Completing the identity governance lifecycle for audits, YouAttest has added User Access Requests/Approvals to its portfolio of solutions for Okta customers. To where we proudly announce: YouAttest: User Access Requests/Approvals – Solved!
Enterprises are continually inundated with requests for access to application resources but lack a procedural approach to approving access. However, who should get access, who should review the request, and how should the approval get documents are often unclear.
Not only is this a procedural problem – but it’s a compliance and risk issue. These request need to be documented and the approvals, with relevant notes, need to be available for the audits.
Access approvals fall under the scope of the NIST’s Cybersecurity Framework Identity Management (SP 800-53 rev 5) and Access Control category, specifically PR.AC-2(4), “automated audit actions”. This requirement means that any enterprise should automatically audit account changes and modifications.
To meet these requirements – YouAttest introduces YouAttest Access Requests/Approval.
YouAttest has established a quantified way to manage access requests and approvals so that it adheres to industry best practices and audit guidelines. According to these best practices, access requests and approvals should always be documents, a feature standard with YouAttest Access Approval.
YouAttest Access Approval is integrated directly into the customer’s existing Okta tenants. The YouAttest SSO into the Okta tenant is simple, well-documented (SAML and OIDC supported), takes only minutes and is Okta-verified via the Okta Integration Network. Gone are the days of special connectors and months of integrations!
YouAttest Access Approval is the first part of the YouAttest Identity Governance Trilogy which also includes Escalation Triggers and Access Reviews.
Image #1: User Access Requests/Approvals is the first step in the YouAttest trilogy of IGA functionality.
Step 1: YouAttest User Access Requests/Approvals
Enterprises utilizing YouAttest User Requests/Approval can create approval workflows, which can include application approval, selected users, or selected managers. Integration of completed within minutes, existing simultaneously with existing applications. Enterprises benefit from full, transparent reporting and reminder emails. Managers will be able to start the approval process while users begin the request process.
YouAttest User Request/Approval allows an entperise to creat approval workflow, selecting:
- Application(s) to be approved
- Groups to be joined
- For individuals or groups
- By selected and multiple mangers
Enterprises are able to have, both:
- Managers start the approval process
- Users to start the approval process
Image #2: YouAttest User Access Requests/Approvals enables a user to implement process in user access changes.
Step 2: YouAttest Escalation Triggers
Through YouAttest Escalation Triggers, enterprises are notified when changes to key security permissions are detected, with a full audit trail of the system. Enterprises can better understand which groups or users they must keep an eye on. When changes are made, it triggers the business or systems owner to approve or deny the change. Each attestation has a complete record kept. This helps enterprises meet PR.AC-6, concerned with the Principle of Least Privilege (PoLP) of the NIST CSF.
Step 3: YouAttest User Access Reviews
The last component is periodic Access Reviews, NIST PR.AC-4, meeting the requirement of reviewing current access privileges regularly. The YouAttest tool allows enterprises to audit both system and business users to approve or revoke access permissions as well as delegate the responsibility of carrying out the access review. At the conclusion of the review, enterprises are provided with a report detailing their findings.
Together, the three parts meet the identity governance requirements of nearly all verticals when it comes to identity audits. For healthcare, it meets HIPAA and HITRUST requirements. Financial institutions can meet PCI-DSS and FFIEC. It meets cloud SOC requirements and public SOX requirements. Lastly, it follows industry best practices outlined in the NIST CSF and ISO 27001.
By choosing YouAttest for identity governance, enterprises can provide complete, compliant audit trails and are ready to go within minutes.
—
YouAttest is the only cloud-based IGA platform that deploys in minutes via application SSO to platforms like Okta. YouAttest demonstrated how YouAttest can address privilege escalation via escalation triggers and workflow request and approvals as detail in the YouAttest next webinar: “YouAttest and Access Approval”. Or register at Oktane21 and see us there.
