Skip to main content

Governance intelligence for access, cloud, and SaaS. Now in early access

Nuxari
Access Governance

Access Drift

Understand what access drift means, how Nuxari detects it, and how to act on a finding.

Last updated: June 2026

Who this is for

Admins, approvers, and auditors who want to understand what Nuxari surfaces as access drift and how to respond.

Before you start

At least one connector must be configured and an evaluation must have run. See theStart Guideif you have not completed that step yet.

What access drift means

Access drift is the gap between the access your organization has approved and the access that actually exists in your connected systems. When a user has a role they were never formally granted, retains access after leaving, or holds a license beyond what was authorized, that difference is drift. Nuxari continuously compares your approved state against your observed state and surfaces every mismatch as a finding.

Common examples of drift

  • Elevated cloud role A user has an Owner-level Azure role but only a Contributor was approved in your access record.
  • Offboarded user still active A former employee's account remains enabled in your identity provider 30 days after their departure date.
  • Admin outside policy A GitHub repository admin role was assigned directly without going through your approval workflow.
  • Inactive license still assigned A SaaS license is assigned to a user who has not logged in for 90 days and is no longer active in your directory.

How to review a finding in Nuxari

  1. 1In Nuxari, go to Governance > Findings.
  2. 2Use the filters to narrow by finding type, severity, connector, or date range.
  3. 3Click a finding to expand the detail view. You will see the observed state, the approved state, the severity, and the recommended action.
  4. 4Review the context and decide whether to act immediately, accept the finding as a known exception, or update your approved state to reflect a legitimate policy change.

How to route a finding to remediation

If the finding represents a real issue that needs to be corrected:

  1. 1Click Create Remediation Plan inside the finding detail view.
  2. 2Assign an approver and confirm the proposed corrective action.
  3. 3The approver receives a notification and reviews the plan. No action executes until they authorize it.
  4. 4After approval, Nuxari executes the correction in the connected system and captures evidence of the before and after state.
Drift does not always mean a security incident, it may be a policy that needs updating. If a user legitimately received elevated access through an out-of-band process, update your approved state to reflect the new policy rather than treating it as a violation.

How evidence is captured

Every finding Nuxari surfaces is automatically recorded as an evidence event. When a remediation plan closes the finding, the before state, approval record, execution result, and after state are all bundled into an evidence package. You do not need to manually capture any of this, it happens as part of the workflow.

Related docs

Access Reconciliation

Compare expected and actual access in detail

Remediation

Create, approve, and close remediation plans

Control Packs

Run evaluations that produce drift findings

Evidence

Export finding and remediation evidence

Was this page helpful?