Monitor unauthorized SaaS logins of offboarded users
Deprovisioning SaaS access for offboarded users is not a set it and forget it. Offboarded users could have their access accidentally reactivated, or an inside attacker could serve a more malicious threat. It's critical to monitor these logins to enforce your organization's security policies. Oomnitza can automate this process, and notify relevant teams and users to secure your environment.
The systems/services being acted upon
Credentials required & how/where to obtain
- Oomnitza API
Additional Oomnitza field required/recommended
- Offboarded date
Blocks required and suggested
- Conditional Threshold
Commands and calls
- Oomnitza APICollect the Oomnitza User SaaS login from Oomnitza (captured leveraging SaaS integration)
- Workflow Variable for latest login(s)
- Compare to Offboarding date
- FailureMessage “Offboarded user logged into SaaS"
IT will be notified of any unauthorized logins of offboarded users.