- 06 Apr 2023
- 1 Minute to read
Exporting a Compromised Accounts List
- Updated on 06 Apr 2023
- 1 Minute to read
How to export a list of Compromised Accounts
When licensed and enabled, RapidIdentity SafeID creates and maintains a system-delegation of Compromised Accounts.
RapidIdentity user accounts automatically appear in the Compromised Accounts delegation when the SafeID scanning service sets the idautoPersonSafeIdCompromisedDate attribute after detecting that the account's email and password have been found in one or more data breaches.
The Compromised Accounts delegation provides several actions that RapidIdentity Administrators can use to notify and remediate compromised accounts.
To export and share the list of Compromised Accounts with other administrative users, download and install the SafeID Connect Project into RapidIdentity Connect and schedule or simply run the Compromised_Accounts_Export action set.
Installing the SafeID Connect Project
To install the SafeID Connect Project, navigate to the Connect Module in RapidIdentity Portal, click the Settings icon from the right-side navigation menu and select Projects.
Click the Import command from the bottom command menu, browse for the downloaded SafeID.dssproject file and click Save to import the SafeID project into Connect.
Using the SafeID Connect Project
The Compromised_Accounts_Export action set in the SafeID Connect Project executes an LDAP query to extract a list of currently compromised accounts. The action set includes an optional input parameter, excludeDisabledAccounts, that, when true, excludes accounts where the idautoDisabled attribute is TRUE. If not specified or set to false, all currently compromised accounts are returned.
A second and also optional input parameter, emailAddresses, can be used to provide a coma delimited list of email addresses that should receive the coma delimited list of compromised accounts.
To schedule or simply run the Compromised_Accounts_Export Action Set, choose the SafeID project from the Project dropdown at the top of the right-side navigation menu.
Select Action Sets to edit and/or run the Compromised_Accounts_Export Action Set
Select Jobs to schedule it to run at a future date and time.
A comma delimited list of email addresses can be input to the Compromised_Accounts_Export Action Set and, when provided, each will receive the comma delimited list of then currently compromised accounts as an attachment to an email with the subject of SafeID Compromised Accounts.
RapidIdentity SafeID automatically scans for compromised accounts weekly begining at a random time after 19:00 hours UTC every Friday.