled
        • Slack User Inconsistencies
        • Telecom MFA Limit Reached
        • Unmanaged Devices Access
        • Unused Application for a User
        • Upcoming App Key Expiration
        • User Authorized to Bypass MFA
        • User Has Directly Assigned Application
        • User in IDP but not in HRIS
        • User Password Expiration Failure
        • User Stuck in Non-functional State
        • Users Sharing Authenticators
        • Weak MFA Was Used To Successfully Sign In
      • Identity Threat Detection Insights
        • A Bypass Code Was Used To Successfully Sign In
        • Access From Dormant Account
        • Accounts With Unusually High Activity
        • Active Account Under Heavy Attack
        • Activity From Untrustworthy ISP
        • Admin Impersonation in Okta
        • Admin Role Assigned to User
        • Authenticator Registration Anomalies
        • Code Exfiltration By Guest Account
        • Compromised Session
        • Google Drive File with Excessive Sharing Permissions
        • Impossible Travel
        • IP Threat Detected
          • IP Threat Detected In Depth
        • Login to Admin Console
        • MFA Flood
        • Microsoft Entra ID Admin Activity Anomaly
        • New Country for Tenant
        • New IDP Created
        • Okta Admin Activity Anomaly
        • Rare Browser Activity
        • Registered Location Mismatch
        • Risky Parallel Sessions
        • Service Account Successful Sign In
        • Shared Mailbox Successful Sign In
        • Sign In Threat Detected
        • Sign-in from Recently Created IdP
        • Successful Access from a Previously Only Failing IP
        • Super Admin Login to Google
        • Suspicious Activity Reported by End User
        • Unusual Repo Access
        • User IP in Blocked State
        • User Lock Out Risk Detected
        • User Trust Level Alert
        • Users With Defined Email Forward Rules
        • Users With New Email Forward Rules
        • Weak MFA Manually Activated and Utilized
  • ⚙️Tenant Settings
    • 👨‍💼Role-based Access (RBAC) and Tenant Access Logs
    • Systems Logs
  • 🏥Identity Posture Score
  • 🚨User Trust Level
  • How-to Guides
    • 🔐Accessing and Securing your Cisco Identity Intelligence Tenant
    • 🏎️Can Identity Intelligence analyze behavior and fail checks more frequently?
    • 🛂Importing Known IP Address Lists
    • 🔎Networks Tab & User Investigations
    • 🔁Okta Workflows Webhook Example
    • 🗃️Understanding HRIS Data and SCIM
    • MFA Factors FAQ
  • Public API
    • APIs
  • Troubleshooting & Support
    • API Permissions for Integrations
    • Responsible Disclosure Policy
  • Best Practices
    • 🛣️What’s Next? How to use Identity Intelligence effectively
    • 📚Identity Security Reading List
    • ✍️KPIs for
 IAM Teams
  • Blogs
    • 0ktapus for humans
    • Oort Releases GitHub Integration To Extend Identity Threat Detection
    • Oort Recognized Twice as a Sample Vendor in Gartner® 2023 Hype Cycle Reports™
    • Oort's Response Capabilities: Remediate Compromised Accounts with Just One Click
    • Oort Unveils Dashboard, Providing A Single Pane of Glass for Identities
    • Oort’s New Identity Security Dashboard
    • Oort Unveils Identity Technology Ecosystem, Bringing Identity Data out of Orbit and Into View
    • Oort: Your Security Layer On Top Of Okta
    • Populating the Unpopulated: Challenges of Building a Comprehensive User Inventory
    • Protecting IT Help Desk Teams Against Cyber Attacks
    • Protecting Salesforce Accounts from Takeovers and Ungoverned Access
    • Restrict Guest Access Permissions: Best Practices and Challenges
    • Seizing the Communication Opportunity: Aligning Perspectives in Identity Security
    • Session Hijacking in a Post-Genesis World
    • SIEM vs. Security Data Lake: Why it's Time to Rethink Your Security Program
    • Speaking the Same Language for Identity Security: Identify, Protect, Detect, Respond
    • State of Identity Security research reveals 40% of accounts use weak or no form of multi-factor authentication to protect identities
    • Strengthening Identity Controls: Mapping to CIS CSC and NIST CSF Security Frameworks
    • Strengthening Identity Security with Single Sign-On (SSO) Systems
    • Succeeding with Proper Detection for Identity Security: A Comprehensive Approach
    • Taking a Data-Driven Approach to Identity Security
    • The Concerning Prevalence of Weak Second Factors
    • The Crucial Role of an Identity Security Leader
    • Why I am Joining Oort
    • The Quest for a Passwordless World
    • Understanding Azure Active Directory (Azure AD)
    • Understanding the Implications of New SEC Rules on Cyber Incident Disclosure
    • Unlocking the Power of Zero Trust: The Crucial Role of Identity and Oort's Identity Security Platform
    • Respond Even Quicker to Identity Threats
    • What to Look Out For at Gartner IAM
    • 7 Critical Requirements for Securing Third-Party and Vendor Access
