search
Sprinto DashboardAPI Reference

Authentication & Access Monitors

Learn how Sprinto enforces authentication and access security through MFA, login protection, access rule monitoring, and inactive user detection.

Sprinto provides a comprehensive set of monitors to ensure your organisation enforces strong authentication and access control measures. These checks help validate that user identities are secured, access is tightly governed, and critical systems are protected against unauthorised entry.

This section covers monitors related to:

  • Multi-Factor Authentication (MFA)

  • Login protection mechanisms

  • Auto account lockout

  • Inactive user cleanup

  • Access rules on critical systems

hashtag
Monitored Controls

hashtag
Multi-Factor Authentication (MFA)

Sprinto verifies that MFA is enabled for users across all critical systems and cloud platforms. This includes checks for:

Platform
Monitored Item

AWS

Root and IAM user MFA setup

GitHub

Individual and org-level MFA enforcement

Bitbucket

Personal and team MFA

Office365 / Azure

Conditional access with MFA enforcement

Google Workspace

Enforced MFA for all users

Okta

2FA / MFA policy enabled

Monitor Actions

  • Integration-based auto check (where supported)

  • Step-by-step remediation guides for enabling MFA

  • Manual evidence upload if integration is not feasible

hashtag
Login Protection & Lockout

Sprinto validates whether systems enforce secure login protection methods, including:

  • Brute-force attack prevention

  • Auto account lockout after failed attempts

  • Password policy enforcement (length, complexity, expiry)

These monitors help detect vulnerabilities in authentication workflows and enforce corrective action.

hashtag
Inactive User Cleanup

Inactive user credentials are a common attack vector. Sprinto includes monitors that:

  • Identify stale users on AWS, Azure, and other platforms

  • Check for users with active access but no recent activity

  • Recommend disabling or removing unused accounts

hashtag
Access Rule Configuration

Sprinto checks if access control rules are implemented correctly on critical systems, such as:

  • Access based on role or business need

  • Least-privilege enforcement

  • Login protection on infrastructure services

  • Access review configurations for sensitive systems

hashtag
Remediation Workflow

Each failing monitor includes a resolution workflow with:

  1. Summary of the issue

  2. Recommended steps to configure the required control

  3. Links to platform-specific setup guides (e.g., AWS IAM, GitHub MFA)

  4. Option to upload proof (evidence) if automation is not available

All changes made on external platforms (e.g., enabling MFA) are detected by Sprinto in the next sync cycle.

hashtag
Best Practices

  • Enforce MFA universally and monitor its configuration via integrations.

  • Review access control monitors weekly to identify policy drift.

  • Lock unused accounts regularly.

  • Maintain a documented access review process.

PreviousOverviewNextRestrict Sensitive GCP IAM Role Assignments

Last updated