Delegated access

For access approval workflows, where someone with the correct competence grants access for another user to a specific system, a centralised setup is inefficient and insecure. If only the IT manager has the permission to grant access rights to people in the organisation, the IT manager needs to have the competence to decide if access should be granted or not. Illustrated with e example of the employee Tiffany that wants access to the Salesforce application portal, the IT manager has to ensure:

• That the request is valid - How do I know it's Tiffany requesting this access?

• If the request should be granted or not - I need to contact Tiffany's manager to determine if I should allow access for Tiffany!

The process can be complex and therefore error-prone due to the involvement of people and functions that don't have the information to make a fast and correct decision.

In summary, not using delegated access in identity management can result in operational inefficiencies, security risks, and limitations in adapting to evolving access needs.

The PhenixID Identity solution introduces decentralised and delegated access management rights, aiming to distribute responsibilities and access efficiently while maintaining control and security. For instance, a managerial role may include the authority to grant access to a set of applications for the employees under their responsibility.

Employees can utilise the self-service portal to request access to an application, triggering the system to notify the designated responsible person. If the request is approved, the process of granting access to the employee (which may involve creating accounts in both internal and external systems) is initiated automatically.