Skip to main content

Explore Identities and Identity Policies

The Explore: Identities page provides a list of identities or policies and their summary information.

  • The page displays identities by default.
    To display policies instead, select Policies from the dropdown. (Only summary information is currently available for policies.)
  • Use the filters or search if you want to display a subset of identities or policies. By default, the page displays all identities from the latest week.
  • Locate the identity that you want to investigate.
  • Observe some of the identity information available in the table:
    • Risk severity - Identify the most important to address
    • Risks - Discover what types of risks exist
    • Unused entitlements % - Determine which identities have excessive privileges
  • Click an identity in the list to display its details.
  • Save and share the view.

The following sections detail the actions you can take and the information you can view when exploring identities and policies.

Identities

To display identities, select Identities from the dropdown menu.

Identity Filters

Use the following methods to refine what is displayed in the identities list:

  • Use the search function at the top of the page to select a filter, operator, and values.
  • Click the filter dropdowns along the top of the page, select your choices, and click Show results. Click an active filter to remove it or click Reset click Show results.

The following table lists available identity filters.

FilterDescription
Cloud providerDisplay identities for the selected cloud provider.
Account IDDisplay identities for the selected account IDs.
Principal IDDisplay identities with matching principal IDs.
RiskDisplay identities with the selected risks.
Identity typeDisplay identities of the selected types.
NameDisplay identities with matching names.
TagsDisplay identities with the selected tags.
Access keysDisplay identities with the selected access keys.
Used entitlements %Display identities with the selected percentage of the total granted entitlements that have been used.
Unused entitlements %Display identities with the selected percentage of the total granted entitlements that are unused.
Risk severityDisplay identities with the selected severities.

Identities List

The list of identities appears below the filters and has the following information available.

Click the icons to refresh the table, download the table as a CSV, select columns, and search for specific text in the columns.

To go to an identity's details page, click an identity.

ColumnDescription
Identity nameAn identity name is a unique identifier or name assigned to an individual or entity within the cloud environment. It represents a specific user, service account, group, or role that has access rights and permissions to interact with the cloud resources and services.
Identity typeAn identity type refers to the classification or category of an identity within the cloud environment. Currently supported types: AWS group, AWS instance profile, AWS role, AWS root user, AWS service, AWS service-linked role, and AWS user.
Risk severityThe risk severity is the highest severity of the risks that are associated with the identity. Click the risk severity for details about the associated risks.
RisksThe risks that are associated with the identity. Color-coded icons indicate the risks' severities. Click the risks for details about the associated risks. Refer to Entitlement risks for a list of all possible risks.
Used entitlementsThe percentage and number of the total granted entitlements that are used.
Unused entitlementsThe percentage and number of the total granted entitlements that are unused.
Resources usedThe percentage and number of resources that the identity has used (in the past 180 days) that it is entitled to. A used resource refers to any digital asset that is utilized or interacted with by users, applications, or processes within the cloud environment.
Services usedThe percentage and number of services that the identity has accessed (in the past 180 days) that it is entitled to. A used service refers to a specific cloud service that is utilized or interacted with by users, applications, or processes within the cloud environment.
Linked identitiesThe number of identities that are linked to this identity. When a linked identity is established, it lets users authenticate themselves using their credentials from the external identity provider, and the cloud service provider verifies the identity and grants access based on the linked association. To view the specific identities, expand the value.
Last usedThe last time the identity was used to access a resource or entitlement.
Created onThe creation date.
Principal IDThe principal ID from the cloud service provider.
ProviderThe cloud service provider.
AccountThe account ID from the cloud service provider.
TagsThe tags assigned to the identity for categorization.
Key IDThe key ID from the cloud service provider.
Access keysThe access keys associated with the identity and whether they are active or inactive. You must guard them carefully because they can be used to access your cloud resources and perform unauthorized actions or compromise security.

Risk Severity

The overall risk window provides a description and severity for each risk. To open this window, click the risk severity or risks.

To view the identity's details, click Investigate.

The overall risk is the highest severity of the risks that are associated with the identity. To lower the overall risk, address all of the highest severity risks. This would lower the risk score to the highest severity of the remaining risks.

For example, if an identity has a critical overall risk with two critical risks and three medium risks, fixing all critical risks would lower the overall risk to medium.

Policies

To display policies, select Policies from the dropdown menu.

Policy Filters

Use the following methods to refine what is displayed in the policies list:

  • Use the search function at the top of the page to select a filter, operator, and values.
  • Click the filter dropdowns along the top of the page, select your choices, and click Show results. Click an active filter to remove it or click Reset and then click Show results.

The following table lists available policy filters.

FilterDescription
Cloud providerDisplay policies for the selected cloud provider.
AccountDisplay policies for the selected accounts.
Policy typeDisplay policies of the selected types.
Policy nameDisplay policies with matching names.
Last updatedDisplay policies with matching update times.
Created onDisplay policies with matching creation times.
TagsDisplay policies with the selected tags.

Policies List

The list of policies appears below the filters and has the following information available.

Click the icons to refresh the table, download the table as a CSV, select columns, and search for specific text in the columns.

To go to a policy's details page, click a policy.

ColumnDescription
Policy nameName of the policy.
Policy typeType of policy. Supported types include inline (group, role, user), managed (AWS, customer), and resource.
AccountThe account ID from the cloud service provider.
ProviderThe cloud service provider.
Last updatedThe last time the policy was updated.
Policy IDThe policy ID from the cloud service provider.
TagsThe tags assigned to the policy for categorization.
Created onThe date the policy was created.

Save and Share a View

When the page displays your desired data, click Save or Create view in the top right corner. This allows you to access the saved view later. You can also copy the link to a saved view by opening the list of saved views and clicking the Share view icon of the view you want to share. You can then send that link to others so they can see the same view. For more details about saved views, refer to Views Management.