If your organization owns resources that are not automatically provisioned through provisioning policies, but must be requested by users, you can create Asset Types, Assets, and Asset Request Items to represent those resources. Once these objects are created, you can use them to manage the provisioning of the objects they represent, assigning them to special classes of users or publishing them to the IT Shop for general access. Asset types and assets can be actual resources that exist in the EmpowerID Identity Warehouse, like shared folders, user accounts, and Exchange mailboxes, or they can be generic assets added to the Identity Warehouse for tracking purposes only, such as mobile phones and tablets. The IT Shop provides a central location where organizations can place or publish the resources that are available for request by their users. Once a resources is published to the IT Shop, users can shop for the resource, requesting access to it—both for themselves as well as for other users. The overall goal of Compliant Access Delivery is to reduce the need for end-users to request additional access, also known as “exceptions.” Access not granted by a person’s roles is considered an exception and must go through a controlled yet easy-to-use process before being granted. Exceptions represent an additional risk and create extra work to be processed and approved, as well as audited during compliance recertifications. EmpowerID’s best practice approach to exceptions management ensures that exceptions are always based on proper justification, traceable and auditable, manageable, and temporary whenever possible. |