Skip to main content

Access Recommendations

Access recommendations suggest what access an identity likely needs (or no longer needs) based on peer patterns — speeding up requests and surfacing over-provisioning.

Admin console: /admin/access-recommendations

Concepts

  • Peer group — identities similar to the subject (same department, title, manager, etc.).
  • Recommendation — an entitlement/role that most peers hold but the subject doesn't (a grant suggestion), or one the subject holds that peers don't (a review/remove signal).
  • Confidence — how strongly the peer signal supports the recommendation.

How it works

The recommendation engine compares an identity's access to its peer group's. Access held by a strong majority of peers but missing for the subject becomes a "consider granting" recommendation; access held only by the subject becomes a "consider reviewing" signal. Recommendations feed both the access-request experience and certifications.

  • Role Mining — population-level roles vs. per-identity suggestions.
  • Access Reviews — outlier access flagged for certification.