Using Lumos for Access Reviews

Last updated: October 7, 2024

Lumos makes it easy to govern software by giving you the tools to conduct routine Access Reviews for all your apps!

Say goodbye to Excel & Google Sheets! No more pain over chasing down app owners and approvers for Access Reviews. 

Why should I conduct access reviews in Lumos?

  • We have one place for you to store & conduct all your Access Reviews.

  • We have lists of all your apps & the employees who have access. 

  • We already have your employee data from your user sources (e.g. GSuite, O365, Okta, etc.), so let us put your list of users up against your source of truth to surface terminated & unmatched users!

  • We have the ability to delegate approvals to managers or other key folks at your organization & they will automatically get notified to accept or reject access.

    • We'll also send reminders if there's an open Access Review that has yet to be completed 😌

  • We have a place for you to leave notes, so that you can provide additional context to be included in your review (as well as reasoning for why you're accepting or rejecting access!)

  • We can automatically remove access after you reject users! For apps where we don't support automated removal, we prompt you to attach evidence.

  • We generate a sleek, auditor ready PDF report. 

...must I go on?!

What does this process look like?

1. Select the apps that you want to include in your review (<5 minutes)

This will determine the scope of your access review. Which apps are you looking to review, and who is the reviewer for each app?

2. Assign your reviewers & launch 🚀 (~5 minutes)

Delegate the responsibility of approval to reviewers! Perhaps this is for one individual or managers -- regardless, you'll have the ability to assign in bulk and even include helpful context when launching your review.

3. Accept or Reject access! (~30 minutes)

The following task is to then go through and accept or reject access for every user who currently has access to those applications. If you want to modify an account (rejecting a particular permission), you can do so in the review. You may also leave notes during this process which may come in handy in the final report. 

4. Remove access, either automatically or manually (1-15 minutes)

After all accounts have been removed, you'll want to handle the rejected accounts. You'll have the option to automatically remove or upload evidence, depending on the app. You can also modify access, which means you intend to adjust the level of permission without actually removing the user's access.

5. Complete your review (30 seconds)

Click "Complete Review" to lock in your review and officially mark it as completed!

Please note, this is irreversible!

6. Generate your report! (30 seconds) 

Voila! You're done. With a click of a button, you'll generate a beautiful PDF to send over to your auditor or store for your safekeeping.

Where do I get started? 

Don't worry, we'll give you an easy step-by-step breakdown. 

1. How To: Add Apps to an Access Review:📄 Choosing Access Review Apps

2. [Optional] How to: Add a Custom App to Lumos: 📄 Adding a custom app

3. How to: Conduct Your Audit: 📄 Reviewing Access

4. How to: Complete Your Access Review: 📄 Completing an Access Review