For security teams, one of the biggest blind spots is access that slips in outside of your normal controls. Even with a well-designed identity governance program, it only takes one manual admin action to create a risk: a privilege granted directly in AWS, a role assigned in GCP, or a repository permission in GitHub. These unmanaged grants can become vulnerabilities if they go unnoticed.
That’s where C1’s grant found trigger automation comes in.
Closing the Loop on Shadow Access
The grant found trigger isn’t just a passive alert, it’s an actionable event you can build automations on top of. When C1 discovers a new grant, security teams can decide what should happen next: notify, review, or revoke. For example, you could build automations so that:
- High-privilege role assignments in AWS or GCP → Automatically trigger a Slack notification or an immediate revocation if the grant was not provisioned through C1.
- Suspicious privilege escalations (for example, if a compromised admin account promotes itself) → Kick off a workflow for investigation and remediation.
- Direct entitlements in systems like GitHub → Flag and route for review when access is granted outside of team-based inheritance.
Instead of waiting to uncover these exceptions during an audit or periodic review, the Grant Found trigger lets you take real-time, automated action the moment they occur.
From Detection to Action
The real power of this feature is in automation. Teams can configure C1 to:
- Notify immediately when an unexpected grant appears.
- Trigger a workflow to review and validate whether the access is legitimate.
- Revoke automatically if the grant came from outside of C1 and doesn’t meet policy.
This reduces response time from days or weeks to minutes and minimizes the window of exposure for over-privileged accounts.
Use Cases for Security Teams
- High-Risk Admin Privileges
Keep a tight watch on admin roles in cloud environments. If someone is manually added to an AWS or GCP admin role outside of C1, the automation can revoke it instantly. - Temporary vs. Permanent Access
Many organizations allow time-bound access to sensitive systems but restrict permanent rights. The grant found trigger can flag when permanent access is discovered where only temporary was intended. - **Inherited vs. Direct Grants
**In systems like GitHub, access is meant to flow through teams. Direct repository grants are risky and often slip through the cracks. With inheritance support, C1 highlights direct access that violates your model so you can clean it up. - Visibility Across App Owners
Security can’t control every SaaS app or admin. Grant Found creates visibility into what other app owners are doing, surfacing issues quickly and enabling outreach: “Why was this access granted? Should it be revoked or approved?”
Why It Matters
Identity and access management is only as strong as the weakest link. A single unmanaged grant can undermine compliance efforts and open the door to attackers. The grant found trigger automation makes sure nothing slips by, giving security teams the visibility and control they need to enforce least privilege and respond in real time.
