Elevation requests
Elevation requests come from users when they carry out privileged actions.
Overview
Requests scope
Local requests- you can review and manage elevation requests in each customer tenant. These will be the requests that are specific to that customer only.Global requests- you can also review all requests in aggregate (i.e. for all customers) in your parent MSP tenant.
How requests work
- Requests are available in the
web portalas well as inidemeum mobile app - You can review the requests in you MSP portal or each customer tenant
- Mobile notification is sent to all technicians when request is created
- Request is defined by
what- file name, hash, publisher, application name, pathwho- customer tenant, endpoint, user, etc.- Request attributes are the same as the ones generated for an event.
- IT technicians can approve / deny requests from mobile app or web portal
- Requests are
transitoryand once approved, they are removed from the list - An audit event is captured when the elevation request is approved
- Requests automatically expire if not acted upon after
4 days
Request actions
You can approve or deny requests for users with the following actions:
- Approve /deny once for user - you can approve or deny request only once the the current application and requesting user. Once the request is approved, user will be able to carry our privileged action without the need to elevate. The approval will only be valid for one-time use, and if the user tries to do the same action again, she will need to request again.
- Approve / deny for tenant - you can approve or deny request with automatic rule creation, so that all further requests from other users for this application or action will be handled by the rule. For example, if you deny PowerShell launch as
adminfor useralexby creating a rule, all other users will not be able to launch PowerShell as admin. - Approve / deny for all customers - you can approve or deny request and automatically create a global rule that will apply to all customers.
Elevation rules
Create rules to define what privileged actions are allowed on workstations.
Nik Pot
Manage elevation requests
From customer tenant
You can manage elevation requests from each customer tenant.
- Access your customer tenant admin dashboard
- Navigate to
Elevation→Requests - You can now browse all open requests, and review the metadata by expanding the request area
- Click on
...and chose whether you want toApproveorDenythe request - You can approve / deny the elevation request only for this user, for a customer tenant by creating a
local rule, or for all customer tenants by creating aglobal rule
- If you choose to approve with rule, the rule dialog will open, all metadata will be automatically populated, and you can choose the
rule namethat you want to create.
From MSP tenant
You can also manage elevation requests from your parent MSP tenant. Idemeum will aggregate all requests coming from all customer tenants in a single place.
- Access your MSP tenant admin portal
- Navigate to
Elevation→Global requests - You can now browse all open requests for all customer tenants
- Click on
...and chose whether you want toApproveorDenythe request - You can approve / deny the elevation request only for this user, for a customer tenant by creating a
local rule, or for all customer tenants by creating aglobal rule
From mobile
- If you received a mobile notification, click on it and the request details will be shown
- You can also open idemeum application, choose tenant from the customer dropdown at the top and then access the
Requestssection
- Once you access the request, you will be able to see all associated metadata, and you will be able to approve / deny the request
- You can approve / deny the elevation request only for this user, for a customer tenant by creating a
local rule, or for all customer tenants by creating aglobal rule
