Importing a list of application users from an Identity Provider (IdP)
During the access review setup process, you create one or more lists of application users. You can import application user lists from a CSV file, using a Hypersync for a supported application, or using a Hypersync for an identity provider, such as Okta. Using an identity provider as a source gives you access to application user lists stored in the identity provider for applications that may not have a corresponding Hypersync in Hyperproof. This method quickly broadens the number of applications you can include in a Hyperproof access review.
Hypersyncs can be configured to import application user lists for an access review. The Hypersync runs once when you configure it. After the initial import, you can update the application user list by syncing the Hypersync. Make sure the access review status is In Setup to access the Sync now option. See Setting access review status for information on changing statuses during an access review.
Only certain Hypersyncs have proof types that are useful for creating an application user access list for an access review. When you select a Hypersync to create a user list for an application, the list of proof types displayed is limited to those that contain user data even though that Hypersync might support additional proof types when used in other areas of Hyperproof. Each application user list supports no more than one Hypersync.
Note
To configure a Hypersync for an identity provider, your configuration must meet the permissions requirements for that Hypersync. Select an identity provider from the list to view proof types and requirements for that application.
Hyperproof supports the following Hypersyncs to create application user lists for applications configured in an identity provider:
When you are ready to configure a Hypersync to populate an application user list, you can create a new application or use an existing one.
From the left menu, select Access reviews.
On the Access reviews page, select the access review where you want to add an application user list.
Select the Setup tab.
The access review must be in the In Setup status to add or refresh an application user list.
To add a new application entry:
Under Applications to review click the + New button.
The Add application window displays.
Enter a unique name for the application. This field is required.
In the Sysadmin field, select a default person to implement any change requests from the reviewer and attest that they have updated user access to the application. All users imported for this application will be assigned to this default person to attest to the changes. This field is required but can be updated later for individual user records.
See Bulk editing reviewers and sysadmins for an application user list.
In the Reviewer field, select a default reviewer. This field is required.
If you select an existing Hyperproof user, all users imported for this application will be assigned to this default reviewer. Reviewers can be updated later for individual users.
See Bulk editing reviewers and sysadmins for an application user list.
If you select Assign to direct manager as the default reviewer, Hyperproof checks each user's email address on the application user list and uses it to look up their direct manager in the directory configured for the access review. That manager is assigned as the reviewer. See Using direct managers as reviewers for user access.
If you select Assign to sysadmin as the reviewer, the sysadmin selected in the previous step is assigned to all user records.
Enter a description for the application. This field is optional.
Note
If you click Create, Hyperproof creates an empty application user access list that you populate later from the Application Details tab using the Create Hypersync button.
Click the Import access list button.
The Choose app window displays.
Select the app to populate your user access list. Continue with Step 6.
To use an existing application entry: Select the application from the list to open it.
On the Details tab for the application, click the Create Hypersync button.
The Choose app window displays.
Select the app to populate your user access list. Continue with Step 6.
Note
Be sure to select the correct app. For example, selecting Okta imports a list of users for Okta, but selecting Okta Universal allows you to select an app where Okta is the identity provider.
If this is the first time you are configuring a Hypersync for the selected app, you are asked for your credentials. Enter your credentials and click Next.
Note
The connection requirements for each app vary. For more information on a specific app, see Using Hypersyncs and access the help page for your app from the list on that page.
In the Proof field, select the proof type from the drop-down list Typically there is only one option with a name similar to Access reviews - Application.
In the Application field, select the application you want to include in your access review, complete any other required fields, and click Next.
The Hypersync syncs and displays in the Details tab. Use the options on the ... (More) menu inside the card to do the following:
Sync now - Refreshes the data in the application user list.
Delete Hypersync - Deletes the Hypersync but not the data in the application user list.
View connection - Displays the connection under Settings > Connected accounts and allows you to disconnect or modify connection credentials.
Settings - Opens the setup window for the Hypersync to select a different proof type. When using access reviews, this is unnecessary because only one proof type is available.