Now in pilot · Google Workspace

Access reviews that
actually get done.

Least by Juste™ connects to your Google Workspace, finds risky access, and generates a signed audit-ready evidence bundle — in under 30 minutes.

Start free access review See how it works
Read-only OAuth — nothing written to your Workspace
Results in under 30 minutes
PDF + CSV evidence ready for auditors
app.getleast.io/dashboard
Least by Juste™
Workspace
Access Review
Evidence
Connections
Settings
Access Review
yourcompany.com · Last scan today at 2:05 PM
High Risk
4
Medium Risk
7
Reviewed
8 / 11
HIGH
admin@yourcompany.com
Super Admin Account — flagged for explicit review
APPROVE
HIGH
john.doe@yourcompany.com
Inactive Account — no sign-in for 127 days
REVOKE
MED
shared.mailbox@yourcompany.com
Shared Account Pattern — display name matches shared mailbox heuristic
REVIEW
The problem

Access reviews shouldn't
take a week.

Most small businesses do access reviews manually — in spreadsheets, if at all. By the time the audit comes, the data is stale and the evidence doesn't exist.

⏱️

Hours of manual work

Exporting user lists, cross-referencing roles, building spreadsheets. Repeated every quarter for every client.

👻

Stale accounts go unnoticed

Employees leave. Accounts stay. Nobody reviews them until the breach or the audit — whichever comes first.

📋

No evidence when auditors ask

SOC 2, HIPAA, cyber insurance, and client questionnaires all require documented evidence of access reviews. "We checked it" isn't enough.

🔑

Too many super admins

Google Workspace tenants accumulate elevated privileges over time. No one audits who actually needs admin access.

How it works

From connection to
evidence in three steps.

1
~30 seconds

Connect Google Workspace

Authorize Least with read-only OAuth. No passwords stored. No data written to your Workspace. We request only the minimum scopes needed to read users, groups, and admin roles.

🔒 Read-only · Nothing is modified in your Workspace
2
~15–45 seconds

Run the access review

Least pulls your full directory and runs a 9-rule risk engine against every user, group, and admin role. Each finding gets an AI-generated explanation and a recommended action — no guesswork required.

🤖 AI explanations on every finding
3
~10–20 minutes

Review, decide, export

Work through each finding: Approve, Revoke, or flag for Needs Review. Add notes documenting your reasoning. When you're done, export a signed PDF report and CSV log — auditor-ready, timestamped, branded with your company name.

📄 PDF + CSV export · Local timezone · Your company name in the header
The risk engine

9 rules. Every user. Every scan.

4 HIGH + 5 MEDIUM. Derived from least-privilege best practices and mapped to SOC 2, ISO 27001, NIST SP 800-53, and CIS Controls v8.

#001HIGH

Super Admin Account

Any super admin or global admin account is flagged for explicit review. Elevated privileges should be intentional, minimal, and documented.

#002HIGH

Inactive Admin

Admin accounts with no sign-in activity in 60+ days. Dormant privileged accounts are high-value targets — if no one's using them, they shouldn't exist.

#003HIGH

External Account with Privileged Access

Admin or delegated-admin accounts whose email domain doesn't match the organization's primary domain. Vendors, consultants, and contractors with lingering admin access are a direct exfiltration risk.

#004MEDIUM

Stale Account

Any account — employee or contractor — with no sign-in in 90+ days. Former users with lingering access are a quiet, persistent risk in every tenant.

#005MEDIUM

Shared Account Pattern

Accounts whose display names match shared-use patterns (shared@, info@, team@, helpdesk@). Shared credentials produce no accountability and break the audit trail.

#006MEDIUM

Oversized Privileged Group

Privileged-named groups whose membership exceeds 15% of your org. A 10-person company with 6 people in "All Admins" is a different problem than a 200-person company with 25 — the threshold scales with you.

#007MEDIUM

Stacked Privileges

Accounts that are both Admin and DelegatedAdmin simultaneously. Stacked roles signal privilege creep from accumulated assignments that were never cleaned up.

#008HIGH

Admin Without 2-Step Verification

Admin or delegated-admin accounts not enrolled in 2-Step Verification. The single most common cyber insurance questionnaire failure — an admin without MFA is an open door.

#009MEDIUM

Super Admin Count — Too Few or Too Many

Flags workspaces with only 1 super admin (no recovery redundancy if that account is locked or compromised) or more than 4 (excessive attack surface). Google recommends exactly 2–4.

Evidence exports

Hand it to an auditor.
Import it into your ticketing system.

Every export is timestamped in your local timezone and branded with your company name.

📄

PDF Access Review Report

A formal, signed report listing every finding, severity, your decision, and any notes you added. Designed to be handed directly to a compliance auditor, cyber insurance reviewer, or client.

Company branded Timestamped Decision + notes AI explanations
📊

CSV Evidence Log

A structured log of every finding with all metadata: rule, severity, affected account, decision, and timestamp. Import into ConnectWise, Jira, ServiceNow, or any ticketing system.

Machine readable All fields exported Local timezone Importable
Pricing

Simple. Per user.

Pay for the accounts you scan. MSPs mark up to clients and keep the margin. No surprises.

Pilot
Free
Limited early access
No credit card required
  • 1 Google Workspace tenant
  • Up to 25 users scanned
  • All 9 risk rules
  • PDF + CSV evidence export
  • Direct founder support
Get pilot access
MOST POPULAR
Starter
$3 / user / mo
min $49/mo · Up to 3 workspaces
  • All 9 risk rules — every scan
  • Compliance framework tags (SOC 2 · ISO 27001 · NIST · CIS)
  • PDF + CSV evidence bundle
  • Branded report header
  • Share link for auditors
  • Email notifications
Get started
Growth
$2.50 / user / mo
min $129/mo · Up to 10 workspaces
  • Everything in Starter
  • Multi-tenant MSP dashboard
  • Scheduled auto-scans (30/60/90 day)
  • Priority support
Get started
Plus
$2 / user / mo
min $249/mo · Unlimited workspaces
  • Everything in Growth
  • Unlimited client tenants
  • White-label PDF reports
  • Dedicated onboarding call
  • SLA-backed support
Contact us
🏢

Built for MSPs. Designed to resell.

You pay $2–3/user. You bill your client $5–6/user. That's your margin, every month — while your clients get audit-ready access reviews on autopilot. Email kender@usejuste.com →

About Juste

Built by someone who felt the problem firsthand.

Juste LLC is a Tampa-based technology company building identity governance tools for organizations that can't afford to get it wrong.

Our first product, Least by Juste™, was built by a founder with a decade in enterprise technology, an information security degree, and direct experience watching organizations fail access reviews they didn't know they were taking.

Honest software

We show you why, not just what. Every finding has an explanation a non-technical person can act on.

Evidence you can defend

Reports designed to withstand auditor scrutiny — timestamped, signed, and structured for compliance workflows.

Built for the 98%

Enterprise IGA tools cost six figures. We're building governance for the companies that can't afford that — and need it just as much.

By the numbers
9
Risk rules in the engine
<30
Minutes to first evidence bundle
0
Writes to your Workspace
2026
Founded · Tampa, FL
"Governance software should be honest: it should show you why, not just what, and produce records a real auditor can review."

Run your first access review today.

Free during the pilot. No credit card. Takes under 30 minutes.

Start free →

Questions? Email kender@usejuste.com