LogoLogo
3.1.7
3.1.7
  • Getting Started
    • What is Cymmetri?
    • Release Notes
      • 3.0.1-Beta
      • 3.0.2-Beta
      • 3.0.3-Beta
      • 3.0.4-Beta
      • 3.0.5-Beta
      • 3.0.6-Beta
      • 3.0.7-Beta
      • 3.0.8-Beta
      • 3.0.9-Beta
      • 3.0.10-Beta
      • 3.0.11-Beta
      • 3.0.12-Beta
      • 3.1.0 - Product Release
      • 3.1.1-Beta
      • 3.1.2 - Product Release
      • 3.1.3-Beta
      • 3.1.4-Beta
      • 3.1.5-Beta
      • 3.1.6 -Beta
      • 3.1.7 - Product Release
      • 3.1.8 -Beta
      • 3.1.9-Beta
      • 3.1.10-Beta
      • 3.1.11-Beta
      • 3.1.12-Beta
      • 3.1.13-Beta
      • 3.1.15 -Beta
      • 3.1.16
      • 3.1.17
      • 3.1.18
      • 3.1.15 - Product Release
      • 3.0.x Consolidated
      • 3.1.x Consolidated
    • Starting your Cymmetri Trial
    • Admin Dashboard
    • Accessing Cymmetri
    • Supported Web Browsers
    • Cymmetri Error Codes
    • Help
    • Personalization
      • General Config
      • Admins
      • Masters in Cymmetri
      • Personalize Notification Templates
      • Tenant Branding
      • Custom Attributes
      • API Client
      • Batch Tasks
      • API Extension
    • Global Search
  • Identity Hub
    • Managing Users and Groups
      • User Management
      • User Detail
      • Create Users
      • Edit Users
      • Create Groups
      • Importing Users
      • Assigning Users to Groups
      • Delegation
        • Setting up Delegation
        • Delegating Work to Delegatee
        • Accepting Delegation
      • Suspended Users
      • Archived Users
      • All Users Session
    • Authentication
      • Identity Provider
        • Internal IDP
          • Introduction
          • Internal Identity Provider Configuration: Cymmetri
          • Internal Identity Provider Configuration: Active Directory
          • Internal Identity Provider Configuration: LDAP
        • External IDP
          • Introduction
          • External Identity Provider Configuration - Google IDP
          • External Identity Provider Configuration - Azure IDP
          • External Identity Provider Configuration - Salesforce IDP
      • Service Provider
      • Authentication Rules
      • Password Policy
      • Global Auth Policy
      • Adaptive
    • Attribute Setting
    • Password Filter
    • Logs
      • Audit Log
      • Import History
      • Scheduler History
  • Lifecycle Management
    • Application Management
      • Support for Application Management
      • Getting Started
        • Introduction to Application Management
        • Adding Applications to be managed by Cymmetri
        • Assigning Applications to End Users
        • Application Detail
        • Dynamic Forms
        • Configuring Connector Server
        • 360 Degree Recon
      • Provisioning How to
        • Cymmetri Connector List
        • Supported Provisioning Operations
        • Azure Provisioning
        • Active Directory (AD) Provisioning
        • Google Workspace Provisioning
        • LDAP Provisioning
        • Powershell Provisioning
        • REST Connector Provisioning
        • SCIM v2.0 Provisioning with Basic Authentication
        • SCIM 2.0 with Bearer Authentication
        • SCIM 2.0 with Fixed Bearer
        • Github Provisioning
        • ServiceNow Provisioning
        • AMAYA
        • HRMS
          • Darwin Box
        • Database Provisioning
        • CSV Directory (Flat-file)
        • Managing Manual Application Assignments
        • SOAP Connector (XML)
        • Integration with Service Desk Management Systems
      • Reconciliation How to
        • Configuring Reconciliation Process
      • Rules
        • Provisioning
        • Deprovisioning
    • Workflow Management
      • Workflow Configuration
      • Workflow Rules
      • Pending Workflows
      • Workflows List
    • Teams Config
    • Configuring Webhooks
    • On Demand Access
    • Form Logic
  • Single Sign On
    • Introduction
    • SSO Configuration
      • SAML 2.0 Based SSO
      • API Based SSO
      • OpenID Connect Based SSO
    • Multifactor Authentication(MFA)
      • Introduction
      • Cymmetri Authenticator
      • Push Authenticator
      • Google Authenticator
      • SMS Authenticator
      • Secret Questions
      • FIDO Authenticator
      • Admin MFA Setting
    • Passwordless
      • Introduction
      • TOTP Based
      • OTP Based
      • Consent Based
      • FIDO Based
  • My Workspace
    • Getting Started
      • Introduction
      • First Time User Registration
      • End User Login Process
      • Forgot Password & Unlock Account
      • User Settings
    • How to use the My Workspace
      • Dashboard
      • My Access
      • Inbox
      • Team
      • On Behalf
  • Privileged Access Management
    • PAM Administration
      • Introduction to Privilege Access Management (PAM)
      • How to Access PAM in Cymmetri
      • Sub-Sections of PAM
      • Steps to configure PAM Server
      • Adding a device/ server in PAM
      • Vault User
      • Vaulting Configuration
      • Break Glass Configuration
      • PAM Reports and PAM History
      • Dormancy Disable Config
    • PAM Usage
      • Assign a server to a user
      • Access the server
  • Governance
    • Compliance Management
      • IGA Policy Violations
    • Insights
      • Reports
      • Risk
      • Management Dashboards
        • CISO Dashboard
        • CRO Dashboard
      • Industry Compliance
    • Access Certification
      • Setting up and managing Access Reviews
    • Recommendation Engine
    • Role Management
      • Role Mining
      • Entitlements
      • Managing Roles in Cymmetri
    • Segregation Of Duties (SOD)
  • Self-Service App
  • Analytics
    • Cymmetri Analytics
Powered by GitBook

