IBM Security Verify

 By Nishant Sinha and Saurabh Agarwal

The answer to this question is an emphatic ‘YES’. This has been one of the most sought after features from the user community, as the enterprise admins do not want the end users to even be able to raise an access request for Entitlements, that have a high risk associated with it. 

This feature was first made available in IGI V5.2.4, though, we have used IGI V5.2.5, the latest available version. 

This feature can be configured by the IGI administrator for an User Access Change or  an Admin Access Change, GEN type of activity, in the Process Designer module (in IGI Administration Console).  

The steps to configure this are as follows (to be performed by IGI administrator): 

1. log-in to the IGI Administration Console. 
2. launch the Process Designer module. 
3. Select the Activity for which the Risk Response needs to be configured. 
4. Open the configuration of that activity, and move to the Required Data tab. 
5. Select an appropriate response for each type of Risk, as shown in “Image 1 – Defining Risk Response” 

As can be seen in Image 1 above, there are 3 different options that can be configured, corresponding to a Risk type: 

• A request can be blocked and the requested Entitlement removed from the shopping cart. 
• A warning is displayed and the Request can still be continued with. 
• The risk flag starts blinking to indicate a change in the Risk Status. 

 

An end user, when raising an Access Request (for self or for others), via Request Center module of IGI Service Center, will be notified about the associated Risk. Depending upon the Risk configuration his request can be blocked (i.e. is not submitted for further approvals in the workflow), as shown in Image 2 or submitted with an additional notification that the request will be submitted for additional checks, as shown in Image 3, below.  

Image 2: High Risk Situation 

Image 3: Medium Risk situation