Organizations can configure the requestable permissions for inventoried computers , enabling to give users the ability to request specific those permissions when connecting to these computers via Privileged Session Management (PSM). These permissions, called "IAM known in EmpowerID as “IAM Shop Permission Levels," play a crucial role in maintaining ” are fundamental to creating a secure IT environment . They grant users distinct permissions during computer sessions and reinforce security and serve a dual purpose: providing distinct permissions while in a computer session and reinforcing the overall security posture by adhering to the principle of least privilege , revoking permissions immediately after the session endsby removing those permissions from users immediately after their session ends. When configuring IAM Shop Permission Levels for computers, organizations pick specific groups with those permissions on the native system. If users belong to those groups, they get the specified access. Additionally, computers can be configured to allow Just-In-Time account provisioning in those groups. When this is the case, EmpowerID provisions an account that is linked to the person and adds it to the group. Once the session ends, the account is removed from the group. This ensures a truly least privileged, zero-trust environment. Coupled with eligibility
| Tooltip and footnote macro | ||||||
|---|---|---|---|---|---|---|
|
To successfully assign IAM Shop Permission Levels, administrators must:
...