Identity Management, Authentication, and Access Control

Build me a privileged access review in Tracecat. Each quarter, pull admin role members from Okta, Entra ID, and AWS, group them by system owner, and run the review as Slack messages where each owner confirms or rejects every grant. Track responses in a table, open revocation tasks for rejections, and chase owners who have not answered. First help me understand how this maps to PR.AA-05 and why access reviews fail when they arrive as spreadsheets. Ask me which systems hold our most dangerous admin roles. Talk me through verifying revocations actually happened instead of trusting the confirmation click.

Build me an account hygiene automation in Tracecat. Every week, find accounts in Okta and Entra ID with no sign-in for thirty days, contractor accounts past their end date, and service accounts with no recorded owner. Open a Jira ticket per finding with the suspend-by date, and auto-suspend dormant accounts after the grace period passes with no objection. First help me understand how this maps to PR.AA-01 and why credential lifecycle gaps are a top initial access path. Ask me what grace periods fit our culture. Talk me through which account types are safe to auto-suspend and which need a human look first.

Build me a sign-in response automation in Tracecat. When a risky sign-in alert fires, pull the user's recent sessions and MFA factors from Okta, check whether the location and device fit their history, and message the user in Slack to confirm it was them. On no answer or a denial, clear their sessions and require re-enrollment, with the action gated behind an approval. First help me understand how this maps to PR.AA-03 and where authentication signals are strong enough to act on automatically. Ask me what our current MFA coverage looks like. Talk me through modeling this as an agent on each alert versus a fixed workflow.

Build me a least-privilege audit in Tracecat. Pull IAM roles from AWS with the permissions they grant versus the actions actually used in the last ninety days, rank roles by unused privilege, and have an agent draft the tightened policies as a Terraform pull request in GitHub for the platform team to review. First help me understand how this maps to PR.AA-05 and why unused permissions are the cheapest risk to remove. Ask me which accounts or roles are off limits for tightening. Talk me through batching the changes so reviews stay small enough to merge.