IEM FAQ

faqs q how do i enable identity exposure management? to enable identity exposure management, purchase a package and your csm will enable it from here create a sync with entra id to authorize your identity identifiers q how do i connect my idp? to connect your idp create an app registration within entra id and enter the client secret and client id within the integrations hub docid\ z x8zdlsy7wd0c1jdpxg7 page q will this lock my accounts? password validation can lock accounts however, flare has built in mitigations to prevent this verify your company’s smart lockout policy to understand how long accounts are locked for default policy is one minute which would have minimal business impact q how do i verify or reset credentials? credentials can be verified by one of two ways, either by pressing validate or having the automation run flare does not reset credentials but sends a signal to a conditional access policy configured within the customer's tenant to reset the password q which remediation action should i chose? flare offers 3 different remediation actions mark user as compromised, disable the account, and revoke sessions each action comes with a different set of permissions flare recommends chosing the one that best implements with your companies workflow q does this work with a hybrid setup such as active directory and entra id? due to the nature of active directory and entra id writeback we recommend you do not use the disable user session remediation action when active directory performs the writeback operation it will re enable the account q what credentials are verified via credential validation? flare will automatically verify any credentials that are discovered after the identifier is created q what is the pricing? identity exposure management is available at an additional cost within your flare subscription reach out to your flare customer success representative for more information q what’s on the roadmap? flare has an exciting roadmap to continue to build out the blast radius, pull in more datapoints such as mfa, additional idps, cookie support and much much more stay tuned for the latest updates q how does okta integration work? flare reads users from your okta organization through a configured service app integration, creating identity identifiers and identity profiles for each user (automated identity creation must be enabled when configuring the okta integration docid\ gvu3v0xvtlo ej0kylebb ) when flare detects a new leaked credential that matches one of your identifiers, credential validation can be automatically initiated to confirm whether the credential is still active (automated validation must be enabled when configuring the okta integration docid\ gvu3v0xvtlo ej0kylebb ) if the credential is confirmed valid, you can trigger mitigation actions (manual or automated) to revoke sessions and/or disable the account (revoke session and disable account options must be enabled when configuring the okta integration docid\ gvu3v0xvtlo ej0kylebb ) q what are the benefits of the okta integration? here are some benefits of using flare's okta integration identity sync flare pulls users from your okta organization and creates identity identifiers for each one these identifiers are then used to match against leaked credentials found in our threat intelligence sources identity profiles each synced user gets an identity profile in flare populated with data returned from okta identity profiles are the central place to investigate a user following a credential exposure event automated credential validation when a leaked credential matching one of your synced identifiers is detected, it can be automatically validated to determine whether that credential is still active against your okta environment no manual intervention is required bulk password validation bulk password validation is enabled by default this allows you to bulk select leaked credentials and validate them all at once mitigation actions when a credential is confirmed valid, the following mitigation actions can be taken manual mitigation triggered by an analyst from within flare's credential browser automated mitigation triggered automatically when a valid leaked credential is confirmed most of these features require certain okta scopes and admin permissions in okta (see prerequisites for okta docid\ gvu3v0xvtlo ej0kylebb for details)