Once EmpowerID's risk engine evaluates violations, notifications, and approval requests are sent to the designated risk owner for approval. The By default, the risk owner has the authority to review detailed information about the request and associated violations, making decisions to accept or reject the request with mitigation. When a risk violation is identified, the risk owners review the risk and associated related information to decide whether to approve or reject the risk. If the The owners decide choose to approve the risk , they can only do so by applying and apply predefined mitigation controls already established within the system for a specific time. By adhering to these mitigation controls, administrators can confidently approve risks, ensuring the access environment remains secure and compliant.
| Tip |
|---|
Automated Risk Violation Approval Tasks EmpowerID has a useful feature that automatically creates generates a business request for approval or rejection when a violation occurs, whether it is due to access being . This can happen if access was granted before the policy was established, or if access was provided outside of EmpowerID and detected as a violation (Detective). Additionally, or if a user attempts a high-risk access request while shopping in the IAM shop (Preventive), a business request for approval or rejection is also created. In both cases, the business request is sent to the approver whose details are configured in the approval flow. By default, the risk owner is the approver. In a preventive scenario, if a risk owner approves a request for access that could potentially cause a violation, the user will receive the access they requested. The risk owner . This feature works even in environments where the IAM shop is not used for access requestsapplies mitigation for such violation, and the mitigation will be valid until the end time specified by the approver is reached. On the other hand, if the request is rejected, the user will not be granted access, which could result in a violation. Regarding detection-based actions, the system keeps a historical record of violations and mitigations to address them. |
| Note |
|---|
Approval request requests by the risk owner will only be sent if two conditions are met. Firstly, the approval flow policy must have the "RequireRiskOwnerApproval" step configured. Secondly, the "Send Detected Violations for Approval" setting in the risk must be set to true. If both conditions are satisfied, the approval process will begin with an automated business request being generated for approval. However, if the conditions are not configured properly, the violation will still be recorded in the system without undergoing approval. Administrators can manually initiate the submission of existing violations for approval . |
View your Risk Approval Tasks
Please follow the steps belowif they choose not to send detected violations for approval automatically. |
Detective Violations: Review and Approve
In order to access your risk approval tasks through , you need to use the My Tasks App interface .
Login to EmpowerID with the necessary permissions.
and follow the instructions provided. These tasks include mitigation for violations that EmpowerID identified, such as those related to access that was already granted or even for access that was granted outside of EmpowerID and has now been detected by EmpowerID as violations.
| Note |
|---|
Please note that you can customize the decisions for business requests by setting up the item type actions for the relevant request type. By default, the displayed options are approve/reject for violation related requests. However, if you have additional configuration in the item-type actions, the options will appear accordingly. |
Please log in to the My Tasks portal with the necessary rights.
In the To-Do and Request View tabs, click Tab, you can view all tasks assigned to you, including the Risk Mitigation Task. You can filter specific tasks by choosing Risk Mitigation in the Business Request Type.
Click on the Name of the specific business request item that requires approval for risk violation.
After Upon opening the details view, you can find access information about the resource and its assignee responsible for any violations in the TO DO tab, which is causing the violations.
If you are reviewing a business request to approve a violation that occurred while granting access to someone from the IAM shop, you may notice a slightly different user interface in the Risk TO DO tab such as the screenshot shown below.
In the To-Do tab, you can find additional violation information .
You can access more violation information in the To-Do tab by clicking Show Details. If you want to view the To view specific details of a business request item, you can click on its Name which will to open the item details view.
After
reviewing information about the risks and violations, the risk owners can decide whether to approve or reject them. To do this, find the To-Do tab and click the
or the Approve button to implement the mitigation control and grant approval. On the other hand, if you choose to Reject, you can click ❌ button.
Click on Approve
Please follow the steps below to approve or reject risk approval tasks.
To make a decision, please access the details panel for the relevant business request by following the instructions provided in the previous section.
You can approve or reject a risk violation as a risk owner and administrator to proceed to the next step.
After clicking on Approve
, a pop-up will appear, prompting you to select the necessary mitigation controls and provide input for the end date and justification. Finally, click the Save button to apply the mitigation and approve the violation.Select Mitigation Control: Select a predefined mitigation control for approval.
End Date: End date of the approval, after which the violations have to be mitigated again.
Justification: Choose an explanation or justification for approving the risk violation.
Preventive Violations: Review and Approve
Please follow these steps to access your risk approval tasks generated by access requests in the IAM shop that caused violations.
Please log in to the My Tasks portal with the necessary rights.
In the To-Do Request View Tab, you can view all tasks assigned to you, including the Risk Mitigation Task.
Click on the Name of the specific business request item that requires approval for risk violation.
Once you open the details view, you can access information related to the resource, including the person responsible for any violations in the Risk Violations To Do tab. You will also be able to view the associated risk level displayed at the top of the window, giving you an idea of the risk associated with the request.
Click on the Risk Violations tab to view more about request violations. In this section, you will find the violated risks, their level, and classification. For more information about each violation, click More Details to view the risk function and business request details.
After reviewing information about the risks and violations, the risk owners can decide whether to approve or reject them. To do this, find the Risk Violations To-Do tab and click the
or the Approve button to implement the mitigation control and grant approval. On the other hand, if you choose to Reject or click ❌ , no resources will be allocated to the requester for that specific business request, even if the other steps were approved. No permissions or resources will be granted if you do not approve the risk violationreject, you can click on the Reject Button. Click on Approve to proceed to the next step.
If you are reviewing a business request to approve a violation that occurred while granting access to someone from the IAM shop, you may notice slightly different buttons for the approval, such as the screenshot shown below.
When you click on approve, a pop-up will appear. Please , prompting you to select the necessary mitigation controls , and provide input for the end date , and other values belowjustification. Finally, click the tick
Save button to apply the mitigation and approve the violation.Select Mitigation Control: Select a predefined mitigation control for approval.
End Date: End date of the approval, after which the violations have to be mitigated again.
Justification: Choose an explanation or justification for approving the risk violation.
| Tip |
|---|
After implementing the necessary risk mitigation controls, if an individual violates the same risk policy again, no approval tasks or violations will be generated until once the mitigation control end date is reached. Once the mitigation control end date arrives, a new task will be created to re-implement the mitigation measures. |
Send Existing Violations for Approval Manually
EmpowerID has a feature that automatically generates business requests for risk violations detected in the system. However, if you've chosen not to send these requests by default by disabling the Send Detected Violations for Approval setting in the local risk, or if you had previously turned off the Generate Business Requests feature and want to enable it again, you'll need to follow the following steps to ensure that existing violations are sent for approval.
Log in to EmpowerID with the necessary permissions.
On the navbar, expand Compliance and click Risk Management.
Click on the Local Risks tab to list all the local risks to manage.
If you want to search for a specific local risk, type Type your text in the search box and click on the Search button to search for a specific local risk.
Submit existing violations for approval by clicking the Send Existing for Approval button. Business requests will be generated and routed by default to the risk owners for approval.
Once After risk approval tasks are generatedcreated, the risk owners are notified to viewcan review, approve, or reject those tasksthem based on the instructions discussed earlier.
| Div | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||
IN THIS ARTICLE
|