I am curious what you think about open sourcing a little tool I wrote. But before, let me give you some background: I was building two fintech companies before and we had several audits per year. As the financial industry is regulated, it wasn’t a “voluntary” audit like SOC2, ISO27001 or HIPAA. Hard findings posed the risk of not being able to do business anymore.
One of the high priority auditor items was having a proper access management process to ensure that user accounts of former employees are revoked and existing users follow least-privilege principle. Even when we used Okta, in many cases we couldn’t get the data in an automated way. Either tools were not covered or behind a (way too high) paywall. Thanks SSO Tax
Back then I wrote a little tool to download user lists with their permissions from our major SaaS tools. That helped us a lot to verify user lists. Later I even added functionality for some tools to create and delete user accounts as this was another pain we got.
However, I am thinking about making the tool open source with support for a bunch of applications that can be easily extended.
Would such a tool be useful for you? Are there any other information besides users and permissions you would find important? Would you see yourself contributing to a open source project like that?
