Admin / user elevation
How various idemeum elevation types work.
Overview
Idemeum EPM offers two types of elevation - admin elevation
and user elevation
.
Admin elevation
User request is elevated using another admin account, therefore the program will run in the context of an admin user (msp-elevate
account that idemeum uses to elevate user requests).
User elevation
User who made the request will be temporarily promoted to an Administrator role. And then this user account will be used to elevate the privileged action. As a result, the requested application will run in the context of a user who made the request. Immediately after the elevation is competed, the user is demoted back to a Standard user.
When the user elevation occurs for the first time for any given user, idemeum will prompt the user to enter username and password. Once the valid credentials are entered, these credentials will be stored locally on the workstation and will be used for manage UAC prompts.
Elevation type - mobile app
When approving user requests in idemeum application you can choose what elevation type to use. Chosen elevation will apply to approving the request once or creating a local / global rule.
Elevation type - rules
When creating elevation rules (either global
or local
), you can also choose what type of elevation to use.
Elevation type - web portal
You can also choose the elevation type when you are approving user requests in the idemeum web portal.