Is there a way I can enforce a policy like this?
allow endpoints with attribute
#top_secret
unless they’ve been inactive for 30d
That’s one way I might be able to catch abandoned endpoints. More broadly I’m looking for a ways to assist with managing a large number of endpoints that I’ve minted for my users. I have thousands of users for whom dozens of managers are responsible. I need a way to delegate the baseline for each endpoint to the managers. In other words, only the managers will know whether the endpoints are still valid.
I know that it’s possible to author my own integration with the platform API, and I may go that route. In the meantime I’d like to know how you recommend that I approach this because I am manually creating the endpoints through the web console, not sync from a directory. Is it best to use directory sync with numerous users to ensure that endpoints are provisioned and de-provisioned automatically?