Q: How do I enable Identity Exposure Management?

To enable Identity Exposure Management, purchase a package and your CSM will enable it. From here create a sync with Entra ID to authorize your Identity Identifiers. 

To connect your IdP create an app registration within Entra ID and enter the client secret and client ID within the 

Password validation can lock accounts. However, Flare has built in mitigations to prevent this. Verify your company’s smart lockout policy to understand how long accounts are locked for. Default policy is one minute which would have minimal business impact. 

Credentials can be verified by one of two ways, either by pressing validate or having the automation run. Flare does not reset credentials but sends a signal to a Conditional Access Policy configured within the customer's tenant to reset the password. 

Q: Which remediation action should I chose? 

Flare offers 3 different remediation actions: mark user as compromised, disable the account, and revoke sessions. Each action comes with a different set of permissions. Flare recommends chosing the one that best implements with your companies workflow.

Q: Does this work with a hybrid setup such as Active Directory and Entra ID? 

Due to the nature of Active Directory and Entra ID writeback we recommend you do not use the disable user session remediation action. When Active Directory performs the writeback operation it will re-enable the account. 

Q: What credentials are verified via Credential Validation? 

Flare will automatically verify any credentials that are discovered after the Identifier is created. 

Identity Exposure Management is available at an additional cost within your Flare subscription. Reach out to your Flare Customer Success Representative for more information. 

Flare has an exciting roadmap to continue to build out the blast radius, pull in more datapoints such as MFA, additional IdPs, Cookie support and much much more. Stay tuned for the latest updates. 

Identity Profile

IEM FAQ

Intel

Conversation Explorer

Saved Queries

Threat Flow

Flare

docs.flare.io

Welcome to Flare!

What We Are Working On

2025 Releases

2024 Releases

2026 Releases

Get Started

Unresolved Events

Event Trends

Event Explorer

Identifier Trends

Dashboard

Respond to Leaked Credentials Events

Respond to Open Web Events

Respond to Look-alike Domains Events

Respond to .ph Domain Alerts

Respond to Illicit Networks Events

Playbooks

Flare Executive and VIP Monitoring

GUIDES

Search in Existing Data

Understand Event Severity

Open Ports

Events

Email Alerts

Alert Central

Configure Identifiers

Configure Identifiers - Advanced

Identifiers - Listing Subdomains

Rate-limiting of identifier event feeds

Identifiers

Collection Overview

Telegram Channels

Named Breaches

Collection Data Categories

Collection

Scheduled Reports

Reports Migration FAQ

Reports

Global Search - Quota

Global Search

Use Cases

Credentials Browser

IEM Entra ID Setup

IEM Credential Browser

Identity Exposure Management Overview

Network

Actor Intelligence

Forum Thread Intelligence

Supply Chain Ransomware Exposure Monitoring

Takedown Services

Actions

Flare Account and Session Takeover Prevention

Sandbox

CORE FEATURES

Tenants

Team

Roles & Permissions

Profile

Integrations Hub

SSO and Authentication

Policies

Pre-Sales Tenants

Untitled

Azure Sentinel Integration

Azure Sentinel Integration (Legacy)

Discord

Jira

Microsoft Entra ID

ServiceNow

Slack

Splunk App

Microsoft Teams

Webhooks

Integrations

Illicit Networks

Source Code Secret Detection

Open Web

Leaked Credentials

Look-alike Domains

Emerging Sources

DATA SOURCES

Product Specifications

Fraudster Jargon

Data Fields

Queries

Event Date Fields

Asset Relations

REFERENCES

RESEARCH CENTER