๐ฎ Awesome Albus Prompts
Prompt gallery for more effective Albus (Lumos AI agent) use
Overview
Albus is your AI agent for access data exploration and policy design - grounded in real assignment, usage, and access-request data. It drives least-privilege at scale with clear rationale for every recommendation, and it answers open-ended questions to reveal trends, anomalies, and risks across your environment.
Supported Capabilities
- Policy Mining: Discover common access patterns; draft least-privilege policies from real-world data.
- Role Anomaly Detection: Identify outlier or risky entitlements and unusual access patterns.
- Evidence & Explainability: Drill into usage signals, peer comparisons, and key differences.
- Bulk Policy Creation & Edits: Generate and tune access policies using natural language.
Below, find a selection of copy-paste prompts focused on Policy Mining and Role Anomalies. Each has customizable placeholders, with an example output that illustrates expected results - such as draft policies, remediation plans, or insight summaries.
Techniques
By using clear, targeted natural language prompts, you can unlock rich insights from your access, HR, and identity data. These recipes are starting points - experiment, customize, and iterate to match the nuances of your environment!
Inventory Analysis Prompts
| Label | Prompt | Expected Output | Value |
|---|---|---|---|
| Top access requests | Which apps have the highest number of last-quarter access requests? Show the top 10, including app name and request count. | A table listing the top 10 apps with access request volumes, including App Name and Request Count, for prioritizing policy work. | Focus policy/automation work where demand is highest to cut backlog and friction. |
| Low-activity apps | Show me the apps with the most assigned users but less than 20% active usage in the last 90 days. Suggest candidates for review or deprovisioning. | A list of low-activity apps showing App Name, Assigned Users, Active Users (%), along with a remediation suggestion (e.g., review or deprovision). | Spot over-licensed apps to reclaim spend and reduce standing-access risk. |
| Org chart | Show the reporting hierarchy centered on [Individual email address]. Show direct and indirect reports as an org chart. | A breakdown of the org chart centered on the individual, showing direct and indirect reports in a structured hierarchy view. | See the personโs span of control to design approvals and least-privilege decisions. |
Policy Mining Prompts
| Label | Prompt | Expected Output | Value |
|---|---|---|---|
| Attribute coverage (active identities) | Show me all user attributes in my source of truth (look at custom attributes) and create a table for each user attribute type and what percentage of the whole population (only active human identities) have one. | A table with an overview of HR/custom attributes and their relative coverage across active human identities. | Know which fields are reliable for policy segmentation; avoid sparse attributes. |
| Attribute scoring for policies | Score my attributes for building policies using: coverage (how many users are covered using the policies), granularity (maximize how much access can be granted using policies and birthright vs. self-service access requests), manageability (estimated # of policies to review yearly)where high manageability means easy to manage. Consider these custom attributes: Title, Team, [Attribute X], [Attribute Y]: ranked table with metrics + top 5 attributes combos + their overall score and why. Just take a look at users that are in my source of truth and are active. Using 5 star ranking and numbers to indicate what makes most sense. Start with definitions for the key metrics. | A ranked comparison table of attributes and attribute combinations, including coverage, granularity, manageability, and 5-star ratings. Includes top 5 attribute combos with overall score and reasoning. Starts with definitions of the key metrics. | Pick policy drivers that balance coverage, fine-grained control, and maintenance effort. |
| Policies by worker type ร team | Great, now suggest access policies for me looking at the dimensions of worker type and team. | An Access Matrix segmented by worker type and team, showing birthright suggestions per segment. | Establish baseline birthrights per segment to reduce ad-hoc requests. |
| App-specific policy draft | Draft access policies for [App Name] based on actual assignment and usage patterns by team and employee type. List birthright vs. self-service recommendations. | An Access Matrix for the specified app, showing birthright vs. self-service recommendations per team and employee type. | Turn usage patterns into concrete, auditable app-level controls. |
| Top-requested apps segmentation | For the top 5 most-requested apps, show recommended access policy segmentation and why. | A policy breakdown for the top 5 most-requested apps with segmentation rationale (the โwhyโ) using actual access request data. | Prioritize segmentation where it impacts most users and back it with data. |
Role Anomaly Prompts
Label | Prompt | Expected Output | Value |
|---|---|---|---|
High-risk employees (regular) | Look up my my top **[Number] **highest risk regular employees (not contigent workers). Any interesting insights or trends around their hr attributes to show signs of them not being well governed eg. managers, departments, locations. worker subtype...etc. Return my top 10 high risk regular employees. | A table of the top 10 high-risk regular employees with risk scores, key HR attributes (manager, department, location, worker subtype), and insight notes/trends indicating possible governance gaps. | Aim investigations and fixes at the riskiest employees first. |
High-risk contractors | Look up my my top** [Number] **highest risk regular contractors. Any interesting insights or trends around their hr attributes to show signs of them not being well governed eg. managers, departments, locations. worker subtype...etc. Return my top 10 high risk regular contractors. | A table of the top 10 high-risk contractors with risk scores, relevant HR attributes, and insight notes/trends highlighting governance concerns. | Tighten controls on contractors who often have elevated access but weaker oversight. |
App HR-attribute trends | Let's dig into [App Name]. Looking at HR attributes, do you see any interesting trends re: people who use this app that are expected or unexpected. Give me a thorough analysis into the breakdown of attribute types and values in this app. Along with your take on if those are expected or not | An analysis summary with a breakdown table of HR attribute types/values among users of the app, plus expected vs. unexpected usage patterns and commentary on anomalies. | Validate that the right populations use the app; flag anomalies for review. |
Email domain risk insights | Show my interesting insights around the different email domains that you see being pulled in? Show me really compliance relevant / risk access trends around these. Start with a thorough table breakdown of domains and proportion of my environment that have these different domains . Give at least top 10 domains. Show me specific systems these domains have access to relevant for risk, and should how these domains map back to worker types or other interesting hr attributes. Make sure to give lots of specifics like app and/or group names. | A table of the top 10+ email domains with population proportion, plus systems/apps/groups each domain can access and mapping to worker types/HR attributes; includes compliance/risk insights and notable trends. | Expose risky external/alias domains and where they have sensitive access. |
Over-provisioning review (top N apps) | Look at my top [Number eg. 100] apps based on number of assigned users. We believe that we are over-assigning apps. Based on the context of the application, return a table of these apps with a label of potential overprovisioning or not based on if you think this should be an app that is niche for specific functions. Add a final column on reason for your decision. Include number of assigned users as a column. Sort by number of assigned users in your output table. | A ranked table of the top [Number] apps (sorted by assigned users) with a potential over-provisioning label, assigned user count, and a reason column explaining the determination (e.g., niche function, low usage concentration). | Right-size assignments to cut license spend and reduce blast radius. |
(Coming Soon) Unmatched accounts by app | Find all apps with unmatched accounts or accounts not linked to active users. Show app, number of unmatched accounts, and recommend remediation. | A table listing each app with unmatched accounts, the number of unmatched accounts, and a remediation recommendation (e.g., deactivate, reassign, merge). | Close security gaps and cut costs by cleaning up strays or re-linking owners. |
Updated about 9 hours ago
Now try testing Albus Chat yourself!