Skip to content About The people and vision powering Probo Blog The latest news from Probo Stories Hear from our customers Changelog Latest product updates Docs Documentation for Probo GitHub Explore our open-source compliance tools

Access Reviews Overview

Access reviews let you periodically check who has access to your third-party tools and whether that access is still appropriate. Probo connects to each provider, pulls the current members and their roles, and lets reviewers approve or flag each account. The decisions become the audit evidence that frameworks like SOC 2 and ISO 27001 ask for.

  1. Connect a provider as an access source, over OAuth or with an API key.
  2. Probo collects each account’s name, email, role, admin rights, account status, MFA state, and last login.
  3. Run a campaign over one or more sources. Probo snapshots access at that point in time.
  4. Reviewers decide. Each account is approved or flagged, and the decision is recorded as evidence.

For each account in a review, Probo shows the following, wherever the provider exposes it. Fields the provider doesn’t return are left blank.

FieldWhat it tells reviewers
NameThe account holder’s name (service accounts are marked)
EmailThe account’s email address
RoleThe role(s) the account holds in the provider
AdminWhether the account has administrator access
StatusWhether the account is active or disabled
MFAWhether multi-factor authentication is enabled
Last loginWhen the account last signed in or was used
  • OAuth. You authorize Probo from the provider’s consent screen.
  • API key. You generate a token on the provider and paste it into Probo. The token type and required permissions vary per provider, so check the Connector Directory.
  • CSV. Upload an exported user list for tools Probo can’t connect to directly.

Access reviews live under Access Reviews in your organization: the Sources tab connects providers, the Campaigns tab runs reviews.