# Deep Inspection and Audit of Identity Services

Epiphany is focused on the finding the conditions that create risk within your identity management and access systems. As such, managing an identity in Epiphany is all about understanding how that identity is potentially being exposed and what that exposure means to your organization. Epiphany’s key strength is its ability to expose vulnerabilities and show their material impacts if a breach occurs.

You can use Epiphany’s Active Directory to do deep inspection of accounts and groups to understand relationships and where users get their rights.

Outcomes:

* You can use Epiphany’s Active Directory to identify users and groups with administrator rights in your environment. Ensure that these users meet your organization’s requirements regarding administrator rights.&#x20;
* You can use Epiphany’s Active Directory to identify stale users and users who haven’t changed their passwords according to policy, thus identifying where you need to take action.

## Scenario 1: Consistently Audit Domain Administrators and Groups With Admin Rights <a href="#toc99639584" id="toc99639584"></a>

You need to ensure that there are a defined number of accounts with domain administrator rights and that a strict process is followed to control access and use. Users and groups with administrative rights to local systems can be used to exploit a system and move through an environment if an account is weak or compromised. Users with administrative privileges need to be controlled via tighter policies. **Epiphany consistently audits domain administrators and groups with admin rights to help prevent “admin creep.”** Epiphany’s Active Directory shows many layers of details to help you audit administrators and groups.

### Solution: Use Epiphany’s Active Directory to do deep inspection of accounts and groups <a href="#toc99639585" id="toc99639585"></a>

Active directory helps you to understand relationships and where users get their rights, and many other administrator details:

* The Active Directory page can show you nesting groups and creation of service accounts with administrator privileges. It provides a count of admins (which can be used as an auditing metric) and details as to whether an account is directly or indirectly granted admin privileges.
* Active Directory shows the number of groups with admin permissions, the number of users within these groups, and the number of devices under control per group.
* When a domain administrator logs into non-domain controllers, this risky practice is displayed on the Active Directory page. You can see the risk level of devices used by domain administrative accounts by drilling into the devices.

![Active Directory page.](/files/MAQHmCCvDCl3CNxYBtSD)

## Scenario 2: Manage Account Policy <a href="#toc99639586" id="toc99639586"></a>

Accounts that are provisioned and never used are often an attack vector. Additionally, policies should require periodic changes of passwords. Accounts that are easily exploitable pose a risk to the environment. **Epiphany can display stale users and users with credentials that are easily exploitable**. You can use this information to identify credentials that need to be made more secure or users who no longer need access.

#### Solution: Epiphany’s Active Directory Shows Stale Users and Users with Credentials that are Easily Exploitable <a href="#toc99639587" id="toc99639587"></a>

Epiphany’s Active Directory page displays stale users as well as users who have not changed their passwords according to policy, as well as accounts that have credentials that are easily exploitable and pose a risk to the environment. This helps you pinpoint where actions need to be taken.

![Stale Users pane on the Active Directory page.](/files/rJ9cc8P5H58aWDjUFO2N)

You can select a user and display detail about the user.

![User detail from the Stale Users pane.](/files/4QZ4cI5SsYyf7LP5WmtC)

#### **Effective Local Admin Rights Detail**

You can easily view detail about admin groups.

![Admin Groups pane on the Active Directory page.](/files/R5zhbfSCUjq5trtRWYhQ)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.reveald.com/technical-documentation/use-cases/deep-inspection-and-audit-of-identity-services.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.