Exporting a Compromised Accounts List
  • 06 Apr 2023
  • 1 Minute to read
  • Dark
    Light

Exporting a Compromised Accounts List

  • Dark
    Light

Article Summary

How to export a list of Compromised Accounts

When licensed and enabled, RapidIdentity SafeID creates and maintains a system-delegation of Compromised Accounts.

RapidIdentity user accounts automatically appear in the Compromised Accounts delegation when the SafeID scanning service sets the idautoPersonSafeIdCompromisedDate attribute after detecting that the account's email and password have been found in one or more data breaches.

The Compromised Accounts delegation provides several actions that RapidIdentity Administrators can use to notify and remediate compromised accounts.

To export and share the list of Compromised Accounts with other administrative users, download and install the SafeID Connect Project into RapidIdentity Connect and schedule or simply run the Compromised_Accounts_Export action set.

Installing the SafeID Connect Project

  1. To install the SafeID Connect Project, navigate to the Connect Module in RapidIdentity Portal, click the Settings icon from the right-side navigation menu and select Projects.

    image.png

  2. Click the Import command from the bottom command menu, browse for the downloaded SafeID.dssproject file and click Save to import the SafeID project into Connect.

    image.png

Using the SafeID Connect Project

The Compromised_Accounts_Export action set in the SafeID Connect Project executes an LDAP query to extract a list of currently compromised accounts. The action set includes an optional input parameter, excludeDisabledAccounts, that, when true, excludes accounts where the idautoDisabled attribute is TRUE. If not specified or set to false, all currently compromised accounts are returned.

image.png

A second and also optional input parameter, emailAddresses, can be used to provide a coma delimited list of email addresses that should receive the coma delimited list of compromised accounts.

  1. To schedule or simply run the Compromised_Accounts_Export Action Set, choose the SafeID project from the Project dropdown at the top of the right-side navigation menu.

    image.png

  2. Select Action Sets to edit and/or run the Compromised_Accounts_Export Action Set
    image.png

  3. Select Jobs to schedule it to run at a future date and time.

    image.png

    A comma delimited list of email addresses can be input to the Compromised_Accounts_Export Action Set and, when provided, each will receive the comma delimited list of then currently compromised accounts as an attachment to an email with the subject of SafeID Compromised Accounts.

    image.png

Note:

RapidIdentity SafeID automatically scans for compromised accounts weekly begining at a random time after 19:00 hours UTC every Friday.


Was this article helpful?