...
IT Shop
Eligibility
Approvals and Approval Routing
IT Shop
The "IT Shop" is a microservice from which users can search for and request access to IT resources your organization makes available to them. To do so, users navigate to the IT Shop, where they can see their current resources and shop for more. Depending on their job function, users may also request resources for other users. To shop for a role or other resource, they simply select the resource type and search for the specific resource item belonging to that type. Once they have found the desired item, they request access, which opens a drawer. From the drawer, users can optionally place time constraints on the request and add it to their carts or simply close the drawer to discontinue. Once a resource is added to a user’s cart, it stays there until the user either checks out (submits the cart) or removes it. By keeping resources in the cart, users can navigate away from the IT Shop as needed without losing the contents of their carts. When ready to submit their requests, users review the items in their cart and when ready submit them to the Identity and Access Management platform (EmpowerID). If they decide they don’t want to request an item that is in their cart, they can simply remove it.
Figure 1 below shows the main flow that occurs for users shopping for roles in the IT Shop, as well as the IT Shop user interface.
...
Eligibility Policies
EmpowerID offers a powerful policy engine to control which users may see and request which resources in the IT Shop. These policies are known as “Eligibility.” Eligibility policies may apply to users by attribute query, role, group, or other criteria, making it easy to target who receives which policies and have the assignment automated and maintained throughout their lifecycle.
...
Figure 2: Eligibility Policy applied to a person
Approvals and Approval Routing
EmpowerID includes a powerful approval routing engine and friendly end-user interfaces for task tracking and decisions. As discussed above, Eligibility policies are considered when calculating whether a user’s request requires approval and if so, how many approval steps are required and to whom should the approval tasks be assigned. Determination of the approval process is dynamic and considers the roles of the requestor, the sensitivity of the items being requested, and an organization’s risk and Segregation of Duties (SoD) policies. Based on these factors, approval for a requested item may not be required or it could require multiple levels of approval and an additional SoD approval by a risk owner.
...