Creating and Viewing EAM Requests
Before a user can be granted elevated access, a Requestor or Profile Owner must create an EAM request and select an EAM profile that defines the elevated access Requestors are granted if their request is approved.
Submitted requests can be viewed on the EAM Dashboard.
Creating an EAM Request
To create an emergency access request:
Select EMERGENCY ACCESS from the navigation menu.
Select Create New Request +.
Select an EAM profile you are marked as a Requestor or Owner for in the Profile Name dropdown list. The EAM profile defines who can approve requests and who can attest and review usage.
Choose a Requestor from the list of available requestors for the profile.
A Profile Owner can only submit EAM requests on behalf of Requestors. They cannot request access for themselves to the profile they own and manage.
Set the length of time the Requestor will have the elevated entitlements. You can set this duration up to the maximum duration defined in the EAM profile. The default is 4 hours.
Select a predefined Reason Code that best explains why this access is needed.
Name your codes clearly and provide a list of codes to your Requestors to ensure they select the correct one.
Select when the access will be granted. The date defaults to the current date and time, but you can change this to submit a request for a future date or time. For example, if a user will need access during a weekend or holiday, they can submit the request in advance while the Approver is available.
(Optional) Select a time zone from the Time Zone dropdown list to change the time zone for the request to the Requestor's local time.
In the Intention box, enter additional information explaining why the request should be approved, or how the access will be used.
Establish a policy regarding what should be entered here, such as including helpdesk ticket numbers.
Select Submit to create the request.
If the Requestor was pre-approved on the profile, the request will be automatically approved, and provisioning will occur on the selected date and time. This is displayed on the Active tab.
The request will display on the Approval tab of the EAM Dashboard and be marked as Awaiting Approval. Approvers will receive an email notification that they have an EAM request to evaluate.
Retracting EAM Requests
If the requested entitlements have not yet been provisioned, Requesters, Owners, and Administrators can retract requests by expanding the Actions menu and selecting Retract.
Retracted requests are displayed on the Completed tab of the EAM Dashboard.
Viewing Request Progress
Members of an access profile used for a request can view the request in the EAM Dashboard. As Requests move through each stage, the appropriate users on the profile are notified by email and can view the changes in the EAM Dashboard. Each tab displays a core phase of the request process:
Approval - Requests that are waiting for approval
Active - Approved requests that are scheduled to be provisioned, or are actively being provisioned or deprovisioned
Data Collection - Requests that have been deprovisioned and are waiting to extract data of how the Requestor used the entitlements
Review - Requests under review to determine if the permissions were used appropriately
Completed - Requests that have been rejected, retracted, or reviewed
The number of requests in each stage is displayed in the parentheses in the tab headers. These numbers will change if you filter requests.
Customizing Your Dashboard
Request information is by default displayed in the time zone configured in the user's browser. Users can change the time zone displayed on their personal EAM Dashboard by selecting TIMEZONE and choosing a different time zone.
You can reorder and resize columns by clicking and dragging the column headers. Column customizations are reset when the EAM Dashboard is refreshed.
The EAM Dashboard features multiple filters to help find requests and identify errors.
Filtering within columns
Filtering by metadata
You can select the metadata to filter requests by using the bar above the table.
Filtering by Profile and Reason Code
You can also filter by Profiles and Reason Codes by selecting the fields and choosing the profiles or codes. To remove all filters, select Clear Filters.
Filtering by Errors
Select the button in the top right to toggle between displaying all requests, requests with errors, and requests without errors. This makes it easier to identify if a provisioning, deprovisioning, or data collection job needs to be restarted or attested. The text on the button indicates what is displayed in the table below.
Viewing and Adding Comments
All users on the access profile can view, submit, and upload attachments to comments on requests they are assigned to. These allow request participants to communicate about the request, as well as retain information and evidence for audit and compliance purposes.
To view comments, select the Comment icon next to the request in the EAM Dashboard or in the Reviewer Dashboard. Comments display the state and timestamp of the request when the comment was posted, as well as the Access Risk Management username and email of the author.
Comments are required when an Approver rejects a request, or a Reviewer contests usage. Users can upload an attachment to retain audit information.
Attachments must be:
No more than 10 MB.
A .txt, .csv, .xls, .xlsx, .xlsm, .pdf, .png, .jpg, .jpeg, .bmp, .doc., .docx, .ppt, .pptx, or .zip file.
After completing your comment, submit Send.