Skip to main content

Access Reviews with Thoropass

access review, integrations

A
Written by Annie Gregory
Updated over 7 months ago

πŸ“£ New Features Available in the Coming Months πŸ“£

  • Consecutive access reviews - making your next reviews SUPER easy.

  • 50+ More integrations for access review!

  • SSO Context - Groups and grants from your integrated SSO provider.
    ​Starting with support for Okta

Thoropass's Integrated Access Review will save you time and effort when reviewing your organization's privileged user access.

Access reviews with Thoropass will:

  • Remind you to to start your reviews according to your policy's timelines.

  • Suggest the most important in-scope and critical systems to review.

  • Help you assign and track progress.

  • Leverage your new and existing integrations with Thoropass.

  • Automate the attachment of evidence for audits (when applicable).

  • Leverage historical access reviews to speed up the process next time (Coming soon!).

Key Terms

Access Review Plan: The object that contains all of your individual system access reviews. The Access Review Plan has a global due for all reviews contained within it, and your organization will have many Access Review Plans over time.

Plan Owner: The employee responsible for your Access Review Plan, including assigning owners to individual system access reviews.

System Owner: The employee responsible for the access review of a given system, such as Github or AWS. One employee can be responsible for many system access reviews.

Create your Access Review Plan

First, we'll email the owner of the Review of User Privileges control when it's time to set up their next Access Review Plan.

When creating their Access Review Plan, we'll guide the Plan Owner through selecting the vendors and systems to be reviewed.

Wherever possible, we'll suggest systems that you've already marked as current vendors, systems marked as in-scope, or even recommend systems that we see other organizations like yours using.

Perform your system access reviews

Each System Owner will receive an email, an in-app alert, and a task informing them that they have been assigned an access review.

We'll guide the System Owner with clear instructions about their goal, process, and due dates. If the system being reviewed is integrated with Thoropass, we'll import the user list and any other relevant information we can find.

During the review, the System Owner will propose changes for each user account: maintain access, revoke access, or change access.

When all proposed changes have been recorded, the System Owner will be able to download an Access Review Report for use in your organization's IT change management process.

πŸ’‘ If the system being reviewed isn't integrated with Thoropass, you can choose to integrate or simply upload the results of your external access review.

Track the progress of all reviews

The Plan Owner (or any Thoropass admin) can review all progress from their dashboard, or filter the pending tasks to see which reviews are still in progress.

If any access review needs to be re-evaluated, the Plan Owner can reopen the review and request changes, notifying the System Owner by email, in-app alert, and task.

Finalize the Access Review Plan

When all system access reviews have been completed, the Plan Owner can finalize the Access Review Plan and attach the plan as evidence for ongoing or future audits.

Did this answer your question?