Skip to main content

Endpoint privilege management

Elevation requests

Elevation requests come from users when they need to carry out privileged actions. Users can generate requests when there are no rules defined for the action that they are trying to perform.

Overview

  • Requests are available in the web portal as well as in idemeum mobile app
  • Mobile notification is sent to all technicians when request is created
  • Request is defined by what (file name, hash, publisher, etc.) and who (customer tenant, endpoint, user, etc.). Request attributes are the same as the ones generated for an event.
  • IT technicians can approve / deny requests from mobile app or web portal
  • Requests are transitory and once approved, they are removed from the list.
  • Requests automatically expire if not acted upon after 4 days

Approve / deny elevation requests

You can approve or deny requests for users. There are two options for approval or denial scopes:

  1. Approve /deny once for user - you can approve or deny request only once the the current application and requesting user. Once the request is approved, user will be able to carry our privileged action without the need to elevate. The approval will only be valid for one-time use, and if the user tries to do the same action again, she will need to request again.
  2. Approve / deny for tenant - you can approve or deny request with automatic rule creation, so that all further requests from other users for this application or action will be handled by the rule. For example, if you deny PowerShell launch as admin for user alex by creating a rule, all other users will not be able to launch PowerShell as admin.

How to manage elevation requests

Web portal

  • Access your customer tenant admin dashboard
  • Navigate to ElevationRequests
  • You can now browse all open requests, and review the metadata by expanding the request area
  • Click on ... and chose whether you want to Approve or Deny the request
  • You can approve / deny request only for this specific user and application, or you can automatically create a rule for this type of requests going forward
  • If you choose to approve with rule, the rule dialog will open, all metadata will be automatically populated, and you can choose the rule that you want to create.
Elevation rules
Elevation rules define what privileged actions are allowed or denied on endpoints. You can create file attribute rules, publisher rules, or certificate attribute rules.
idemeum documentationNik Pot

Mobile app

  • If you received a mobile notification, click on it and the request details will be shown
  • You can also open idemeum application, choose tenant from the customer dropdown at the top and then access the Requests section
  • Once you access the request, you will be able to see all associated metadata, and you will be able to approve / deny the request
  • You can approve / deny request only for this specific user and application, or you can automatically create a rule for this type of requests going forward
When you approve for tenant, idemeum will automatically create a file attribute rule using the hash of the binary. More about the rules.