How can we help?

Search

SSO Audit Report

Uri Nativ
Uri Nativ
  • Updated

 

The SSO Audit Report helps you pinpoint SSO misconfigurations, ensuring that all applications enforce SSO login as intended.

What is the SSO Audit Report?

The SSO Audit Report highlights instances where applications configured for SSO are accessed without using SSO. This can reveal misconfigurations, such as an app not enforcing SSO login, which can potentially compromise your security protocols.

How to Use the SSO Audit Report

  1. Select Your SSO Provider
    • At the top of the report, you will find a dropdown menu. Select your SSO provider from this list (e.g., Okta, AzureAD, etc.). This will filter the report to show data relevant to the chosen provider.
  2. Understanding the Report's Layout
    • The report displays every application that has logins via a third-party app (your selected SSO provider).
    • For each application, the report provides the following details:
      1. Number of Managed Users: These are users that Torii has identified as accessing the app via the SSO provider.
      2. Number of Unmanaged Users: These are users that Torii has detected accessing the app without using the SSO provider.

Analyzing the Report

When you encounter applications with unmanaged users, it is crucial to investigate further. Unmanaged users might indicate that there are individuals accessing the application without the SSO provider, suggesting a potential misconfiguration.

Suggested Action

For any application with unmanaged users:

  • Verify SSO Enforcement: Ensure that SSO login is enforced for the app. This may involve checking the app's SSO settings, consulting your IT team, or adjusting the configuration to mandate SSO access.

Limitations of the SSO Audit Report

  1. Configuration vs. Discovery:
    The report does not reflect the current SSO configuration but relies on discovery through usage. As a result, it might show apps that are no longer connected to SSO.
  2. No Time Frame Limitation:
    The report is not limited by a time frame and can show users who have been offboarded and are no longer relevant.

By regularly reviewing the SSO Audit Report, you can maintain robust security measures and ensure that all applications adhere to your SSO policies. This proactive approach helps prevent unauthorized access and secures your organizational data.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request