Identity Panel supports configurable comment requirements for specific user actions, allowing organizations to enforce documentation and accountability in their governance workflows. This capability is particularly useful in scenarios such as access reviews, entitlement changes, and policy exceptions.
Action-Level Comment Enforcement
Within Identity Panel’s Request Policies and Activity Policies, administrators can configure actions to require reviewer comments. These settings ensure that when a user performs a sensitive or regulated action — such as approving elevated access or modifying an entitlement — they must provide a justification. This helps meet internal audit, compliance, and accountability standards.
Key features include:
-
Per-action configuration: Comments can be required only for specific actions, such as “Approve,” “Reject,” or “Delegate.”
-
Custom Justification Forms: These forms can be linked to request policies, enabling structured comment collection, such as selecting a reason from a dropdown or entering free text.
-
Auditable evidence: Comments entered during these actions are logged and retained per the organization’s data retention policy, supporting both internal reviews and external audits.
Configurable per UER
This behavior is configurable on a per UER (User Entitlement Record) basis. The system supports defining policies that apply only to certain users, roles, or entitlement types. For example, you might require comments only when access is granted to high-risk applications or for temporary roles.
Configuration is managed through:
-
Audience Rules that define which users or entitlements the policy applies to.
-
Request Lifecycle Settings that control when a comment is required during the review process.
-
Justification Form assignment in the Request Policy for specific UERs.
This flexibility ensures that organizations can tailor requirements based on sensitivity and risk, without burdening lower-risk activities with unnecessary overhead.
Comments
0 comments
Article is closed for comments.