Phone Number +1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

Approval Workflows and Notifications for Busy People

mm

Written by Sara Shuman

August 31st, 2021

Maybe it’s happened to you.

You deleted a service account because it didn’t seem like any processes were tied to it.

And then something broke.

Privilege management mistakes happen—but they don’t have to.

Setting up an end-to-end workflow for privileged account governance decreases the risk of mistakenly pulling the plug on an important process. The risk of service account sprawl and standing access also decreases.

With a privilege governance process in place, all service accounts are vetted at the time of provisioning, and approvals are required ahead of any changes.

No other PAM solution provides full control over the lifecycle of service accounts

Thycotic’s Account Lifecycle Manager helps you govern all types of service accounts, those non-human privileged accounts linked to critical resources such as databases and applications. In addition to on-prem systems, you can govern cloud-based service accounts such as AWS and Azure, and service accounts used within the DevOps workflow. Whether you have hundreds or hundreds of thousands of service accounts, Account Lifecycle Manager is built to grow with you. No other PAM solution provides full control over the lifecycle of service accounts.

In the latest release of Account Lifecycle Manager, we’ve focused on improvements to the user experience so that service account request, approval, and notification processes are as straightforward and frictionless as possible.

Get rid of the approval bottlenecks

Complex security requirements hinder productivity, one of the top concerns identified in our recent global survey of CISOs.

To keep service account governance running smoothly, you need a system to efficiently manage approval processes. Without a structured approval flow, work stops until a gatekeeper provides their input. You may slowly lose track of what’s done and what still needs to be done.

The ability to create workflows has been built into Account Lifecycle Manager from the start. Now, you’ll find a number of out-of-the-box workflow templates for different users and groups so you don’t have to design your own templates unless you want to. So, if designing your own is your thing, that’s great too. We’ve made it easier to configure custom workflows to fit any organizational structure and process.

For example, to request a new AD service account be provisioned, a requester selects the workflow template applicable to the type of service account being requested, provides the information required by that workflow template, and submits the request. The template might specify that the account should expire in one year or require renewal after six months. From there, the request must pass through each of the approval steps specified by the workflow template.

Make sure important notifications don’t slip by

We know what it’s like to be besieged by emails, Slack messages, SIEM alerts, and more. It’s pretty easy to miss an important notification that requires your attention.

We’ve improved the notification process in Account Lifecycle Manager so you—and your users—stay on top of important service account-related information.

Requestors receive notifications on the status of their request as it progresses through the approval process and ultimately receives or is denied approval. Subsequent notifications are timed, based on the lifecycle of the account. If, for example, an account requires renewal at six months, the account owner would receive a notification in advance of the six-month mark. The account owner then has the option to approve or deny account renewal.

Consistency for confidence and compliance

The hallmark of strong governance is consistency.

With Account Lifecycle Manager’s templates, you can create universal rules and policies, so everyone understands what’s needed to approve a request. Recipients know exactly what action is required and can easily see the information they require to make an approval decision. This gives them confidence in providing approvals and rejections and ensures you have central privilege management policies that stand up to the scrutiny of an auditor.

Check out the latest version of Account Lifecycle Manager with a free 30-day trial.

Account Lifecycle Manager

Account Lifecycle Manager

Eliminate risky service account sprawl with end-to-end access governance.

 

Like this post?

Get our top blog posts delivered to your inbox once a month.

SHARE THIS