Stale accounts. Orphaned permissions. Nobody’s checking.
When did you last review who has access to what across your client environments?
Stale accounts from former employees. Shared credentials nobody changed. Admin rights granted temporarily two years ago that are still active. Every one of these is an open door.
The scenario:
You want to build a quarterly access review process that’s fast enough to actually happen.
The prompt:
You’re creating a quarterly access review checklist.
Context: [paste your client list and identity management tools]
Build a process that covers:
Active directory: accounts not logged in for 60+ days
Admin privileges: who has them, who still needs them
Shared/service accounts: password age and access scope
Third-party app access: OAuth grants and API keys
Departed employee accounts: confirmed disabled across all systems
Target: 30 minutes per client for the review.
Include a client sign-off template and remediation tracking sheet.