User Tags

InsightIDR applies tags to users in your network to help you quickly identify useful information.

InsightIDR User Tags

These tags may be applied by InsightIDR to all types of users:

  • Watchlist: This tag identifies users that are on the User Watchlist.
  • Never Expires: This tag identifies users with non-expiring passwords.
  • Disabled: This tag identifies users that have been disabled in LDAP.
  • Removed: This tag identifies users that have not been present in LDAP for a month or longer.

Admin Account Tags

These tags may be applied by InsightIDR to admin users:

  • AWS Admins: This tag identifies users that are AWS admins.
  • OKTA Admins: This tag identifies users that are OKTA admins.
  • O365 Admins: This tag identifies users that are Microsoft Office 365 admins.
  • Google Admins: This tag identifies users that are Google admins.
  • Box Administrators: This tag identifies users that are Box.com admins.
  • LDAP Admins: This tag identifies users that are LDAP admins. If an account is an LDAP admin, InsightIDR displays the admin groups they’re in. If an admin user is in multiple admin groups, InsightIDR will display a tag with the number of groups the user is in. You can hover over this tag to see which groups the admin user is in.
  • Azure AD Admins: This tag identifies users that are Azure AD admins.
  • ZScaler Admins: This tag identifies users that are ZScaler admins.

Admin account tags