[Internal]: Entity Analytics - Privileged User Monitoring - Integration sync #3419
Description
Description
The privileged user monitoring capability will now automatically detect privileged users in a specific supported list of integrations, and synchronize those privileged users based on their status.
At the onset, the two integrations that will be supported are the Okta Entity Analytics Integration and the Active Directory Entity Analytics Integration.
Upon first navigating to the Privileged user monitoring page, if these integrations are detected, and have been ingesting data, the typical onboarding experience will be skipped, taking the customer directly to the Privileged user monitoring dashboard.
The following criteria is used to determine automatic assignment as a "privileged user":
Okta roles
An exhaustive list can be found here. At the time of writing, this includes:
- Super Administrator
- Organization Administrator
- Group Administrator
- Application Administrator
- Mobile Administrator
- Help Desk Administrator
- Report Administrator
- API Access Management Administrator
- Group Membership Administrator
- Read-only Administrator
Active Directory groups
Only two explicit groups are automatically detected at the time of writing:
- Enterprise Admin
- Domain Admin
Resources
- [Entity Analytics][Privileged user monitoring] Discover privileged users from the Entity Analytics Okta integration kibana#237129
- https://github.com/elastic/security-team/issues/12556
Which documentation set does this change impact?
Elastic On-Prem and Cloud (all)
Feature differences
N/A
What release is this request related to?
9.2
Serverless release
Likely to coincide with 9.2 release
Collaboration model
The documentation team
Point of contact.
Engineering contacts: @jaredburgettelastic @CAWilson94 @hop-dev
Product contacts: Erik Huang
Documentation contact: @natasha-moore-elastic