Cymmetri.com

On this page
  • Cymmetri - Self Service Designer
  • Enable On-Demand Access
  • Request On-Demand Access
  • Exceptional Request
  • User request process

Was this helpful?

Export as PDF
  1. Lifecycle Management

On Demand Access

Was this helpful?

Cymmetri offers the capability restrict users to requesting only specific roles or access rights. Administrators should be able to define on-demand roles that dynamically grant access based on criteria such as:

  • Function Group

  • Function

  • Department

  • Job

Users can request these roles, with each role having a dedicated approval matrix. Upon user request, the approval process will be initiated according to the configured workflow.

Additionally, any changes to a user’s attributes should automatically adjust their access if they already hold roles or permissions associated with an application, ensuring that access remains consistent with their updated profile.

Cymmetri - Self Service Designer

Cymmetri provides the option to activate on-demand access. In cases where the administrator does not enable this feature, it will operate according to default feature.

Enable On-Demand Access

Condition-based-

Request On-Demand Access

The administrator can choose either the application itself or the application with associated roles. Depending on the conditions, the user self-service page will display either the application or the application with roles.

Exceptional Request

The activation or deactivation of exception approval can be done within Cymmetri once the administrator enables this feature. The system facilitates the specification of exception-based requests through the self-service portal.

Administrators will set conditions in the backend concerning:

  • Function Group

  • Function

  • Department

  • Job

The admin will map the applications along with roles.

Users will then choose the above criteria, and based on their function, they can select applications and associated roles.

When a user requests an exception for an application, only their associated functional group will initially appear, and they cannot switch to another functional group.

For instance, if the user's functional group is "Weighbridge," the function, department, and job will be associated accordingly.

Approval for exceptions will be initiated as required.

User request process

For On-Demand Access

  1. User to select “On Demand” Request

  2. The user will be able to see the list of applications that he is eligible to request as per the logic defined

  3. The user will select the application that he wants access to and a pop-up will appear to select the role

  4. The user may select Lifetime/Time-Based access and then select the role from the drop-down.

    The drop-down will contain a list of on-demand roles as per the logic.

    Lifetime access:

    Time based access:

  5. The user shall save the request. And the approval workflow will be triggered as defined

For Exceptional Access Request

  1. User to select “Exceptional Access” from the drop-down

  2. The user will see the filters of HR attributes and based on the filters selected will get the list of applications

  3. The user will select the application that he wants access to and a pop-up will appear to select the role. The drop-down will contain a list of on-demand roles as per the logic.

    Lifetime access:

    Time-based access:

  4. The user shall save the request. And the approval workflow will be triggered as defined.

Request for Access