Skip to content

Creating and Viewing EAM Requests

Before a user can be granted elevated access, a Requestor or Profile Owner must create an EAM request and select an EAM profile that defines the elevated access Requestors are granted if their request is approved.

Submitted requests can be viewed on the EAM Dashboard.

Creating an EAM Request

To create an emergency access request:

  1. Select EMERGENCY ACCESS from the navigation menu.

  2. Select Create New Request +.

  3. Select an EAM profile you are marked as a Requestor or Owner for in the Profile Name dropdown list. The EAM profile defines who can approve requests and who can attest and review usage.

  4. Choose a Requestor from the list of available requestors for the profile.

    Note

    A Profile Owner can only submit EAM requests on behalf of Requestors. They cannot request access for themselves to the profile they own and manage.

  5. Set the length of time the Requestor will have the elevated entitlements. You can set this duration up to the maximum duration defined in the EAM profile. The default is 4 hours.

  6. Select a predefined Reason Code that best explains why this access is needed.

    Best Practice

    Name your codes clearly and provide a list of codes to your Requestors to ensure they select the correct one.

  7. Select when the access will be granted. The date defaults to the current date and time, but you can change this to submit a request for a future date or time. For example, if a user will need access during a weekend or holiday, they can submit the request in advance while the Approver is available.

  8. (Optional) Select a time zone from the Time Zone dropdown list to change the time zone for the request to the Requestor's local time.

  9. In the Intention box, enter additional information explaining why the request should be approved, or how the access will be used.

    Tip

    Establish a policy regarding what should be entered here, such as including helpdesk ticket numbers.

  10. Select Submit to create the request.

If the Requestor was pre-approved on the profile, the request will be automatically approved, and provisioning will occur on the selected date and time. This is displayed on the Active tab.

The request will display on the Approval tab of the EAM Dashboard and be marked as Awaiting Approval. Approvers will receive an email notification that they have an EAM request to evaluate.

Retracting EAM Requests

If the requested entitlements have not yet been provisioned, Requesters, Owners, and Administrators can retract requests by expanding the Actions menu and selecting Retract.

Retracted requests are displayed on the Completed tab of the EAM Dashboard.

Viewing Request Progress

Members of an access profile used for a request can view the request in the EAM Dashboard. As Requests move through each stage, the appropriate users on the profile are notified by email and can view the changes in the EAM Dashboard. Each tab displays a core phase of the request process:

Table of requests organized by their stage. The table can be filtered and actions selected.

  • Approval - Requests that are waiting for approval

  • Active - Approved requests that are scheduled to be provisioned, or are actively being provisioned or deprovisioned

  • Data Collection - Requests that have been deprovisioned and are waiting to extract data of how the Requestor used the entitlements

  • Review - Requests under review to determine if the permissions were used appropriately

  • Completed - Requests that have been rejected, retracted, or reviewed

The number of requests in each stage is displayed in the parentheses in the tab headers. These numbers will change if you filter requests.

Important

You may need to select the Refresh icon to display changes to emergency requests.

Customizing Your Dashboard

Request information is by default displayed in the time zone configured in the user's browser. Users can change the time zone displayed on their personal EAM Dashboard by selecting TIMEZONE and choosing a different time zone.

You can reorder and resize columns by clicking and dragging the column headers. Column customizations are reset when the EAM Dashboard is refreshed.

Filtering Requests

The EAM Dashboard features multiple filters to help find requests and identify errors.

Filtering within columns

To filter requests within a column, select the filter icon in an available column header and enter your parameters. Select Filter to set the filter, or Clear to remove filters in the column.

Menu with query fields used to filter the Created Date column.

Filtering by metadata

You can select the metadata to filter requests by using the bar above the table.

Menu of metadata available to search by, such as Requestor.

Enter your search term, select the data type from the dropdown list, and select the search icon . Requests can be filtered by:

ID Requestor Reviewer Reason Entitlement
State Approver Owner Profile Comment

Filtering by Profile and Reason Code

You can also filter by Profiles and Reason Codes by selecting the fields and choosing the profiles or codes. To remove all filters, select Clear Filters.

Filter by Profile and Filter by Reason Code fields with the available codes displayed.

Filtering by Errors

Select the button in the top right to toggle between displaying all requests, requests with errors, and requests without errors. This makes it easier to identify if a provisioning, deprovisioning, or data collection job needs to be restarted or attested. The text on the button indicates what is displayed in the table below.

The dashboard is toggled to display all requests, requests with errors, and requests without error.

Viewing and Adding Comments

All users on the access profile can view, submit, and upload attachments to comments on requests they are assigned to. These allow request participants to communicate about the request, as well as retain information and evidence for audit and compliance purposes.

To view comments, select the Comment icon next to the request in the EAM Dashboard or in the Reviewer Dashboard. Comments display the state and timestamp of the request when the comment was posted, as well as the Access Risk Management username and email of the author.

Comments from an approver at the Awaiting Approval and Deprovisioning stages describing actions. 2 comments have an attachment.

Comments are required when an Approver rejects a request, or a Reviewer contests usage. Users can upload an attachment to retain audit information.

Attachments must be:

  • No more than 10 MB.

  • A .txt, .csv, .xls, .xlsx, .xlsm, .pdf, .png, .jpg, .jpeg, .bmp, .doc., .docx, .ppt, .pptx, or .zip file.

After completing your comment, submit Send.