Identity Explorer

Permissions: To access the configuration and data visualization for Microsoft Entra ID, your user role must have the appropriate permissions. For more information, see Set Permissions for a Role.

Tenable Identity Exposure's Identity Explorer view unifies identities across both Active Directory and Microsoft Entra ID . This view shows the Identity Risk Score (beta) for each listed asset and the potential reach of compromised identities.

To access the Identity Explorer:

Note: The Identity Explorer is only visible if you use the Microsoft Entra ID feature. For more information, see Configuring Microsoft Entra ID as an Identity Provider.

  • In Tenable Identity Exposure, click on the Identity Explorer icon in the left navigation bar.

    The Identity Explorer pane opens.

The Identity Explorer pane shows the following information for total accessible resources:

  • Name — Name of the user account under the identity provider.

  • Provider Names — The Identity Provider.

  • AES — Asset Exposure Score. Tenable Identity Exposure calculates this metric by assessing the criticality of an asset or identity and its vulnerabilities for each identity provider, and aggregates it to provide an overall exposure score for a given identity.

    Note: Tenable Identity Exposure only shows the Exposure Score if you have the Tenable One license.

  • Weaknesses — The percentage of aggregated weaknesses from the accounts linked to the identity, rated from 1 (low) to 5 (critical).

  • Accessible Resources — The number of resources of any type to which this asset has access (read, write, etc.)

  1. In the Identity Explorer pane's Search box, type the name of the user or account.

  2. Click the icon.

    Tenable Identity Exposure shows the matching results.

  1. At the bottom of the Identity Explorer pane, click Export all.

    The Export Identities pane opens.

  2. Click Export all.

    Tenable Identity Exposure downloads the file to the local machine.