In an ideal world, when provisioning access to apps through your identity provider (IdP), users would always access apps via group membership, rather than having apps assigned to them directly.
Circumventing groups can make your access governance more complex, lead to wasted spending on unneeded SaaS licenses and, most importantly, increase the risk of damage in the event of a hacked or compromised employee.
But actually following this best practice in a high-pressure workplace is easier said than done. In this demo, we’ll show you a simple query in Veza that can isolate every direct app assignment in your IdP.
To see more of Veza in action, schedule a demo today.