Skip to main content

Step 7. Just in time privileges

Introduction

Once the discovery process has been run, the critical accounts have been detected and saved on the password vault, and the password rotation process has been defined, the next step would be to define the necessary approval process to manage the use of the critical accounts.

Using the approval process, Soffid allows you to define, step by step on the BPM Editor, the workflow for critical accounts use, and define who has to be the manager or authorized user will approve or deny to use those critical accounts. To define and configure the workflow you must know some information like:

  • Who or whom can start the process making a request.
  • Who or whom must to approve or deny the request.
  • If to approve from email will be available.
  • Which fields must see or fill in the users whom requests.
  • Which fields must see or fill in te users whom approve or deny.
  • How many approve levels the workflow will need.
  • And other requirements.

Then, Soffid can be able to add more complex and restricted rules to the authorizations using XACML. With the XACML tool you will be able to define policy sets and policies to describe general access control requirements. Also, you will be able to define some obligations as actions that have to be returned with response XACML. To define the policy sets and policies, you need to know some relevant information like:

  • On which resources, policy set or policies should be applied
  • On which users, set of policies or policies should be implemented.
  • The actions which will be executed
  • On which environments the policy sets or policues will be implemented.
  • The rules which will be applied.
  • And other.