Hey HN,<p>I am curious what you think about open sourcing a little tool I wrote. But before, let me give you some background: I was building two fintech companies before and we had several audits per year. As the financial industry is regulated, it wasn’t a “voluntary” audit like SOC2, ISO27001 or HIPAA. Hard findings posed the risk of not being able to do business anymore.<p>One of the high priority auditor items was having a proper access management process to ensure that user accounts of former employees are revoked and existing users follow least-privilege principle. Even when we used Okta, in many cases we couldn’t get the data in an automated way. Either tools were not covered or behind a (way too high) paywall. Thanks SSO Tax<p>Back then I wrote a little tool to download user lists with their permissions from our major SaaS tools. That helped us a lot to verify user lists. Later I even added functionality for some tools to create and delete user accounts as this was another pain we got.<p>However, I am thinking about making the tool open source with support for a bunch of applications that can be easily extended.<p>Would such a tool be useful for you? Are there any other information besides users and permissions you would find important? Would you see yourself contributing to a open source project like that?
I'd use it.. :-)
Primarily i'm looking to compare a user list on a SAAS with a source of truth list to figure out which accounts to add/remove/change etc. Ideally i'd like to know which email address the user was setup with, whether they are using SSO or password to login, what permissions they have and when their last login was.