Least by Juste™ connects to your Google Workspace or Microsoft Entra ID, finds risky access, and generates a signed audit-ready evidence bundle — in under 30 minutes.
Most small businesses do access reviews manually — in spreadsheets, if at all. By the time the audit comes, the data is stale and the evidence doesn't exist.
Exporting user lists, cross-referencing roles, building spreadsheets. Repeated every quarter for every client.
Employees leave. Accounts stay. Nobody reviews them until the breach or the audit — whichever comes first.
SOC 2, HIPAA, cyber insurance, and client questionnaires all require documented evidence of access reviews. "We checked it" isn't enough.
Google Workspace tenants accumulate elevated privileges over time. No one audits who actually needs admin access.
Authorize Least with read-only OAuth — Google Workspace or Microsoft Entra ID. No passwords stored. No data written to your directory. We request only the minimum scopes needed to read users, groups, and admin roles.
Least pulls your full directory and runs an 11-rule risk engine against every user, group, and admin role. Each finding gets an AI-generated explanation and a recommended action — no guesswork required.
Work through each finding: Approve, Revoke, or flag for Needs Review. Add notes documenting your reasoning. When you're done, export a signed PDF report and CSV log — auditor-ready, timestamped, branded with your company name.
5 HIGH + 6 MEDIUM. Derived from least-privilege best practices and mapped to SOC 2, ISO 27001, NIST SP 800-53, and CIS Controls v8. Rules 10–11 are Entra ID–only.
Any super admin or global admin account is flagged for explicit review. Elevated privileges should be intentional, minimal, and documented.
Admin accounts with no sign-in activity in 60+ days. Dormant privileged accounts are high-value targets — if no one's using them, they shouldn't exist.
Admin or delegated-admin accounts whose email domain doesn't match the organization's primary domain. Vendors, consultants, and contractors with lingering admin access are a direct exfiltration risk.
Any account — employee or contractor — with no sign-in in 90+ days. Former users with lingering access are a quiet, persistent risk in every tenant.
Accounts whose display names match shared-use patterns (shared@, info@, team@, helpdesk@). Shared credentials produce no accountability and break the audit trail.
Privileged-named groups whose membership exceeds 15% of your org. A 10-person company with 6 people in "All Admins" is a different problem than a 200-person company with 25 — the threshold scales with you.
Accounts that are both Admin and DelegatedAdmin simultaneously. Stacked roles signal privilege creep from accumulated assignments that were never cleaned up.
Admin or delegated-admin accounts not enrolled in 2-Step Verification. The single most common cyber insurance questionnaire failure — an admin without MFA is an open door.
Flags workspaces with only 1 super admin (no recovery redundancy if that account is locked or compromised) or more than 4 (excessive attack surface). Google recommends exactly 2–4.
A B2B guest (userType='Guest') holding a privileged Entra ID role — Global Administrator, Privileged Role Administrator, or Application Administrator. External guests should never hold privileged access. Maps to SOC 2 CC6.3.
Account is 90+ days old with no recorded sign-in. May indicate an unused or abandoned account. Uses createdDateTime as a proxy when full audit log access is unavailable. Maps to SOC 2 CC6.2, NIST AC-2(3).
Every export is timestamped in your local timezone and branded with your company name.
A formal, signed report listing every finding, severity, your decision, and any notes you added. Designed to be handed directly to a compliance auditor, cyber insurance reviewer, or client.
A structured log of every finding with all metadata: rule, severity, affected account, decision, and timestamp. Import into ConnectWise, Jira, ServiceNow, or any ticketing system.
Pay for the accounts you scan. MSPs mark up to clients and keep the margin. No surprises.
You pay $2–3/user. You bill your client $5–6/user. That's your margin, every month — while your clients get audit-ready access reviews on autopilot. Email kender@usejuste.com →
Juste LLC is a Tampa-based technology company building identity governance tools for organizations that can't afford to get it wrong.
Least by Juste™ is our first product — access governance priced and built for the MSPs and SMBs that enterprise IGA vendors don't bother serving.
We show you why, not just what. Every finding has an explanation a non-technical person can act on.
Reports designed to withstand auditor scrutiny — timestamped, signed, and structured for compliance workflows.
Enterprise IGA tools cost six figures. We're building governance for the companies that can't afford that — and need it just as much.
Free during the pilot. No credit card. Takes under 30 minutes.
Start free →Questions? Email kender@usejuste.com