We're just starting to use the OPA for some things and I'm anticipating some security concerns down the road. We're exploring automating a Phishing Response. When we find out that an account has been compromised, we can run a recipe that will reset the password for the compromised account, disable them in AD, kill their Office 365 sessions, create a helpdesk ticket and post something to Teams.
As I explore the first couple parts, those are privileged actions in AD and O365. The best way to accomplish those, I think, is by executing Powershell scripts, but the Workato service account running the OPA is the user who will have privileges to do those things. And as time goes on and we do more things with the OPA, that one service account will accumulate more and more privileges.
How are other people handling this situation? Or does Workato have on their roadmap a more granular way to handle OPA actions and security?
thanks for the reply. It seems I will need a box for each agent. I was hopeful to run multiple agents on a single box. Now I guess I am considering Linux so I can use light O/S's and not worry about buying Windows Keys.