Managing Identities

Last updated: October 7, 2024

Background

Lumos supports managing access for all of your different types of identities and users.

In order to create workflows based on user type (e.g. auditing service accounts in an access review), you can review the Identity Types defined in Lumos from the Identities tab.  See📄 Using Lumos for Access Reviews

Human identities

Human.png

What does Lumos categorize as a human identity?

  • A user pulled from any integration(s) that you have set as a User Source is categorized as a Human Identity by default (see📄 Importing User Sources). Human identities can be normalized to the following types:

    • Full Time

    • Part Time

    • Contractor

    • Intern

    • Freelance

    • Other (human)

  • Lumos determines the normalized identity type based on keyword matching to the value returned from the integration's standard identity type field. 

  • Your Identities table displays the Identity Type as named directly in your user source. See📄 Importing User Sources

    • Note: if there is no value defined for identity type either because the field is unpopulated or Lumos does not know the appropriate standard field, the Identity Type in the table is displayed as "Other". 

What exact field does Lumos use to determine Identity Type from a source of truth integration?

Application

Field

Okta

userType

Microsoft

employeeType

Jumpcloud

employeeType

BambooHR

employmentHistoryStatus

Google Cloud

IAMPolicy.Member.Name

Merge (HRIS integration)
see📄 HRIS Integration Capabilities

employment_type

Workday

workerType and/ or positionTimeType (if available)

OneLogin

N/A

Active Directory

Based on your OU settings

Non-Human identities

Non-Human.png

What does Lumos categorize as a non-human identity?

  • For any identity that does not exist in your source of truth, if the integration provides an account type we will display that identity type. Non-human identities can be normalized to the following types:

    • Service Account

    • Local account 

    • Other (Non-Human)

How to label a non-human identity?

  • From any tab (human, non-human and uncategorized), you can mark a single account as a service account.

  • You can also bulk-select a set of accounts as service accounts. 

Uncategorized identities

Uncategorized.png

What does Lumos consider uncategorized?

  • Uncategorized is a catch-all for any remaining identities. That is, any identity that is not auto-identified as a human or non-human identity.

How to move something from the Uncategorized tab?

  • Currently, the only way to move an identity from the Uncategorized tab to another tab is to mark as a service account. 

Lumos Members

Lumos Members.png

See📄 Managing Lumos Members (Users)for more details on this tab.