Show Transcript
Hide Transcript
In this video, we're going to take a closer look at verification in IRI. But beyond that, we're going to take a look at what it would take to integrate this to an external system. For us, this is going to be ServiceNow.
So you should be familiar by now that if someone generates a high risk or if there's a particular employee or a system account in your environment that you want to take a closer look at, you don't necessarily have to be responsible for that yourself. What most people want to do is create a collection of people or mailing groups that act as verifiers when we as administrators see something that needs to be checked. To create a verifier in your environment, go up to the menu and click on Collaborators.
From here, you can see I only have one account in my environment. And it's the account that we used to set this up in one of the previous videos. To create a collaborator that's specifically designed to be a verifier, simply click the Invite Collaborator button. Now just put a first name. We'll just make something up, Mark Hamill. And for an email, we'll put an account that I created for this purpose.
And now you have a choice to make. Is this person an administrator or a verifier? Now, they could be both if you'd like. You could set someone up as an administrator and a verifier. However, here, we're just going to set this person up as a verifier. So after you've entered the information-- first, last name, and the email address for this person-- click Invite.
Now, you can see on the Status column over here that this person is showing up as Invited. Now, if this person had already created an account in Starling, then this would show up as Registered already. And then we'd get a confirmation email simply saying, you're now a verifier. But because this person has never registered in Starling, this is going to generate an email to them saying, you've been invited as a verifier. And click here to register. So let's go take a look at that process before we continue.
OK. Here we are. We've received the email from One Identity. And you can see here, there's a hyperlink saying "Complete your registration." So let's go ahead and do that process for this verifier. We'll click the hyperlink. And as you can see, it remembers the information about this user. Let's go ahead and create a password, add our phone number, and agree to the terms of use. Once you've done that, you're ready to click the Start button. Confirm your password. And sign in.
From here, just click the Identity Analytics & Risk Intelligence service. And notice for this user, the dashboard isn't shown. This user is responsible for verifications only. And since this is a brand new user, there are no approved requests. There are no pending requests, et cetera.
So let's log back into our portal, create a high-risk user, and execute a verification request for that user. So here, you can see we've logged into our demo domain. And we're going to do something that's going to take a user from a no-risk situation and put them into a risk situation simply by adding them to the Admin group. Again, this may not be something you do normally. But for a demo, it works perfectly.
So to do this, we'll pick someone in the United States and just randomly pick someone. So how about Barbara Harper? We'll go to Member of, click Add, and add the Administrators group. Check that. Yep, that's right. Click OK. Click Apply. OK.
Now we'll go back into IRI, execute a collection, and see if Barbara pops up as a new high-risk account. Again, to initiate a collection, simply come to that collector, click on Actions, and Initiate Collection. As a reminder, this is something that would normally happen every 24 hours or on whatever schedule that you had defined. For us, we just want to execute it now. So there's nothing to keep you from going over and just saying, initiate the collection now.
So the collection finished. And now we're back on the dashboard. And if we scroll down, we'll see that we have a new high-risk account, Barbara Harper. You'll remember from the other videos that it's really easy just to drill down into Barbara Harper's account and find out why is it that she's considered a high-risk account. In this case, she's got a number of high-risk entitlements that she inherited by being a part of the Administrators group.
Any one of these rows you can click on. And then you're prevented with the rule evaluation details for this account. Again, every single one of those things are listed here. The one we clicked on is already open. So now is the time that you say to yourself, something about this looks fishy. And of course, obviously, being a part of the Administrator group is a big deal. But let's just say it was some entitlement in SharePoint, or maybe Barbara belongs to the marketing department, but for some reason, she's been given an IT role. Whatever that case may be, if you see something that you think is not right, the next best thing to do is click on "Request verification" right here.
When the dialog pops up, you have an ability to assign this to a verifier. So click the dropdown. And sure enough, there is our test account. So we'll select our test account and click Submit Request. Notice once you've done that, you're instantly shown on the UI that this is pending verification. And as an administrator, you can always go in and find out what verifications are pending, which ones have been closed, et cetera, simply by going up to the menu and clicking on Verification.
So as we can see, in our case, we