To meet compliance and governance standards, organizations must restrict high-risk administrative actions—such as deleting identity data—to tightly controlled processes. Access Panel supports this need with a built-in “break glass” approach for managing sensitive roles.
Note: At the time of writing, version 7.5 has not yet been released. The recovery account policy feature described below is part of the upcoming 7.5 release and is subject to change.
Built-in Recovery Account Policy
Access Panel version 7.5 introduces a recovery account policy designed to enforce separation of duties and emergency access controls. This ensures that any Identity Governance and Administration (IGA) role with the capability to delete identity or entitlement data is restricted from routine access:
-
Privileged roles remain inactive under normal conditions.
-
Access is granted only through a Just-in-Time (JIT) access request.
-
JIT requests follow strict rules, including approval workflows, access expiration, and auto-revocation.
This process establishes a defensible audit trail and minimizes the risk of accidental or unauthorized data deletion.
How the Process Works
Organizations configure a Just-in-Time Policy within Access Panel to manage break glass access:
-
Scope: Define high-risk admin roles subject to control.
-
Policy Settings: Enforce justification, multi-step approvals, and time-bound access.
-
Monitoring: Use the Activation Dashboard to track and report on all elevated access events.
Separation of Duty Policies help prevent conflicting role activations, while Attestation Campaigns allow scheduled entitlement reviews.
Comments
0 comments
Article is closed for comments.