Skip to main content

Identities

The Identities tab provides an overview of different identity types: users, roles, groups, and service accounts:

CSPM_Asset_Inventory_Identities_page_cp_455087_en.png

  1. Identities overview. An aggregated count of identities grouped per identity type.

    Note

    Each column indicates the number of identities per identity type, and you can use the filter option to customize the information listed in the table below.

    The following columns and filters are available:

    • IAM User

    • IAM Role

    • IAM Group

    • IAM Service Account

    If you apply the filtering option to one or more columns, the data is automatically populated in the search filter and the identities list is automatically refreshed according to your selection. You can further customize and refine your search by removing some of the pre-selected options from each column.

    CSPM_Asset_Inventory_Identities_filter_options_cp_455087_en.png

  2. Search filter. With this filtering option, you can apply one or multiple filters to the identities list. The following options are available in the drop-down:

    • Identity ID

    • Identity name

    • Identity status

    • Identity type

    • Provider

    • Scan account

    • Scan group

    • Sensitive access

    The search filter drop-down can be used as a standalone customization option or, in conjunction with the columns above the search filter.

    CSPM_Asset_Inventory_Identities_filter_cp_455087_en.png

  3. Identities list. This section displays the current list of identities that have been detected across your cloud devices and used to gather data. It contains the following columns:

    • Identity name / ID

    • Scope

    • Sensitive access

    • Resource count

    • Permission

    • Risk findings

Identity Details

By clicking on any row from each column, you can display the Identity Details panel, where you have access to the following details:

CSPM_Asset_Inventory_Identities_details_panel_cp_455087_en.png

  • Access graph button

  • Name

  • ID

  • Scope

  • Sensitive access

  • Risk findings

The lower half of the Identity Details panel, includes the following:

  • Findings

  • Resources

    • Resource type

    • Permission

  • Policies with the following columns and available filters:

    • Policy

      • Predefined

      • Custom

      • Identity-based

      • Resource-based

    • Sensitive access

      • Root User

      • Super Admin

      • IAM Admin

      • External Identity

    • Scope

      • Organization

      • Folder

      • Project

      • Account

      • Subscription

    • Permission

      • Read (R)

      • Write (W)

      • Tagging (T)

      • List (L)

      • Permissions (P)

      • Others (O)

  • Metadata

Access Graph

The Access Graph button offers a granular view of the access path from identities to resources for cloud infrastructure in your cloud environment. The graph is automatically updated with every scan. There are no additional setup steps required.

CSPM_Asset_Inventory_Identities_graph_overview_cp_455085_en.png

By default, the graph is zoomed out to show all resources and identities in the graph. The percentage to which it's zoomed out or in, can be found next to the legend which can also be viewed by clicking the eye icon next to it. Zooming in allows a closer inspection of the graph.

CSPM_Asset_Inventory_Resources_graph_legend_cp_455085_en.png

By clicking on each individual node you can display its details on the side panel. It will also highlight its connecting paths in the graph.

CSPM_Asset_Inventory_Identities_graph_node_cp_455085_en.png

You can find a list of all Access Graph components here.

In this section: