Why Access Tests
In addition to manual access reviews, most compliance frameworks — including SOC 2 and ISO 27001 — require that your access configurations follow secure best practices.
Things like rotating access keys, enforcing MFA, and controlling admin privileges are essential to reducing the risk of unauthorized access. ComplyJet helps automate this by running a series of access configuration tests across your integrated systems.
What These Tests Do
Once you've integrated tools like AWS, Google Workspace, GitHub, and others, ComplyJet automatically starts running tests against their access settings.
For example:
Is MFA enabled for all admins?
Are AWS IAM access keys rotated regularly?
Are there unused service accounts with active credentials?
Each test is mapped to specific controls from the frameworks you selected — helping you generate real, audit-ready evidence as you secure your systems.
Access Tests Page
On the Access Tests page, you’ll see a list of all relevant tests based on your integrations.
Each test shows:
Current status (Passing or Failing)
Last run time
Number of systems or users affected
If a test is failing, click into it to view more details.
Fixing Failing Tests
When you open a failing test, you’ll find:
A clear explanation of what’s wrong
A list of affected users or systems
Step-by-step remediation instructions
For example, if a test flags that GCP access accounts doesn't have MFA enabled, it’ll tell you which accounts are affected and provide exact instructions to enable MFA for these.
Once you’ve applied the fix, you can re-run the test directly from the page. If everything checks out, the status will change to Passing — and that’s one more compliance item complete.
Final Goal
Your objective is to ensure:
Every test is passing
Misconfigurations are fixed promptly
Access settings across systems stay secure and aligned with compliance requirements
These automated tests give you continuous visibility into access-related risks — without waiting for a manual review or audit to catch them.