Access overview

Vendor access is one of the most critical areas of risk in any compliance program. Third-party vendors often have access to sensitive systems and data, making it essential to regularly review and monitor their access.

The Access page in Secureframe helps you centralize and manage oversight of your personnel accounts. From one place, you can see which applications each person has access to, whether they are in scope for your audit, their account status (active or inactive), MFA status, and more. This visibility makes it easier to monitor access, maintain security, and meet the requirements of frameworks like SOC 2, ISO 27001, and others.

You can quickly identify:

• Active vs. inactive accounts
• Whether accounts are in audit scope
• MFA status
• Details of the personnel who owns or are tied to each account
• Role assigned to the account 

This allows your team to monitor access risk and act quickly when required.

How to Search & Filter

Use the search bar, preset filters, or customize your filter at the top of the page to narrow your view. You can:

• Search by:
  • Personnel name
  • Email address
    
• Select preset filters for:
  • Terminated personnel- displays terminated personnel who still have active accounts
  • New accounts - displays accounts created in the last 30 days
  • Unknown account - displays accounts that are not linked to any personnel

• Customize filters for the following fields:
  • Account
  • Application
  • Roles
  • Active account status
  • MFA status
  • In audit scope
  • Active personnel
  • Account owner
  • Created at

Icon Meanings

The feature (e.g., MFA) is active:

The feature(e.g. MFA) is disabled:

Secureframe couldn’t retrieve the data, usually due to limitations in the third-party integration:
 

How to Unlink Accounts

You can unlink accounts that were mistakenly associated with the wrong personnel profile directly from the Access page. This process can be completed in a few simple steps.

Steps to Unlink an Account

1. Navigate to the Access page.
2. Use the search bar to find the account you want to unlink by entering the account’s email address. Example: hellogoogle@test.com (Google account)
3. Click the three-dot (⋯) menu on the right-hand side of the account.
4. Select Unlink.
   
5. A confirmation pop-up will appear; click Unlink to confirm the action.
6. Once the account is unlinked, it will appear under the Unassigned filter.
   From there, you can assign the account to the correct personnel profile by selecting the appropriate owner.
   

Frequently Asked Questions (FAQ)

Why do I see “Unknown” for some access attributes like MFA?

• If Secureframe can’t pull this information from a connected system, it's likely due to restrictions in that vendor's API. Some APIs don’t expose all relevant access details.

Why don’t I see “Roles” for all accounts?

• If Secureframe can’t pull this information from a connected system, it's likely due to restrictions in that vendor's API. Some APIs don’t expose all relevant access details.