Versions Compared

Old Version 2

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version Current

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

A seamless end-user experience for access requests is essential in maintaining security and compliance within an organization. To achieve this, it is crucial to manage the visibility and requestability of items for different user types effectively. Presenting all users with a uniform catalog of requestable items can lead to an overwhelming and confusing experience as they must navigate through vast amounts of data to find relevant resources. Moreover, exposing unnecessary data poses a significant security risk, as external users or potentially malicious actors could gain access to the organization's most sensitive roles and resources. For regulatory compliance, it is vital to prevent specific user groups from seeing or requesting certain roles and resources by enforcing country-specific restrictions like the International Traffic in Arms Regulations (ITAR).

Eligibility Policies

EmpowerID addresses this issue with a robust policy engine designed to control which users may see and request roles and resources in the IT Shop. These policies, known as "Eligibility policies," can be applied to users based on attribute queries, roles, groups, or other criteria. This flexibility makes it easy to target specific users for policy assignment and automate the process throughout their lifecycle. To further reduce administrative workload, Eligibility policies can be applied to all requestable items of a particular type or location instead of individually. This approach allows policies to be more comprehensive, granting or excluding eligibility using the EmpowerID Location tree. For roles, eligibility policies can be applied to their members to control what they may see and request in the IAM Shop. Policies also apply to the role itself as a potential IAM Shop item to regulate who may see and request it.

Eligibility Rules

Eligibility policies can be categorized as either inclusion rules or exclusion rules. Inclusion rules define the items a user is authorized to see and request in the IT Shop, ensuring that only relevant resources are available to them. An example of this would be filtering available resources for Field Sales employees and developers, providing each group with a tailored catalog of requestable roles and resources. This approach prevents unwarranted access requests, reducing unnecessary approval tasks. Furthermore, inclusion and exclusion rules enhance the user shopping experience by shielding employees from viewing resources they cannot request.

...

Macrosuite divider macro
dividerWidth80
dividerTypetext-with-icon
emoji{"id":"smile","name":"Smiling Face with Open Mouth and Smiling Eyes","short_names":["smile"],"colons":":smile:","emoticons":["C:","c:",":D",":-D"],"unified":"1f604","skin":null,"native":"😄"}
textColor#000000
dividerWeight3
labelPositionmiddle
textAlignmentcenter
iconColor#0052CC
iconSizemedium
fontSizemedium
textNext Steps
emojiEnabledfalse
dividerIconbootstrap/BarChartSteps
dividerColor#DFE1E6
dividerIconbootstrap/BarChartSteps

Configure Eligibility for Business Roles and Location Combinations

Configure Eligibility for Groups

Configure Eligibility for Management Roles

Configure Eligibility for Shared Folders /wiki/spaces/EIDADV23/pages/2984891197

Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue