SearchLight customers can now automatically validate credential alerts via an integration with Azure AD, drastically reducing the time required to triage.

As your organization’s digital footprint grows and grows, so does the opportunity for exposure of your organization’s credentials. Credential exposure is a high-priority issue, preventing attackers from accessing your systems or selling this access to the highest bidder in dark web criminal marketplaces.

Yet, not all detected exposed credentials are useful to security teams. 

In Digital Shadows (now ReliaQuest)’ previously published research on account takeovers, we’ve uncovered more than 16 billion credentials exposed online — but roughly two-thirds of these were duplicates. If we specify further to SearchLight clients, the average company has approximately 102 credentials exposed each month but the process of investigating authenticity and validity of each of these credential pairs can waste precious time. 

This onerous, multi-step process involves questioning if the credentials are authentic or made up, if they are active or inactive, if the email and password matches the corporate format policy, and if they have been previously actioned — all to say, does this exposed credentials pair pose a risk to our organization? This process is now automated in SearchLight (now ReliaQuest’s GreyMatter Digital Risk Protection) by our Microsoft Azure AD integration.


While we previously released an integration with Okta, there are more cloud-based directory and identity management tools to be realized in a security manager’s toolbox. 

We’re thrilled to extend automatic credentials validation to the larger user-base of Azure AD, which holds approximately twice the market share of Okta. This integration is free for all users, allowing you to maximize your investment in both Azure AD and SearchLight.

SearchLight users can automatically validate usernames/email addresses within their Azure AD instance.

Azure AD integration for alert auto rejection
Figure 1: Toggling Azure AD integration for alert auto rejection
Exposed Credential Validation View within SearchLight
Figure 2: Exposed Credential Validation View within SearchLight

While we still offer four other ways to validate your organization’s credentials— including credential username format, password format, and email list upload— credential validation with multiple Oktas and alert auto-rejection with Azure AD allows for a greater user base to reduce time spent on triaging exposed credential alerts, and more options to validate for existing Okta integration users.


Additionally, in the instance of having individual directory services for each department or acquiring a company with a different active directory service, the Azure AD integration will allow for multiple active directories to exist and be referenced during the automatic credentials validation and invalid credentials alert rejection processes. 

Whether you have multiple separate Okta directories or one Okta and one Azure AD active directory, all can be used for credential validation.


For more information, see our Azure AD datasheet here.

Interested in spending less time triaging irrelevant alerts and automating more security processes? Get in touch here.