Skip to main content
Skip table of contents

Identity Dashboards

The pre-built Value-Oriented Dashboards include the following identity dashboards:

  • Unauth User Accounts. This dashboard displays information about users, their authentication status, and their access.

Required Connectors

To find all the assets and users in your environment and also find information about SSO and identity management, Lucidum recommends you configure Lucidum connectors for:

  • The Endpoint Management solutions in your environment (for example, Jamf, Intune, Citrix Endpoint Management, Symantec Endpoint Management, Hexnode)

  • The Mobile Device Management solutions in your environment (for example, Addigy, Citrix Endpoint, Jamf Pro, Kandji)

  • The directory solutions in your environment (For example, Azure AD, Microsoft AD, Jump Cloud, PingOne, OpenLDAP,)

  • The SSO solutions and identify and access management solutions in your environment (for example, Okta, AWS IAM, PingOne, OneLogic, SecurAuth)

  • The DHCP solutions in your environment (For example, Infoblox, Efficient IP, BlueCat)

  • The VPN solutions in your environment (For example, Cisco AnyConnect, FortiClient, Palo Alto VPN, Citrix Gateway, Zscaler Private Access)

  • The cloud solutions in your environment (for example, AWS, Azure, Google Cloud, Oracle Cloud)

Syntax

When you see :: in a query, this means that the query includes a field of type “list”. For example, this query:

User Status::Source match okta AND User Status::Status match Deprovision or User Status::Status match Suspended.

looks like this in the Query Builder

Unauth User Accounts

The Unauth User Accounts dashboard displays information about users, their status (deprovisioned, suspended, unauthorized, unmanaged), and their access to your environment.

The Unauth User Accounts dashboard looks like this:

Base Query

Most of the charts in this dashboard use the following base query:

Data Sources match okta_user

In this dashboard, we use Okta as an example. To edit these dashboards to match your environment, choose the Data Source that matches your SSO or identity solution.

Note that Okta uses the statuses “Deprovisioned” and “Suspended”. Other SSO or identity solutions might use different statuses. If you edit this dashboard to use a solution other than Okta, you should also edit the status values to match those used in your solution.

Charts

To view details about each chart, click the pencil icon (

).

  • Total Okta User and Application Accounts. This chart displays a count of all user accounts and application accounts in okta.

    • This chart uses the query Data Sources match okta

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum User Name that matches the query) for display in the chart. This chart does not use an additional filter.

    • The Chart Type is “Big Number.

  • Okta User & Application Accounts Total Accounts. This chart displays the number of Okta users found each day.

    • This chart uses the query Data Sources match okta_user

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum User Name that matches the query) for display in the chart. This chart uses the additional filter count Lucidum User Name by Record Generated Time::Day. This filter counts the number of Lucidum User Names from ingested from Okta each day.

    • The Chart Type is “Bar”.

  • Okta Users By Application. This chart displays the top applications used by okta users.

    • This chart uses the query Data Sources match okta_user

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum User Name that matches the query) for display in the chart. This chart uses the additional filter count Lucidum User Name by Applications::Name. This filter counts the number of Lucidum Users Names and sorts those names by application.

    • The Chart Type is “Bar”.

  • Deprovisioned/Suspended Okta User & App Accounts. This chart displays the number of okta users who have been deprovisioned or suspended.

    • This chart uses the query User Status::Source match okta AND User Status::Status match Deprovision OR User Status::Status match Suspended.

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum User Name that matches the query) for display in the chart. This chart does not use an additional filter.

    • The Chart Type is “Big Number”.

  • Okta User & Application Accounts Deprovisioned or Suspended. This chart displays the number of deprovisioned or suspended Okta users found each day.

    • This chart uses the query Data Sources match okta AND User Status::Status match Deprovisioned OR User Status::Status match Suspended

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum User Name that matches the query) for display in the chart. This chart uses the additional filter count Lucidum User Name by Record Generated Time::Day. This filter counts the number of Lucidum Users Names from ingested from Okta each day.

    • The Chart Type is “Bar”.

  • Non-Okta User Accounts Not in Okta at All & Exist Elsewhere. This chart displays the number of users who are active in your environment but not managed in Okta.

    • This chart uses the query Data Sources not match Okta AND Status Match active OR Status match attached OR Status match provisioned AND Status not match Deprovisioned. This query looks for user accounts where the data source is not okta, the account has not been deprovisioned in Okta, and the account is active, attached, or provisioned.

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum User Name that matches the query) for display in the chart. This chart does not use an additional filter.

    • The Chart Type is “Big Number”.

  • Non-Okta Accounts Not in Okta at All & Exist Elsewhere. This chart displays the name of users who are active in your environment but not managed in Okta.