    • Best Practices for Efficiently Responding to Identity Threats
    • Announcing our Identity Technology Partner Ecosystem
    • Catching waves and building clouds
    • Cisco Announces Intent to Acquire Oort
    • CISO Perspectives: Eric Richard, HubSpot
    • Defining Roles & Responsibilities for an Identity Security Program
    • Detecting Session Hijacking
    • 8 Things to Look for in an ITDR Solution
    • Enhancing Identity Threat Detection: Introducing Oort’s New GitHub Integration
    • Founder Perspective: Matt Caulfield On Why He Started Oort
    • Founder Perspective: Vision To Reality
    • Four Reasons Why Traditional SIEMs Fall Short For Identity Security Programs
    • How Oort Partners with Duo for Unbeatable Secure Access
    • Governance, Risk, and Compliance
    • How to Find Inactive Users
    • Identity and Access Management and Oort Explained
    • 5 Identity Security Questions Every IAM Leader Needs to Answer
    • Identity security is bigger than just ITDR
    • Identity is the apex threat vector, so why is identity security still a mess?
    • Identity Threat Detection
    • Identity Threat Detection and Response: what you need to know
    • Identiverse 2023: What I'm Looking Forward to & What Not to Miss
    • Interview with Oort: Best Practices for Managing & Protecting Service Accounts
    • Interview with Alex “Sasha” Zaslavsky (Oort Data Science Lead)
    • Interview with Andy Winiarski (Head of Solutions Engineering)
    • Interview with Nicolas Dard (Oort’s VP of Product Management)
    • Introducing our Latest Integration to Protect Identities in AWS
    • Introducing The 2023 State of Identity Security Report
    • Maintaining a Strong Identity Security Posture: Why IAM Hygiene Matters
    • Managing Machine Identities: A Comprehensive Guide
    • Managing Risk In Shipwreck Diving and Security
    • Monitoring MFA Usage and Adoption: Strengthening Your Security Strategy
    • Okta Breach: Why Attackers Target GitHub, and What You Can Do to Secure It
    • Okta Security
    • Oort and Polarity Combine to Provide Instant Context on Identities
    • Oort + Polarity: Instant Identity Context to Power Investigations and Response
    • Oort Announces $15M in Seed and Series A Funding Round
    • Oort Stacks Go-to-Market Leadership Team Following Series A Investment
    • Oort Extends Identity Threat Detection with New AWS Integration
    • Announcing General Availability of the Oort Identity Analytics & Automation Platform
    • Oort Joins Forces with Microsoft Intelligent Security Association to Bring Visibility into Unmanaged Devices
    • Oort Joins the Microsoft Intelligent Security Association (MISA)
    • Building an Effective Identity Security Program: A Comprehensive Handbook
    • Oort Launches Identity Security Platform in Auth0 Marketplace
    • Oort Launches Identity Security Platform in AWS Marketplace
    • Oort Launches One-Click Remediation Actions for Streamlined Identity Security Response
    • Oort Origins and Our Vision for Identity Security
  • Release Notes
    • Week 22, 2024
    • Week 21, 2024
    • Week 20, 2024
    • Week 19, 2024
    • Week 18, 2024
    • Week 17, 2024
    • Week 16, 2024
    • Week 14, 2024
    • Week 13, 2024
    • Week 11, 2024
    • Week 9, 2024
    • Week 7, 2024
    • Week 5, 2024
    • Week 4, 2024
    • Week 3, 2024
    • Week 2, 2024
    • 2023
      • Week 49, 2023
      • Week 48, 2023
      • Week 47, 2023
      • Week 46, 2023
      • Week 45, 2023
      • Week 44, 2023
      • Week 43, 2023
      • Week 42, 2023
      • Week 41, 2023
      • Week 40, 2023
      • Week 39, 2023
      • Week 38, 2023
      • Week 37, 2023
      • Week 35, 2023
      • Week 34, 2023
      • Week 33, 2023
      • Week 32, 2023
      • Week 31, 2023
      • Week 30, 2023
      • Week 29, 2023
      • Week 28, 2023
      • Week 27, 2023
      • Week 26, 2023
      • Week 25, 2023
      • Week 24, 2023
      • Week 23, 2023
      • Week 22, 2023
      • Week 21, 2023
      • Week 20, 2023
      • Week 19, 2023
      • Week 18, 2023
      • Week 17, 2023
      • Week 16, 2023
      • Week 15, 2023
      • Week 13, 2023
      • Week 12, 2023
      • Week 11, 2023
      • Week 10, 2023
      • Week 9, 2023
      • Week 8, 2023
      • Week 7, 2023
      • Week 6, 2023
      • Week 5, 2023
      • Week 4, 2023
      • Week 3, 2023
      • Week 2, 2023
      • Week 1, 2023
    • 2022
      • Week 51, 2022
      • Week 50, 2022
      • Week 49, 2022
      • Week 48, 2022
      • Week 47, 2022
      • Week 46, 2022
      • Week 43, 2022
      • Week 42, 2022
      • Week 41, 2022
      • Week 38, 2022
      • Week 37, 2022
      • Week 36, 2022
      • Week 35, 2022
      • Week 34, 2022
      • Week 33, 2022
      • Week 32, 2022
      • Week 31, 2022
      • Week 30, 2022
      • Week 29, 2022
      • Week 24, 2022
      • Week 12, 2022
Powered by GitBook
On this page
  • Overview
  • Applications
  • Groups
  1. Understanding your users
  2. User 360

