Skip to content

Auditor Manual

Introduction

The Auditor role shares the same graphical interface as the Administrator and has access to the same information available to Administrators. However, the key difference is that Auditors are restricted from making any changes to the system. They are unable to perform actions such as deleting, modifying, or connecting to a PAM target.

This document provides an overview of the specific information that an Auditor can view. For more detailed instructions regarding the complete functionality of the interface, please refer to the Administrator manual. Since Administrators have all the capabilities of Auditors, this manual will focus on the unique limitations and viewing permissions of the Auditor role.

As same as Administrator dashboard, Auditor dashboard has the same layout of sessions:

  • Management: Profile, Users, Actions, Tokens, PAM, Identity Stores, Tenants, Geofences
  • SAML: Service Providers, Identity Provider
  • Security: OAuth Clients, Security Policies, Network Policy, Password Rotation Policy
  • Insights: Statistics
  • Others: Settings, About

Figure 1. Auditor Dashboard Overview

Management

Management - Profile

See User manual and Administrator Manual

Management - Users

Users

The auditors can see a list of invited users with general information. However, they can not perform actions such as deleting users in the Actions column.

Figure 2. Users list overview

Invitations

The auditors can see the list of invitations sent to users with general information. The action that can perform is “copy invitation link to clipboard”. They can not “reinvite a user” or “delete an invitation”.

Figure 3. Invitations list overview

Groups

Auditors can not perform any actions such as duplicate, delete group, editing group. However they can click on each group to see the group details.

Figure 4. Groups list overview

Management - Actions, Tokens

Auditor has the same functionality as Administrator and Users. Refer to User manual and Administrator manual.

Management - PAM

Targets

Auditors can only perform actions “View target details” while administrators can access, edit, duplicate and delete targets.

Figure 5.PAM targets overview

Groups

Auditors can only click on a group to see its details. In the action column, there is no possible actions in the Action column.

Figure 6. No actions possible in the Action column for Auditors

Sessions

Auditors can not perform any actions in the Action column. They can click on each target to view details as Administrator.

Figure 7. No actions possible in the Action column for Auditors

Auditors have the same functionalities as Administrators.

Figure 8. Full-Text Search overview

Management - Identity Stores

Auditors can not perform any action in the Actions column. They can not click on each Identity Stores neither.

Figure 9. No actions possible in the Action column for Auditors

Management - Tenants

Tenant list

Auditors can not perform any actions on the Action column. They can click on each target to see the details.

Figure 10. Tenant list overview

Management - Geofences

Geofences

Auditors can see the list of geofences, but can not perform any actions.

Figure 11. Geofences overview

Groups

Figure 12. Geofence Groups overview

SAML

SAML - Service Providers

Service Providers

Groups

SAML - Identity Provider

Security

Security - OAuth Clients

Figure 13. OAuth Clients overview

Security - Policies

Figure 14. Security Policies overview

Security - Network Policy

Figure 15. Network Policy overview

Security - Password Rotation Policy

Figure 16. Password Rotation Policy overview

Insights

Insights - Statistics

General

Figure 17. Statistics overview

Devices

Figure 18. Devices overview

Actions

Figure 19. Actions overview

Others

Others - Settings

Email

Figure 20. Email settings overview

Others - About

Figure 21. About overview

Suggestion for Auditor

A checklist for Auditors

During the execution phase of a PAM audit, the audit plan comes to life. The audit team systematically follows the checklist, ensuring each item aligns with the defined scope and objectives. This stage often involves interviewing stakeholders, examining system configurations, and reviewing documentation and logs to verify compliance.

  • Review users access levels
  • Review users actions
  • Review used Tokens??
  • Pam Groups, Sessions, Full-text search
  • Audit Geofences settings
  • Review Security policies, Rule Sets

Analyze Audit Logs with SIEM

It is recommended to continue Auditing logs sent to SIEM:

Analyze Your Logs The next step is to review your logs. Modern Security Information and Event Management (SIEM) tools use machine learning to spot unusual behavior and send alerts when user activity seems out of the ordinary. These tools combine data from various sources, making it easier to link user access logs with other security events. More detailed logs lead to better SIEM insights.

Look for tools that track:

  • Adding or suspending privileged users
  • Accessing critical or sensitive data
  • Unusual activity, like large file deletions
  • Changes to user roles or permissions
  • Administrative updates to databases or servers

SIEM tools provide a broad overview of network activity while focusing on potential issues. They help investigate security incidents and prevent attacks by detecting abnormal traffic patterns. These tools also manage large volumes of alerts from different systems, highlighting the most critical risks. This not only saves admins time and frustration but also helps them take the right steps to address threats effectively.