Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Once EmpowerID's risk engine evaluates violations, approval requests are sent to the designated risk owner for approval. By default, the risk owner has the authority to review detailed information about the request and associated violations, making decisions to accept or reject the request with mitigation. When a risk violation is identified, the risk owners review the risk and related information to decide whether to approve or reject the risk. The owners choose to approve the risk and apply predefined mitigation controls already established within the system for a specific time. By adhering to these mitigation controls, administrators can confidently approve risks, ensuring the access environment remains secure and compliant.

Tip

Automated Risk Violation Approval Tasks

EmpowerID has a useful feature that automatically generates a business request for approval or rejection when a violation occurs. This can happen if access was granted before the policy was established, or if access was provided outside of EmpowerID and detected as a violation (Detective). Additionally, if a user attempts a high-risk access request while shopping in the IAM shop (Preventive), a business request for approval or rejection is also created. In both cases, the business request is sent to the approver whose details are configured in the approval flow. By default, the risk owner is the approver.

In a preventive scenario, if a risk owner approves a request for access that could potentially cause a violation, the user will receive the access they requested. The risk owner applies mitigation for such violation, and the mitigation will be valid until the end time specified by the approver is reached. On the other hand, if the request is rejected, the user will not be granted access, which could result in a violation. Regarding detection-based actions, the system keeps a historical record of violations and mitigations to address them.

Note

Approval requests by the risk owner will only be sent if two conditions are met. Firstly, the approval flow policy must have the RequireRiskOwnerApproval step configured. Secondly, the Send Detected Violations for Approval setting in the risk must be set to true. If both conditions are satisfied, the approval process will begin with an automated business request being generated for approval. However, if the conditions are not configured, the violation will still be recorded in the system without undergoing approval. Administrators can manually initiate the submission of existing violations for approval if they choose not to send detected violations for approval automatically.

Detective Violations: Review and Approve

In order to access your risk approval tasks, you need to use the My Tasks App interface and follow the instructions provided. These tasks include mitigation for violations that EmpowerID identified, such as those related to access that was already granted or even for access that was granted outside of EmpowerID and has now been detected by EmpowerID as violations.

Note

Please note that you can customize the approval process decisions for business requests by setting up the item type actions for the relevant request type. By default, the displayed options are approve/reject for violation related requests. However, if you have additional configuration in the item-type actions, the options will appear accordingly.

  1. Please log in to the My Tasks portal with the necessary rights.

  2. In the To-Do Request View Tab, you can view all tasks assigned to you, including the Risk Mitigation Task. You can filter specific tasks by choosing Risk Mitigation in the Business Request Type.

  3. Click on the Name of the specific business request item that requires approval for risk violation.

  4. Upon opening the details view, you can access information about the resource and its assignee responsible for any violations in the TO DO tab.
    You can access more violation information in the To-Do tab by clicking Show Details. To view specific details of a business request, click on its Name to open the item details view.

  5. After reviewing information about the risks and violations, the risk owners can decide whether to approve or reject them. To do this, find the To-Do tab and click the (tick) or the Approve button to implement the mitigation control and grant approval. On the other hand, if you choose to Reject, you can click ❌ button.
    Click on Approve to proceed to the next step.

  6. After clicking on Approve (tick) , a pop-up will appear, prompting you to select the necessary mitigation controls and provide input for the end date and justification. Finally, click the (tick) Save button to apply the mitigation and approve the violation.

    • Select Mitigation Control: Select a predefined mitigation control for approval.

    • End Date: End date of the approval, after which the violations have to be mitigated again.

    • Justification: Choose an explanation or justification for approving the risk violation.

Preventive Violations: Review and Approve

Please follow these steps to access your risk approval tasks generated by access requests in the IAM shop that caused violations.

  1. Please log in to the My Tasks portal with the necessary rights.

  2. In the To-Do Request View Tab, you can view all tasks assigned to you, including the Risk Mitigation Task.

  3. Click on the Name of the specific business request item that requires approval for risk violation.

  4. Once you open the details view, you can access information related to the resource, including the person responsible for any violations in the Risk Violations To Do tab. You will also be able to view the associated risk level displayed at the top of the window, giving you an idea of the risk associated with the request.

  5. Click on the Risk Violations tab to view more about request violations. In this section, you will find the violated risks, their level, and classification. For more information about each violation, click More Details to view the risk function and business request details.

  6. After reviewing information about the risks and violations, the risk owners can decide whether to approve or reject them. To do this, find the Risk Violations To-Do tab and click the Approve button to implement the mitigation control and grant approval. On the other hand, if you choose to reject, you can click on the Reject Button. Click on Approve to proceed to the next step.

  7. When you click approve, a pop-up will appear, prompting you to select the necessary mitigation controls and provide input for the end date and justification. Finally, click the (tick) Save button to apply the mitigation and approve the violation.

    1. Select Mitigation Control: Select a predefined mitigation control for approval.

    2. End Date: End date of the approval, after which the violations have to be mitigated again.

    3. Justification: Choose an explanation or justification for approving the risk violation.

Tip

After implementing the necessary risk mitigation controls, if an individual violates the same risk policy again, approval tasks or violations will be generated once the mitigation control end date is reached.

Send Existing Violations for Approval Manually

EmpowerID has a feature that automatically generates business requests for risk violations detected in the system. However, if you've chosen not to send these requests by default by disabling the Send Detected Violations for Approval setting in the local risk, or if you had previously turned off the Generate Business Requests feature and want to enable it again, you'll need to follow the following steps to ensure that existing violations are sent for approval.

  1. Log in to EmpowerID with the necessary permissions.

  2. On the navbar, expand Compliance and click Risk Management.

  3. Click on the Local Risks tab to list all the local risks to manage.

    image-20240206-152932.png

  4. Type your text in the search box and click the Search button to search for a specific local risk.

    image-20240206-153438.png

  5. Submit existing violations for approval by clicking the Send Existing for Approval button. Business requests will be generated and routed by default to the risk owners for approval.

After risk approval tasks are created, the risk owners can review, approve, or reject them based on the instructions discussed earlier.

Div
stylefloat:left; position:fixed;
idarticleNav

IN THIS ARTICLE

Table of Contents
minLevel2
maxLevel2
outlinefalse
stylenone
typelist
printablefalse