    • This chart uses the query Data Sources not match Okta AND Status Match active OR Status match attached OR Status match provisioned AND Status not match Deprovisioned. This query looks for user accounts where the data source is not okta, the account has not been deprovisioned in Okta, and the account is active, attached, or provisioned.

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum User Name that matches the query) for display in the chart. This chart uses the additional filter count Lucidum Asset Name by Lucidum User Name. This means that the filter displays the Lucidum User Name that matches and query and displays the number of assets for each user name.

    • The Chart Type is “Table”.

  • Unauthorized Users Deprovisioned/Suspended in Okta & exist elsewhere. This chart displays a count of user accounts that have been deprovisioned or suspended in Okta but that still exists in other applications.

    • This chart uses the query User Status::Source match okta_user AND User Status::Status match Deprovision OR User Status::Status match Suspended AND Data Sources match sentry OR Data Sources match aws OR Data Sources match aviatrix OR Data Sources match lacework OR Data Sources match cloudflare OR Data Sources match lucidum OR Data Sources match gcp. This query looks for users that were previously in Okta and are either deprovisioned or sustepended in Okta but still active in Sentry, AWS, Aviatrix, Lacework, Cloudflare, Lucidum, or GCP.

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum User Name that matches the query) for display in the chart. This chart does not use an additional filter.

    • The Chart Type is “Big Number”.

  • Unauthorized Users Depov./Suspended in Okta & Exist Elsewhere. This chart displays the name of each user account that has been deprovisioned or suspended in Okta but that still exists in other applications.

    • This chart uses the query User Status::Source match okta_user AND User Status::Status match Deprovision OR User Status::Status match Suspended AND Data Sources match sentry OR Data Sources match aws OR Data Sources match aviatrix OR Data Sources match lacework OR Data Sources match cloudflare OR Data Sources match lucidum OR Data Sources match gcp. This query looks for users that were previously in Okta and are either deprovisioned or suspended in Okta but still active in Sentry, AWS, Aviatrix, Lacework, Cloudflare, Lucidum, or GCP.

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum User Name that matches the query) for display in the chart. This chart uses the additional filter count Lucidum Asset Name by Lucidum User Name. This means that the filter displays the Lucidum User Names that match the query and displays the number of assets for each user name.

    • The Chart Type is “Table”.

  • Unauthorized Users Deprovisioned/Suspended in Okta, active elsewhere. This chart displays a count of users that were previously managed in Okta and are either deprovisioned or suspended in Okta but still active in Sentry, AWS, Aviatrix, Lacework, Cloudflare, Lucidum, or GCP and the user account is active, attached, or provisioned in these other applications.

    • This chart uses the query User Status::Source match okta_user AND User Status::Status match Deprovision OR User Status::Status match Suspended AND Data Sources match sentry OR Data Sources match aws OR Data Sources match aviatrix OR Data Sources match lacework OR Data Sources match cloudflare OR Data Sources match lucidum OR Data Sources match gcp AND User Status:Status is equal to ACTIVE OR User Status:Status is equal to Attached OR User Status:Status is equal to Active. This query looks for users that were previously managed in Okta and are either deprovisioned or suspended in Okta but still active in Sentry, AWS, Aviatrix, Lacework, Cloudflare, Lucidum, or GCP and the user account is active, attached, or provisioned in these other applications.

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum User Name that matches the query) for display in the chart. This chart does not use an additional filter.

    • The Chart Type is “Big Number”.

  • Unauthorized Users Showing Asset Count. This chart displays the user names of users that were previously managed in Okta and are either deprovisioned or suspended in Okta but still active in Sentry, AWS, Aviatrix, Lacework, Cloudflare, Lucidum, or GCP and the user account is active, attached, or provisioned in these other applications.

    • This chart uses the query User Status::Source match okta_user AND User Status::Status match Deprovision OR User Status::Status match Suspended AND Data Sources match sentry OR Data Sources match aws OR Data Sources match aviatrix OR Data Sources match lacework OR Data Sources match cloudflare OR Data Sources match lucidum OR Data Sources match gcp AND User Status:Status is equal to ACTIVE OR User Status:Status is equal to Attached OR User Status:Status is equal to Active. This query looks for users that were previously managed in Okta and are either deprovisioned or suspended in Okta but still active in Sentry, AWS, Aviatrix, Lacework, Cloudflare, Lucidum, or GCP and the user account is active, attached, or provisioned in these other applications.

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum User Name that matches the query) for display in the chart. This chart uses the additional filter count Lucidum Asset Name by Lucidum User Name. This means that the filter displays the Lucidum User Names that match the query and displays the number of assets for each user name.

    • The Chart Type is “Table”.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close