Skip to content
AscendCore
Back to Runbook Library
Identity Template: configurable per customer

Compromised Account Response

Contain a suspected account compromise in one approval: revoke active sessions, reset credentials, and force MFA re-enrollment, fully audited.

Integrates with

OktaEntra IDM365

The problem

When an account is reported phished or flagged as compromised, the first minutes matter. Doing the containment steps by hand across the identity provider and email is slow at exactly the moment speed counts.

What AscendCore does

An admin invokes the response on the affected user from Slack or Teams. AscendCore proposes the full containment set (revoke sessions, reset credentials, require MFA re-enrollment) on one approval card, executes on approval, and writes a single security-namespaced row to the audit chain.

Status

Template. The containment steps and approver routing are configurable per customer. Connect it to your Okta, Entra ID, and Microsoft 365 tenant to enable.

Runbook source preview

Versioned, deterministic, auditable

Every runbook is defined as a versioned YAML manifest with explicit triggers, steps, and approval policies. The runbook itself is the audit-ready record of what AscendCore can and will do. Chat is just the interface that triggers it.

name: compromised-account-response
trigger:
  channels: [slack, teams]
  command: account-compromise
steps:
  - resolve_target_user
  - admin_approval
  - revoke_active_sessions
  - reset_credentials
  - require_mfa_reenrollment
approval:
  required: true
  approvers: [it-admins, sec-team]
Want this runbook?

Configure compromised account response for your environment

Templates are configurable per customer environment. Talk to us about the specific systems and approval flow you need.

See plans & pricingBrowse all runbooks

More identity runbooks

Live

Access Role Change

Multi-system orchestrated role transitions for promotions, transfers, and contractor-to-FTE conversions. Five seed roles ship out of the box (support tiers, sales SDR/AE, engineering contractor/FTE/intern, HR generalist/manager); each transition produces a single approval card showing the full access diff and executes sequentially across Okta + Entra + Jira + M365 with per-step audit outcomes.

Read more
Live

Account Unlock

Automate Microsoft Entra ID and Okta account unlocks from Slack and Teams. Identity verification, approval-gated unlock, failed-login counter reset.

Read more
Live

Group Membership Management

Automate Microsoft Entra security group, M365 group, and distribution list membership changes from Slack and Teams. Name-resolved, approval-gated, idempotent.

Read more