Evalto Inactive User Reporting App-Pack Ensures Active User Assignments for Risk and Compliance Tasks
Overview
The Evalto Inactive User Reporting app-pack enables you to proactively monitor records to ensure assignment of active users to key business processes across all applications and questionnaires in Archer. When any type of inactive user is identified in open/active/incomplete records, designated Report Owner(s) for the target application receive an email and report with the necessary information to replace inactive users with active users.
What are the types of “Inactive Users”?
Inactive users are caused by several common scenarios, including:
- Staff Turnover - Layoffs, attrition, temporary workers, etc.
- Organizational/Access Changes - Staff moving between teams/jobs (users no longer in a group)
- Locked accounts - Too many invalid login attempts
- Automatic Account Deactivation - After X days of inactivity (Security Parameter setting)
- LDAP Sync Inactivation - Intentional or unintentional account deactivation
How did inactive users get in my active/open records?
Even when using the “Exclude Inactive Users” feature in record permission fields, users listed in records can become inactive over time based on any of the scenarios outlined above. The question is, will you be able to identify inactive users and reassign tasks before the due dates?
What is the problem if I have inactive users in records?
Put simply: inactive users do not complete tasks. It can also increase risks and costs.
When incomplete/open records are assigned to inactive users (example “Assigned to” user in Findings), those tasks cannot be completed because notifications are not sent to inactive users, the inactive user cannot login to complete their task, the task/record is stuck in the workflow, and ultimately the task becomes past due.
Your organization implemented Archer to identify, monitor, and reduce various risks. Failing to identify and remediate inactive users in open/incomplete records increases the very risks you want to reduce.
Key Features
- Easily create reporting configurations per application or questionnaire to find inactive, locked and/or users no longer in groups.
- Filter/limit reporting to specific records (such as active, open, published).
- Customize report frequency per configuration (daily, weekly, monthly, and custom).
- Email notification sent to separate Report Owners per configuration if inactive users are found.
- Easily open the impacted record and update the record with an active user.
- Optionally use a .CSV file attachment for tracking updates or data imports.
- Utilize a review workflow for tracking and influencing dashboard reporting.
Key Benefits
- Eliminate regulatory fines, legal fees, opportunity costs, realized risks, and wasted time from the risks of inactive users responsible for risk and compliance tasks.
- Simple and elegant solution to proactively identify inactive users responsible for key tasks or activities.
- Reports of inactive users are sent to specific Report Owners who can remediate the issue (does not have to be system admins).
- Ensure key risk/compliance tasks and processes are completed on time.
- Proactively address problems long before campaigns are created, emails are sent, and records are past due.
How to use the Evalto Inactive User Reporting app-pack:
Step 1: Create an Inactive User Config Record
Quickly and easily setup an Inactive User Config record in Archer by selecting which application/questionnaire to monitor, report frequency, Report Owners to receive reports, which record permission (or user/group) fields to monitor, and criteria for open records. All the IDs in the image below are automatically populated using the Setup functionality making the creation of a config record a simple and quick one-time task.
Step 2: Automated Processing Creates Reports when Inactive Users are Found
Data Feeds (or scheduled Jobs for SaaS customers) use the configuration settings in Step 1 above to automatically identify target records with inactive users and generate reports. The reports are saved as Archer records and an email is sent to the Report Owners specific to that application/questionnaire to remediate.
Step 3: Report Owners Remediate Records
The Report Owner who is most knowledgeable about the target application reviews the report. The report includes details on which records have inactive users, the field with the inactive user, and the inactive user’s name/account information. The Report Owner can then start the remediation process of identifying and replacing the inactive user with an active user.
What's new in Version 2.0 of the Evalto Inactive User Reporting app-pack?
Originally released on the Archer Exchange in August 2020, Evalto Inactive User Reporting V2.0 takes a leap forward in ease of configuration, the addition of reporting users who are no longer in access groups, added support for SaaS/Hosted customers, and many other requested enhancements.
- Ease of Config Setup: A new setup button automatically pulls a list of applications and questionnaires. After selecting an app/questionnaire, all record permission and user/group fields are available for selection, as well as any numeric fields for filtering. Optionally, Report Owners without system administrator access can manage the config easily.
- Users No Longer in Access Groups: This eliminates the pain point when users move between teams within your organization and lose access to records in process. While these users are not technically inactive, they cannot complete tasks or receive emails once access is removed.
- Support for SaaS/Hosted Customers: This feature allows Archer SaaS or hosted customers to execute inactive user reporting logic to identify inactive users and produce reports outside of a JavaScript Transporter Data Feed using an enterprise job scheduler or Windows Task Scheduler. On-premises Archer customers can also use this implementation for increased performance and detailed error logging.
- Additional Updates:
- Increased number of monitored fields to 10 per app/questionnaire
- Added additional information to reports
- Reason/status of user: inactive, locked, and/or not in group
- User’s last login date
- Added new scheduling option: Last Day of Month
- Increased flexibility of backend configuration of URLs/paths for various web server configurations
Interested in learning more about the Evalto Inactive User Reporting app-pack?
Register and join us for a Free Friday Tech Huddle on Friday, February 26, for an overview and live demo. Free Friday Tech Huddles are only available to Archer customers. If you are not yet a customer but you are interested in learning more, please contact your local representative or authorized reseller — or visit us at http://www.rsa.com.
Visit Evalto’s website to learn more about the Evalto Inactive User Reporting Solution and license pricing & options. If you have any questions or feedback, please get in touch via Evalto’s Contact Page.
About the author(s):
Douglas Campbell
President - Evalto, Inc.
Doug has a strong history of innovative experience in application development, software and infrastructure architecture, IT security, IT Auditing, and 11 years of dedicated development, administration, and consulting on Archer. Those skills culminate to bring you outstanding results for your risk programs.
Doug is wildly passionate about automating Governance, Risk, and Compliance (GRC) activities using the Archer platform so organizations can spend less time on managing risk/compliance and more time on growing their business. At Evalto, Inc. he provides consulting services and builds tools and utilities to help administrators, developers, and power users to save time and money managing the Archer platform to get the most return on their investment.
Gloria Higley
Product Manager - Archer
Gloria is a Product Manager focused on providing useful and relevant product offerings for customers and partners with the Archer Exchange. Offered online through RSA Link, the Archer Exchange provides access to pre-built App-Packs, RSA Ready-certified Integrations, Tools & Utilities, and Content that complement and enhance out-of-the-box capabilities of Archer use cases.