Skip to main content

Endpoint Privilege Management

Admin / user elevation

How various idemeum elevation types work.

Overview

Idemeum EPM offers two types of elevation - admin elevation and user elevation.

Admin elevation

User request is elevated using another admin account, therefore the program will run in the context of an admin user (msp-elevate account that idemeum uses to elevate user requests).

User elevation

User who made the request will be temporarily promoted to an Administrator role. And then this user account will be used to elevate the privileged action. As a result, the requested application will run in the context of a user who made the request. Immediately after the elevation is competed, the user is demoted back to a Standard user.

When the user elevation occurs for the first time for any given user, idemeum will prompt the user to enter username and password. Once the valid credentials are entered, these credentials will be stored locally on the workstation and will be used for manage UAC prompts.


Elevation type - mobile app

When approving user requests in idemeum application you can choose what elevation type to use. Chosen elevation will apply to approving the request once or creating a local / global rule.

Elevation type - rules

When creating elevation rules (either global or local), you can also choose what type of elevation to use.

Elevation type - web portal

You can also choose the elevation type when you are approving user requests in the idemeum web portal.