Why
DataShield detects exposure but cannot respond. Market-standard tooling triggers remediation: force a password reset and revoke active sessions for an exposed employee, ideally through the directory provider already connected. This closes the loop from detection to containment.
Scope
- Remediation actions on an alert: "force password reset" and "revoke sessions" routed through the connected
DirectoryConnection (Entra, Google, Okta) where the provider API supports it.
- Per-connection capability flags (not all providers expose revoke).
- Audit trail of remediation actions taken (who, when, target, result).
Hooks
src/lib/directory/ connectors, Alert model, src/app/api/alerts/[id]/route.ts.
Why
DataShield detects exposure but cannot respond. Market-standard tooling triggers remediation: force a password reset and revoke active sessions for an exposed employee, ideally through the directory provider already connected. This closes the loop from detection to containment.
Scope
DirectoryConnection(Entra, Google, Okta) where the provider API supports it.Hooks
src/lib/directory/connectors,Alertmodel,src/app/api/alerts/[id]/route.ts.