Skip to end of banner
Go to start of banner

Responding to Risk Violations

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Once EmpowerID's risk engine evaluates violations, notifications, and approval requests are sent to the designated risk owner for approval. The risk owner has the authority to review detailed information about the request and associated violations, making decisions to accept or reject the request with mitigation. When a risk violation is identified, the risk owners review the risk and associated information to decide whether to approve or reject the risk. If the owners decide to approve the risk, they can only do so by applying predefined mitigation controls already established within the system. By adhering to these mitigation controls, administrators can confidently approve risks, ensuring the access environment remains secure and compliant.

Automated Risk Violation Approval Tasks

EmpowerID has a feature that automatically creates a request for approval or rejection when a violation occurs, whether it is due to access being granted before the policy was established (Detective), or a user attempts a high-risk access request while shopping in the IAM shop (Preventive). In both cases, the request is sent to the risk owner.

In a proactive scenario, if a risk owner approves a request for access that could potentially cause a violation, the user will be granted the access they requested. The access will be in a mitigated state until the user-specified mitigation end time has been reached. On the other hand, if the request is rejected, the user will not be granted the access they were requesting that could result in a violation. When it comes to detection-based actions, the system keeps a historical record of any violations and the mitigation steps taken to address them.

There are slight differences in the user interface for approval and rejection, which are discussed in the relevant sections of this document.

Approval request by the risk owner will only be sent if two conditions are met. Firstly, the approval flow policy must have the "RequireRiskOwnerApproval" step configured. Secondly, the "Send Detected Violations for Approval" setting in the risk must be set to true. If both conditions are satisfied, the approval process will begin with an automated business request being generated for approval. However, if the conditions are not configured properly, the violation will still be recorded in the system without undergoing approval. Administrators have the option to manually initiate the submission of existing violations for approval, if they choose not to send detected violations for approval automatically.

View your Risk Approval Tasks

Please follow the steps below to access your risk approval tasks through the My Tasks App interface.

  1. Login to EmpowerID with the necessary permissions.

  2. On the navbar, expand Business Request and Tasks and click My Tasks App. You will be redirected to the My Tasks Microservice.

  3. In the To-Do and Request View tabs, click on the Name of the specific business request item that requires approval for risk violation.

    image-20240206-170524.png

  4. After opening the details view, you can find information about the resource and its assignee in the TO DO tab, which is causing the violations.

    image-20240206-171240.png

    If you are reviewing a business request to approve a violation that occurred while granting access to someone from the IAM shop, you may notice a slightly different user interface in the Risk TO DO tab such as the screenshot shown below.

    image-20240207-040823.png



  5. In the To-Do tab, you can find additional violation information by clicking Show Details. If you want to view the details of a business request item, you can click on its Name which will open the details view.

    image-20240206-172851.png

After receiving information about the risks and violations, the risk owners can decide whether to approve or reject them.

Approve or Reject Risk Approval Tasks

Please follow the steps below to approve or reject risk approval tasks.

  1. To make a decision, please access the details panel for the relevant business request by following the instructions provided in the previous section.

    image-20240206-171240.png


  2. You can approve or reject a risk violation as a risk owner and administrator. To do this, find the To-Do tab and click the (blue star) or the Approve button to implement the mitigation control and grant approval. On the other hand, if you choose to Reject or click ❌ , no resources will be allocated to the requester for that specific business request, even if the other steps were approved. No permissions or resources will be granted if you do not approve the risk violation. Click on Approve to proceed to the next step.

    image-20240206-173815.png


    If you are reviewing a business request to approve a violation that occurred while granting access to someone from the IAM shop, you may notice slightly different buttons for the approval, such as the screenshot shown below.

    image-20240207-041539.png


  3. When you click on approve, a pop-up will appear. Please select the necessary mitigation controls, end date, and other values below. Finally, click the tick (blue star) button to approve the violation.

    1. Select Mitigation Control: Select a predefined mitigation control for approval.

    2. End Date: End date of the approval, after which the violations have to be mitigated again.

    3. Justification: Choose an explanation or justification for approving the risk violation.

      image-20240206-174156.png

After implementing the necessary risk mitigation controls, if an individual violates the same risk policy again, no approval tasks or violations will be generated until the mitigation control end date is reached. Once the mitigation control end date arrives, a new task will be created to re-implement the mitigation measures.

Send Existing Violations for Approval

EmpowerID has a feature that automatically generates business requests for risk violations detected in the system. However, if you've chosen not to send these requests by default by disabling the Send Detected Violations for Approval setting in the local risk, or if you had previously turned off the Generate Business Requests feature and want to enable it again, you'll need to follow the following steps to ensure that existing violations are sent for approval.

  1. Log in to EmpowerID with the necessary permissions.

  2. On the navbar, expand Compliance and click Risk Management.

  3. Click on the Local Risks tab to list all the local risks to manage.

    image-20240206-152932.png

  4. If you want to search for a specific local risk, type your text in the search box and click on the Search button.

    image-20240206-153438.png

  5. Submit existing violations for approval by clicking the Send Existing for Approval button. Business requests will be generated and routed to risk owners for approval.

Once risk approval tasks are generated, risk owners are notified to view, approve, or reject those tasks.

  • No labels