People and Groups
What are People and Groups?
People and Groups are two core "asset types" that reflect:
- What individuals are in-scope of your policy manual?
- What groups exist to help you operate your policy manual effectively?
Examples of people that could be in-scope of your policy manual:
- Full-time employees
- Part-time employees
- Contractors
Examples of groups that you may wish to track in Comply:
- Groups with an explicit policy manual responsibility (e.g., Security team, Privacy team)
- Groups for which you administer access (i.e., access groups)
- Teams that manage assets (e.g., Engineering Team)
Groups vs. Teams
Aptible uses the terms "Groups" and "Teams" interchangeably to refer to membership in a group. (However, it's possible that a group could consist of only one member.)
How can I add a Person asset?
We highly recommend using an integration that will automatically source your People and Groups for you, and keep the list up-to-date. We currently support:
You can also add People manually via the steps below.
- Log in to comply-grc.aptible.com/
- Click on the "Assets" tab
- Select "Add Person" in the top right
- Add in the Name, Email, and Group
- If you wish to invite the user to Comply now for access to the system, please check the "Invite this person to be a Comply user" checkbox.
You can also add People assets in bulk by clicking the "Add in Bulk" option.
Add in bulk using email addresses
Make sure that when you are adding People assets in bulk that you provide a comma- or newline- separated list of email addresses, rather than a list of names.
Updating Person fields
After you have added a user to the system, please follow the steps below if you need to make any edits to their details or update their status to active.
- Select the pencil icon to update the users name or status. You can also click their name and edit from within their user profile.
- Status Legend
- Active: person is being actively managed using Comply for functions like access control reviews, authorizations, etc.
- Inactive: person is no longer a member of your team, no longer has access and/or is not being managed within Comply
Changing email addresses
For security reasons, we require that you contact support ([email protected]) if you need to change the email address of any teammate.
How to archive a person
If you wish to archive a user (versus marking them 'inactive') you will want to click on the ellipsis by their name and select 'Archive Person'.
Note, if they are leaving your organization, you will want to make sure you mark them inactive so the appropriate offboarding procedure trigger. Archive is appropriate if they were added in error or by mistake and you wish to remove them.
How to add a Group
Groups (i.e., Teams) can be useful to:
- Define clear policy manual responsibilities
- Maintain your group-based access authorizations in Comply
As with Person assets, we recommend using an integration that will automatically source your People and Groups for you, and keep the list up-to-date. We currently support:
You can also add Groups manually via the steps below.
- Select the Groups tab on the left hand navigation
- Select Add Group in the top right
- Add in the Group Name and Status
- Select Add Group at the bottom
As with People, you can add Groups in bulk by providing a comma- or newline- separated list of your groups.
Updating Group fields
After you have added a group to the system, follow the steps below if you need to make any edits to the underlying details.
- Select the Groups tab on the left hand navigation
- Select the pencil icon to update the group name or status.
Status Legend- Active: croup is active within Comply
- Inactive: group is no longer active within Comply
You can also update group memberships to add individuals to groups:
- Select the group tab on the left hand navigation
- Click into the group Name
- Select Memberships on the left hand navigation
- Click on Add Membership in the top right hand corner
- Add the person who you wish to be a part of this group
- Select Add Membership at the bottom
How to archive a Group
If you wish to archive a group (versus marking it 'inactive' which is appropriate when a group is no longer being used) you will want to click on the ellipsis by the group name and select 'Archive Asset'.
Authorizations
Authorizations (also known as Entitlements) are basically your whitelist of "who should have access to what." They reflect the ideal state of how things should be. Customers who take advantage of Comply's Authorizations can then automatically compare against who actually has access to different systems using our Okta and JumpCloud integrations.
You can create an Authorization either for a Person or a Group.
Warning: Group-based access strongly encouraged
We strongly encourage that you manage your "authorizations" on the Group level, rather than the individual. This is a security best practice, as it makes clear why certain individuals need access (because they're a member of a particular group). It will also make it easier for your onboarding procedure - just add the new employee to a group, and everything they should have access to is inherited by their membership.
Follow these steps to create or edit authorizations:
- Select the Groups tab on the left hand navigation
- Click into the Group Name
- Select Authorization on the left hand navigation
- Click on Add Authorization in the top right hand corner
- Add the SaaS System(s) to which this group should have access
- Select Add Authorization at the bottom
People assets & Comply users
You can bring all of your people assets into Comply to keep track of everyone from a compliance perspective. You can even make people who aren't Comply users owners of assets (and Comply will try to notify them via Slack, if integrated, when their an owner of something with an action required).
People assets can also be Comply users, and you'll know that someone is a Comply user in the system because they will have a small icon person icon to the left of their name; blue if they are an active person, red if they are inactive.
Updated about 2 years ago