A containerized, config-driven security tool for enforcing Identity & Access Management (IAM) policies.
As organizations scale, "SaaS Sprawl" creates visibility gaps in identity management. The SaaS Identity Auditor is an automated engine designed to ingest user data, apply rigorous security policies (e.g., MFA mandates, Stale Account detection), and generate executive-level risk dashboards. It is ideal for Cloud Architects, IAM teams, and MSPs standardizing identity governance at scale.
Designed with DevSecOps principles, this tool is fully containerized and includes a CI/CD pipeline that enforces code quality (Flake8), security scanning (Bandit), and logic verification (PyTest) on every commit.
- Zero Trust Enforcement: Detects "Shadow Admins" (Privileged users without MFA).
- Attack Surface Reduction: Automatically flags accounts inactive for 90+ days (Configurable).
- Config-as-Code: All security thresholds and weighting logic are decoupled from code via
config.yaml. - Automated Visualization: Generates a C-level executive dashboard (
.png) and granular audit artifacts (.csv). - Containerized: Zero-dependency execution via Docker.
- Self-Healing: Includes pre-built hooks for Slack/Teams alerting (simulated).
- Core: Python 3.9, Pandas, NumPy
- Visualization: Matplotlib
- Infrastructure: Docker, GitHub Actions
- Quality & Security: PyTest, Flake8, Bandit (SAST)
- Audit identity posture across disconnected SaaS applications (Okta, Entra, Google Workspace, Slack).
- Enforce uniform security baselines (MFA mandates, account lifecycle policies) via config-as-code.
- Auto-generate executive dashboards for SOC2, ISO 27001, and HIPAA audit trails.
- Risk-scored CSV exports integrate with SIEM/GRC platforms (Splunk, Sentinel, ServiceNow).
- Automated "Shadow Admin" detection prevents privilege escalation blind spots.
- Stale account quarantining reduces insider threat surface in hybrid environments.
- Decoupled policy management (
config.yaml) enables security teams to enforce rules without code releases. - CI/CD integration triggers automated remediation workflows.
The AWS IAM auditor pulls live IAM users to generate audit-ready data. Ensure your environment has AWS credentials configured (for example via aws configure or environment variables).
from connectors.aws_auditor import AWSAuditor
aws_auditor = AWSAuditor()
audit_data = aws_auditor.get_user_audit_data()The remediation helper enforces MFA policy for admin users with a simple hook you can integrate into workflows.
from remediate import enforce_mfa_policy
enforce_mfa_policy(audit_results)The visualizer now compares the latest audit report with the most recent historical report stored in history/.
- Run
auditor.pyto generate the latestaudit_report_*.csv. - Move an older report into
history/(e.g.,history/audit_report_20240101_120000.csv). - Run
visualizer.pyto see the trend annotation.
- Add connectors to pull identities directly from SaaS APIs (Okta, Entra ID, Google Workspace) instead of JSON files.
- Map risk scores to cloud governance frameworks (CIS, NIST 800-53) for standardized reporting.
- Publish findings to SIEM/GRC tools via webhooks for continuous control monitoring.
- Support multi-tenant configuration bundles to enforce per-business-unit baselines.
Security policies are defined in config.yaml to allow for operational flexibility without code changes:
policies:
stale_account_threshold_days: 90
mfa_required_roles:
- "admin"
- "super_admin"