Elevation requests

Overview

Requests scope

• Local requests - you can review and manage elevation requests in each customer tenant. These will be the requests that are specific to that customer only.
• Global requests - you can also review all requests in aggregate (i.e. for all customers) in your parent MSP tenant.

How requests work

• Requests are available in the web portal as well as in idemeum mobile app
• You can review the requests in you MSP portal or each customer tenant
• Mobile notification is sent to all technicians when request is created
• Request is defined by
  • what - file name, hash, publisher, application name, path
  • who - customer tenant, endpoint, user, etc.
  • Request attributes are the same as the ones generated for an event.
• IT technicians can approve / deny requests from mobile app or web portal
• Requests are transitory and once approved, they are removed from the list
• An audit event is captured when the elevation request is approved
• Requests automatically expire if not acted upon after 4 days

Request actions

You can approve or deny requests for users with the following actions:

1. Approve /deny once for user - you can approve or deny request only once the the current application and requesting user. Once the request is approved, user will be able to carry our privileged action without the need to elevate. The approval will only be valid for one-time use, and if the user tries to do the same action again, she will need to request again.
2. Approve / deny for tenant - you can approve or deny request with automatic rule creation, so that all further requests from other users for this application or action will be handled by the rule. For example, if you deny PowerShell launch as admin for user alex by creating a rule, all other users will not be able to launch PowerShell as admin.
3. Approve / deny for all customers - you can approve or deny request and automatically create a global rule that will apply to all customers.

Elevation rules

Create rules to define what privileged actions are allowed on workstations.

idemeum docsNik Pot

Manage elevation requests

From customer tenant

You can manage elevation requests from each customer tenant.

• Access your customer tenant admin dashboard
• Navigate to Elevation → Requests
• You can now browse all open requests, and review the metadata by expanding the request area

• Click on ... and chose whether you want to Approve or Deny the request
• You can approve / deny the elevation request only for this user, for a customer tenant by creating a local rule, or for all customer tenants by creating a global rule

• If you choose to approve with rule, the rule dialog will open, all metadata will be automatically populated, and you can choose the rule name that you want to create.

From MSP tenant

You can also manage elevation requests from your parent MSP tenant. Idemeum will aggregate all requests coming from all customer tenants in a single place.

• Access your MSP tenant admin portal
• Navigate to Elevation → Global requests
• You can now browse all open requests for all customer tenants

• Click on ... and chose whether you want to Approve or Deny the request
• You can approve / deny the elevation request only for this user, for a customer tenant by creating a local rule, or for all customer tenants by creating a global rule

From mobile

• If you received a mobile notification, click on it and the request details will be shown

• You can also open idemeum application, choose tenant from the customer dropdown at the top and then access the Requests section

• Once you access the request, you will be able to see all associated metadata, and you will be able to approve / deny the request

• You can approve / deny the elevation request only for this user, for a customer tenant by creating a local rule, or for all customer tenants by creating a global rule