Skip to main content

📁 EPM

Elevation requests

When elevation is not blocked or automatically allowed, users can request elevation for a privileged action.

Overview

Users will be presented with the idemeum dialog to request elevation.

  • Mobile notification will be sent to all admins of the idemeum tenant, or if integration with ticketing is configured, idemeum will create an elevation ticket.
  • Requests can be viewed in the web portal (for each organization separately, or all requests are pulled into the parent organization), and also on the mobile app.
  • Requests contain all metadata information for who is requesting what
  • IT technicians can approve / deny requests from mobile app, web portal, or integrated ticketing system.
  • Once request is approved, it is removed from the list, and the audit event is created for who handled the request
  • Requests automatically expire if not acted upon after 4 days

Request actions

You can approve or deny requests for users with the following actions:

  1. Approve /deny once for user - you can approve or deny request once for the current application and requesting user. Once the request is approved, user will be able to carry our privileged action without the need to elevate. The approval will only be valid for one-time use, and if the user tries to do the same action again, she will need to request again.
  2. Approve / deny for tenant - you can approve or deny request with automatic rule creation, so that all further requests from other users for this application or action will be handled by the rule. For example, if you deny PowerShell launch as admin for user alex by creating a rule, all other users will not be able to launch PowerShell as admin.
  3. Approve / deny for all customers - you can approve or deny request and automatically create a global rule that will apply to all customers.

Manage elevation requests

Web portal

To access elevation requests you can navigate to your parent organization and view all elevations requests for all customers / organizations in one place (EventsGlobal requests). Or you can access each organization separately and view the requests for that organization only (EventsRequests).

Once you access the request, you can click on ... and choose if you want to approve or deny the request. If you decide to create a rule, you will be presented with the dialog for rule configuration, and you can leverage any event attributes for rule definition. The requests can be approved with global or local rule.

Mobile app

  • If you received a mobile notification, click on it and the request details will be shown. You will be able to see all associated metadata, and you will be able to approve / deny the request
  • You can approve / deny the elevation request only for this user, for a customer tenant by creating a local rule, or for all customer tenants by creating a global rule