Youattest Logo

Leveraging Okta to Certify Active Directory Group Membership for ISO 27001 & SOX Audits through YouAttest


Auditing Active Directory Group membership is crucial to any IAM program.  Even more so when you have auditors like BSI, Deloitte, BAH and others requesting that very important information.

Working through an ISO or IEC 27001 or SOX audit can require many different roles within an organization. Risk, Network Operations, Human Resources, IAM, Network Admins, different business lines, etc… YouAttest is aiming to be a single source of truth for all that information. From the YouAttest console you can instantly show who had access to an application (via Okta), what Role that user has (via Okta LCM) even who exactly is in that Domain Admins group (via Okta Active Directory integration).  All delivered as a SaaS service with zero on-premise agents.

So how does this all work?

The Okta Active Directory (AD) agent does a number of things in your environment like delegated authentication, password changes, as well as pushing Active Directory group changes and membership to Okta which is then typically used for application assignments.. YouAttest is simply utilizing these same pre-defined AD->Okta patterns.  This means you can audit membership of all Active Directory groups within your environment.

Okta Agent Documentation with YouAttest Added

So what does this mean when you are in the mist of an SOX or ISO 27001 Active Directory Audit? It means you can instantly report on who can access which applications that are protected via Okta as well as which accounts are in specific AD groups, all without AD Domain Admin credentials or even logging into AD.