Guest Access Management

What You'll Learn

• Conduct a guest access audit to identify dormant, over-privileged, or forgotten external accounts
• Apply time-bound access policies with automatic expiration for guest and vendor accounts
• Determine the minimum permissions required for an external collaborator's specific task
• Create and follow an offboarding checklist that revokes guest access when projects or contracts end
• Monitor guest account activity for unusual access patterns that may indicate compromised credentials

Training Steps

1. A New Contractor Arrives

   Welcome to Northbridge Logistics! You are Alice, a project manager overseeing a warehouse automation project. Today, a new contractor from DataSync Solutions is starting to help with the system integration. Marcus Chen will need access to several internal systems for the next three months.

2. The Access Request Email

   Alice receives an email from her manager about provisioning access for the new contractor.

3. Critical Requirements

   Sarah's email contains important details about how Marcus's account should be configured. Pay close attention to the specific access levels and the contract end date.

4. The GUEST Framework

   Northbridge Logistics uses the GUEST framework for managing temporary accounts. Before creating Marcus's account, review these principles: G rant minimum access (only what's needed for the specific project) U se expiration dates (every guest account must have an end date) E stablish sponsorship (every guest needs an internal employee sponsor) S cope to project (access tied to specific business need) T rack and audit (review guest accounts monthly)

5. Rushing Through Setup

   Alice has a team meeting starting in 15 minutes. She opens the guest account creation form and quickly fills in the basics - but skips the expiration date field, thinking she can always add it later. The form does not enforce a mandatory expiration date.

6. Taking a Shortcut on Permissions

   The permissions page shows available systems with different access levels. Instead of carefully selecting the scoped permissions Sarah requested, Alice grants Full Admin access to all systems - thinking it will save Marcus from having to request additional access later. This violates the principle of least privilege.

7. Submitted Without Review

   The review page shows a summary of the guest account configuration. Alice glances at it briefly but does not notice the missing expiration date or the excessive admin privileges. She clicks Submit and hurries to her meeting.

8. A Security Alert

   Three weeks have passed. Alice receives an urgent email from the Security Operations Center.

9. The Chain of Failures

   The security team has traced exactly how Alice's shortcuts led to a full-blown security incident.

10. What Went Wrong?

    Take a moment to consider which of Alice's decisions created the security vulnerability.