Skip to content

Creating and Viewing EAM Requests

Before a user can be granted elevated access, a Requestor or Profile Owner must create an EAM request and select an EAM profile that defines the elevated access Requestors are granted if their request is approved.

Submitted requests can be viewed on the EAM Dashboard.

Creating an EAM Request

To create an emergency access request:

  1. Select EMERGENCY ACCESS from the navigation menu.

  2. Select Create New Request +.

  3. Select an EAM profile you are marked as a Requestor or Owner for in the Profile Name dropdown list. The EAM profile defines who can approve requests and who can attest and review usage.

  4. Choose a Requestor from the list of available requestors for the profile.

    Note

    A Profile Owner can only submit EAM requests on behalf of Requestors. They cannot request access for themselves to the profile they own and manage.

  5. Set the length of time the Requestor will have the elevated entitlements. You can set this duration up to the maximum duration defined in the EAM profile. The default is 1 hour.

  6. Select a predefined Reason Code that best explains why this access is needed.

    Tip

    Name your codes clearly and provide a list of codes to your Requestors to ensure they select the correct one.

  7. Select when the access will be granted. The date defaults to the current date and time, but you can change this to submit a request for a future date or time. For example, if a user will need access during a weekend or holiday, they can submit the request in advance while the Approver is available.

  8. (Optional) Select a time zone from the Time Zone dropdown list to change the time zone for the request to the Requestor's local time.

  9. In the Intention box, enter additional information explaining why the request should be approved, or how the access will be used.

    Tip

    Establish a policy regarding what should be entered here, such as including helpdesk ticket numbers.

  10. Select Submit to create the request.

If the Requestor was pre-approved on the profile, the request will be automatically approved, and provisioning will occur on the selected date and time. This is displayed on the Active tab.

The request will display on the Approval tab of the EAM Dashboard and be marked as Awaiting Approval. Approvers will receive an email notification that they have an EAM request to evaluate.

Retracting EAM Requests

If the requested entitlements have not yet been provisioned, Requesters, Owners, and Administrators can retract requests:

  1. Select Emergency Access to view the EAM Dashboard.
  2. On the Approval tab, expand the Actions menu next to the request and select Retract.

Retracted requests are displayed on the Completed tab of the EAM Dashboard.

Viewing Request Progress

Members of an access profile used for a request can view the request in the EAM Dashboard. As Requests move through each stage, the appropriate users on the profile are notified by email and can view the changes in the EAM Dashboard.

Table of requests organized by their stage. The table can be filtered and actions selected.

Each tab displays a core phase of the request process:

  • Approval - Requests that are waiting for approval

  • Active - Approved requests that are scheduled to be provisioned, or are actively being provisioned or deprovisioned

  • Data Collection - Requests that have been deprovisioned and are waiting to extract data of how the Requestor used the entitlements

  • Review - Requests under review to determine if the permissions were used appropriately

  • Completed - Requests that have been rejected, retracted, or reviewed

The number of requests in each stage is displayed in the parentheses in the tab headers. These numbers will change if you filter requests.

Note

You may need to select the Refresh icon to display changes to emergency requests.

Generating Reports

You can generate and download a set of reports for a single or multiple requests to provide to auditors or enforce compliance. Refer to Generating EAM Reports for more information.

Customizing Your Dashboard

Request information is by default displayed in the time zone configured in the user's browser. Users can change the time zone displayed on their personal EAM Dashboard by selecting TIMEZONE and choosing a different time zone.

You can reorder and resize columns by clicking and dragging the column headers. Column customizations are reset when the EAM Dashboard is refreshed.

Filtering Requests

The EAM Dashboard features multiple filters to help find requests and identify errors.

Filtering within columns

To filter requests within a column, select the filter icon in an available column header and enter your parameters. Select Filter to set the filter, or Clear to remove filters in the column.

Menu with query fields used to filter the Created Date column.

Filtering by metadata

You can select the metadata to filter requests by using the bar above the table.

Menu of metadata available to search by, such as Requestor.

Enter your search term, select the data type from the dropdown list, and select the search icon . Requests can be filtered by:

ID Requestor Reviewer Reason Entitlement
State Approver Owner Profile Comment

Filtering by Profile and Reason Code

You can also filter by Profiles and Reason Codes by selecting the fields and choosing the profiles or codes. To remove all filters, select Clear Filters.

Filter by Profile and Filter by Reason Code fields with the available codes displayed.

Filtering by Errors

Select the button in the top right to toggle between displaying all requests, requests with errors, and requests without errors. This makes it easier to identify if a provisioning, deprovisioning, or data collection job needs to be restarted or attested. The text on the button indicates what is displayed in the table below.

The dashboard toggles between displaying all requests, requests with errors, and requests without error.

Viewing and Adding Comments

All users on the access profile can view, submit, and upload attachments to comments on requests they are assigned to. These allow request participants to communicate about the request and retain evidence for audit and compliance purposes.

Note

Comments are required when an Approver rejects a request or a Reviewer contests usage.

To view comments, select the Comment icon next to the request in the EAM Dashboard or in the Reviewer Dashboard.

Comments from an approver at the Awaiting Approval and Deprovisioning stages describing actions. 2 comments have an attachment.

Comments display the state and timestamp of the request when the comment was posted, as well as the Access Risk Management username and email of the author.

Uploading Attachments

Users can upload one attachment per comment.

  1. Select the Comment icon next to the request in the EAM Dashboard or in the Reviewer Dashboard.
  2. Enter your comment.

  3. Select Upload and choose your file.

    File requirements

    • No more than 10 MB
    • .txt, .csv, .xls, .xlsx, .xlsm, .pdf, .png, .jpg, .jpeg, .bmp, .doc., .docx, .ppt, .pptx, or .zip

  4. When you have completed your comment, select Send.