Applications and Groups Tabs

PreviousDevices TabNextChecks Tab

Last updated 2 months ago

Overview

The Applications and Groups tabs in the User 360 profile can show you a user's static entitlement data, providing a better understanding of what a user has access to, and how they have access to it.

The and tab are the fifth and sixth tabs, respectively, of the User 360. Below we'll dive into the specific data and functionality for each tab.

Applications

On the Applications tab, you will see a table of the applications assigned to a given user, as well as a few visualizations related to the user's application usage.

Applications table elements

The section below details the fields that appear in the Applications table, as well as the definition of each field:

Element
Definition

Name

Source

The identity source associated with the application assignment

Status

Only available for Okta The Okta application status

Assignments

The group membership that allows a user to have access to a particular application. Users can gain access to an application without a group (blank or 'directly assigned application') or via more than one group, where you'd see multiple group names in this column

Owners

Only available for Entra The individual listed as the application's owner in Entra

Usage Count

The number of times a user has used a particular application

By default, the table is sorted on usage count in descending order (most frequently used to least frequently)

Last Access (UTC)

The last date and time the user accessed an application

Result

The result associated with the user's last access attempt for an application

Applications tab general actions

The Applications table offers multiple high level features that are similar to what can be found elsewhere in the platform. Click through the tabs below to learn more about how to utilize each feature.

View Activity

View Users

Sort columns

All columns, except 'Assignments' and 'Owners', can be sorted in ascending or descending order on the Applications table. To sort by a specific column value, click the column header to switch between ascending and descending. By default, the Applications tab is sorted in descending order (highest to lowest) on Usage Count.

Add more rows

By default, the Applications table will show 12 rows at a time. To see 24 or 48 rows in one view, click on the Rows per page button on the bottom right of the Applications table

If there are more than 48 applications assigned to a user, use the left and right arrows to navigate to other pages.

Application usage visualizations

The Applications tab has 3 widgets that display data about a user's application assignment and usage trends.

  • Applications usage - Total number of applications assigned to the user, broken down by used applications and unused applications

    • Hovering over a segment of the pie chart will display a tool tip with the application count

  • Applications usage over time - A given user's total application usage count per day, color coded by application

    • Hovering over a segment of a given bar will display a tool tip with the date, application name and usage count. By default the view is set for 30 days, but this can be adjusted to see a wider or smaller window of time using the + and - buttons in the top right corner of the widget

  • Median apps per user - Compares the median number of applications a particular user has assigned to them versus all users in the organization, other users in their department and other users reporting to the same manager (if department and manager data is available for the given user)

    • Hovering over a bar will display the median application count per user for each category

To export any of the visualizations, click on the 3 line button in the top right corner of the desired widget. Downloading as a SVG or PNG will export an image, whereas downloading as a CSV will export the raw data for you in CSV format.

