Elevated Access

IdentityIQ has the capability of protecting sensitive access with the Elevated Access feature. Administrators, application owners, or entitlement owners can classify specific roles or entitlements as having elevated access.

Classifying a role or entitlement as allowing elevated access provides clear visibility to users when they request, certify, or approve the role or entitlement. When a role or an entitlement has elevated access, it is displayed with a badge (a check mark inside a shield icon) to alert the user to the elevated access status. This helps ensure that the item is treated with appropriate care.

A property on these items makes it possible to include them in reports, to facilitate auditing and to help identify high risk areas. Audit activities can focus on this access by leveraging these reports.

You can create workflows to handle elevated access items, by incorporating the "iiqElevatedAccess" property from a role or entitlement.

Role Configuration

  1. To add the elevated access flag to roles, navigate to Setup > Roles. Once at the Role Management screen, find the appropriate role that needs Elevated Access.

  2. Scroll to the bottom of the Role Information and click Edit Role.

  3. Select Elevated Access.

  4. Click Submit.

Entitlement Configuration

  1. To add the elevated access flag to entitlements, navigate to Applications > Entitlement Catalog. Once at the Entitlement Catalog screen, select the appropriate entitlement.

  2. Select Elevated Access.

  3. Click Save.

The following are locations where a user can see or edit elevated access:

  • Manage User Access

  • Access Reviews

  • Targeted Certification: Additional Settings

  • Identity Warehouse

  • Identity Details

  • Entitlement Catalog – Advanced Search

  • Role Editor

  • Entitlement Details Dialog

  • Role Details Dialog

  • Work Items

  • Role Search Criteria

  • Reports

  • Match List