Step 7. Just in time privileges
Once the discovery process has been run, the critical accounts have been detected and saved on the password vault, and the password rotation process has been defined, the next step would be to define the necessary approval process to manage the use of the critical accounts.
Using the approval process, Soffid allows you to define, step by step on the BPM Editor, the workflow for critical accounts use, and define who has to be the manager or authorized user will approve or deny to use those critical accounts.
Then, Soffid can be able to add more complex and restricted rules to the authorizations using XACML. With the XACML tool you will be able to define policy set and policies to describe general access control requirements. Also, you will be able to define some obligations as actions that have to be returned with response XACML.
Step-by-step
xxxxxxxxxxxxxxxxx
Define an approval workflow
1. FirstTo ofdefine all,and the agent must be created on Soffid. That agent could be a SQL Server agent, orconfigure an Oracleapproval agent. To create an agenteworkflow, you can visituse the nextSoffid page...BPM &&TODO&&
2. Then, youYou must access the networkBPM discoveryeditor page in he following path:
2. To add a new workflow you must click the add button (+) and Soffil will display a new window.
3. Then, you must write a process name and select the process type "Account reservation" and Soffil will display the process editor to configure the new workflow.
4. At the "Process editor" form you could config the workflow steps.
You can visit the BPM Editor book to find more information and examples about the workflows.
5. Once you havefinish accessedto configure the networkworkflow, discoveryyou page,must Soffid will display allclick the networks.
3.1."Save Hereand youPublish" canto clickbe onable to use the plus icon (+) to display the host of the network.workflow.