Groups

Similar to the Applications tab, the Groups tab also shows you static entitlement data related to a given user's group assignments.

If there have not been recent changes to a user's groups, the changelog widget to the left of the Groups table will not be visible.

Group table elements

The section below details the fields that appear in the Groups table, as well as the definition of each field:

Element
Definition

Name

The name of a particular group the given user is part of. If available from the source, it will also display a description of the group and the date the user was added to this group

Type

A given user's role type or group type for a specific group within the identity source Note: Certain role (ex: PIM Admin) or group (ex: Microsoft365) types are only available for certain identity source

Source

The identity source associated with the group

Added By

The email address of the user who added a given user to the group

Applications

The number of applications members of the group have access to

Users

The total number of users assigned to the group

Visibility

Groups tab general actions

The Groups table offers multiple high level features that are similar to what can be found elsewhere in the platform. Click through the tabs below to learn more about how to utilize each feature.

Search issues

Use the search bar above the Groups table to search based on various fields such as group name, description or associated application names. When searching, you do not need to provide an exact value. Typing a piece of the word will return results.

You can also add a value from the Type or Source column as a search parameter by clicking the value in the table (ex: Role or Okta).

If you have searched on a particular parameter, the search criteria is retained as you navigate between different tabs within the platform.

To clear the search bar click the X on the right most side of the search bar.

Sort columns

All columns, except 'Added by' and 'Applications', can be sorted in ascending or descending order on the Groups table. To sort by a specific column value, click the column header to switch between ascending and descending. By default, the Groups tab is sorted in descending order (A-Z) on Name.

See more Group data

This will open a slide panel from the right side of the page, that has 2 tabs - Applications and Changelog

  • Applications shows you the names of the applications associated with a given group

  • Changelog shows you changes associated with a given group, including the name of the group, the user who made the change, the date and time of the change, and what the change was (added, removed, etc). The same information can be found in the Changelog widget to the left of the table if there has been any activity for the give user

To close the slide panel, click the in the top right corner, or click anywhere outside of slide panel.

Group visualizations

The Groups tab has 2 widgets that display data about a user's group assignments and group changes.

  • Group changes over time - A given user's total number of group changes per day, color coded by change type (added or removed)

    • Hovering over a segment of a given bar will display a tool tip with the date, change type, and event count. By default the view is set for 30 days, but this can be adjusted to see a wider or smaller window of time using the + and - buttons in the top right corner of the widget

  • Median Groups per user - Compares the median number of groups a particular user is assigned to them versus all users in the organization, other users in their department and other users reporting to the same manager (if department and manager data is available for the given user)

    • Hovering over a bar will display the median number of groups per user for each category

To export any of the visualizations, click on the 3 line button in the top right corner of the desired widget. Downloading as a SVG or PNG will export an image, whereas downloading as a CSV will export the raw data for you in CSV format.

The application name and application user ID a ssociated with the application for the user If an application is on your list, there will be a 'Sensitive Applications' tag next to the application name

Click the 3 dot button to the right of the last column, to find the View Activity action. This will take you to the user's tab, pre-filtered on the application name, so that you can see all of a given user's activity/events for a particular application.

Click the 3 dot button to the right of the last column, to find the View Users action. This will take you to the page, pre-filtered on the application name, so that you can see all the users in your environment who have this application assigned to them.

Clicking on a group name will take you to the page, pre-filtered on the group name to show you other users that are part of a particular group Hover over the group name or description to see a tooltip with the full details

Only compatible with Entra groups. Used to manage and control access to applications. Possible values as : - Public - Private - Hidden

Like in the and table, clicking on the blank space in a given row will show you more information on a particular group.

Clicking on View Activity for a particular application will take you to the user's tab, pre-filtered on events associated with the selected application

Clicking on the Application name will take you to the page, pre-filtered on the Application name so you can see all other users who have been assigned the selected application

Clicking on a Group name in either the slide panel or the Changelog widget will take you to the page, pre-filtered on the Group name so you can see other users associated with the selected group

👥
🩻
🪺
Activity
Users
Activity
Networks
Activity
Users
Users
Users
defined by Entra
Applications
Groups
Sensitive Applications