Account Protection


Your cloud accounts are always on always reachable targets. How do you keep your cloud assets safe without degrading the experience of legitimate users? User and service account protection starts with a clear, consolidated inventory of users, accounts, and privileges. Obsidian shows you which users have access to SaaS apps, and at what level. Continuously monitor what users are doing in these apps. Prune inactive accounts to shrink the attack surface and lower costs. Obsidian gives you comprehensive account protection in SaaS.


Get a rundown of who has what privileges on each service, whether they are active or not, and how they are using these privileges.

Privileged accounts by service

Access inventory for privileged accounts

Get an inventory of accounts with privileges in each service.

Usage Report

Active vs Inactive Accounts

Get an at-a-glance view of active and inactive accounts by service, with historical changes in activity level. Clean up inactive accounts to improve identity hygiene and lower costs.

Users with multiple privileged roles

Users with multiple privileged roles

Identify users with a concentration of privileged roles. A toxic cocktail of privileges pose a higher risk to the organization by increasing the potential impact of a compromised account or insider threat.

Multiple inactive accounts

Stale users with multiple inactive accounts

Discover users who have access to multiple inactive accounts, so you can investigate if the users have switched roles or left the company.

Privileged accounts without MFA

Accounts without MFA or using basic authentication

Detect which users have accounts that do not have multi-factor authentication (MFA) enabled, or that are using basic authentication that bypasses MFA. The problem is worse if the accounts have privileges.