Simplify compliance
without manual overhead

Automate spreadsheet-based workflows needed for SOX, SOC-2, ISO, and HITRUST user access reviews.

Request a demo in under a minute.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
90% of manual work
needed to manage user access can be automated using Opal
Opal has redefined how we approach identity governance at scale. The product and roadmap align closely with the needs of our hyper-growth business. With their rich API's and Terraform support, we can modernize and automate IAM and assurance in ways that are aligned with other mature facets of our infrastructure.
Andrew McAllister headshot photo
Andrew McAllister
Head of Corporate Engineering
Use Case

Automate User Access Reviews


User access reviews are time-consuming and manual. Audits often take multiple weeks. Compliance teams are struggling to keep up and are forced to reduce the scope of audits.

Push button start

Kick off user access reviews with a centralized compliance dashboard. Remind employees via Slack.

Automatic access changes

Accelerate access reviews by automatically removing access or changing access levels through Opal.

Auditor friendly reporting

Generate access review reports with all of the information that your auditors would need.

Use Case

Review access
for employee transfers


In today's fast-paced environment, employees often switch roles without changing or removing their access. As a result, employees' access balloons over time, leading to over-provisioning.

Proactive alerting

When employees switch departments, their manager will be automatically notified via Slack.

Dynamic access reviews

Managers can easily complete access reviews, which will automatically grant or revoke access levels.


What is a user access review?

An user access review is a process of evaluating and verifying the access rights of employees, contractors, or other users to an organization's applications, and data. It involves reviewing user accounts, permissions, and roles to ensure that they are appropriate and necessary for the user's job responsibilities. User access reviews help organizations identify and remediate any potential security risks or compliance violations.

How often should user access reviews be conducted?

The frequency of user access reviews depends on the size of the organization, the complexity of systems, and the level of risk associated with the data being accessed. However, it is recommended that user access reviews should be conducted at least annually, or more frequently for high-risk systems or sensitive data. Opal decreases the manual burden of access requests by delegating reviews to the appropriate owners and automating notifications, access propagation, report-generation, and more. This allows companies to run access reviews more often.

Who should be involved in user access reviews?

User access reviews should involve a cross-functional team of stakeholders to ensure that access rights are appropriate and necessary for each user. The team should include IT or engineering admins, data owners, compliance officers, and business unit managers. With Opal, it’s easy to automatically assign reviews based on resource owner and/or managers.

What types of user access should be reviewed?

User access reviews should review all types of access that employees, contractors, or other users have to an organization's IT systems, applications, and data. This includes access to sensitive data, privileged accounts, administrative functions, and third-party applications. Opal automatically discovers and imports applications for organizations to easily streamline the user access review process.

Which vendors do you integrate with?

Opal covers a broad set of integrations including applications imported from identity providers, such as Okta, and native applications with cloud Infrastructure, such as AWS, Github, GCP, and SaaS Applications, such as Salesforce. For the full list of connections, please go to

Don’t see one on the list? Opal has a custom application API. Additionally, our engineering team can create connectors for you.

Does Opal support de-provisioning or modifying user account access?

Yes! Opal has write permissions so it can automatically propagate access changes to end systems. At the end of the audit, Opal will generate an auditor friendly report to summarize all of the actions.

How do access reviews in Opal work with ticketing providers?

Opal has two access propagation methods – automatic access propagation or manual activity tracking with ticketing providers. For the latter, Opal will create a ticket in your ticketing provider to kick off provisioning workflows. Additionally, Opal will sync with the ticket status to indicate whether the activity has been completed or not.

Product Overview

User Access Review

Download eBook

Interested in Opal?

Get in touch with our team to learn more!

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.