Unfortunately, in most cases, access request management is manual, admin-heavy, and impossible to scale as your company grows. And of course, when companies grow, so do the number of cloud applications they use, leading to a surge in access requests that they’re not properly equipped to deal with.
So let’s explore ways of handling an increasing volume of access requests in a smarter, faster, and more scalable way.
Why is access request management an even bigger pain point for employees?
A typical user access request process has five steps:
- Request: an employee asks for access to an app or system.
- Review: the request is checked for validity and whether approval is required.
- Send for approval: if approval isn’t required, access is granted. If approval is required, the request gets routed to the appropriate person, e.g. a manager or the system/app owner.
- Approve or deny: the approver reviews the request and decides whether the user should have access.
- Provisioning: if approved, access is granted.
For a lot of companies, none of these steps are automated. And for companies with many apps and many approvers, an entirely manual access request management system is a big drain on resources. Not to mention completely unscalable.For example, a company we worked with had Slack for making access requests, and a Slack integration with Notion for processing them. Their process looked like this:
- A employee would start the request in Slack, then create a task in Notion where they’d have to specify the app they wanted access to, the reason they needed it, and when they needed it by.
- An IT support agent would have to review the task and check that the access request was valid.
- The agent would have to go to their list of apps and app owners and tag the owner in a comment asking for approval.
- If approved, the agent would have to go into the app and provision the access.
- The agent would have to let the requester know that they now had access.
This was time-consuming and prone to delays. Approvers would miss notifications because they weren’t visible enough, leading agents to have to chase them down.
Meanwhile, the lack of a pre-approved application list in the Notion task increased the likelihood of invalid requests, wasting the IT team’s time further. For example, an employee might request access to an app that wasn’t relevant to them, or that the company didn’t even have.
Manual access request management carries security risks, too. There’s more chance of an IT team sending the request to the wrong approver or provisioning access for a request that’s been denied. This can lead to employees without legitimate access rights stealing or inadvertently leaking sensitive data.
Why is access request management such a pain point for employees?
When access requests aren’t managed properly or efficiently, sure, the IT team struggle, but it’s the employees who bear the brunt. If an IT agent has to chase down an approver, it means the employee is sat twiddling their thumbs waiting to get on with potentially critical work.
And if there’s no pre-approved list of applications to select at the outset, and they ask for access to an app the company doesn’t have, they have to be wait to be told: “Sorry, we don’t have that.” And that’s a bunch more productive time wasted.
However, one of the biggest employee pain points is nothing to do with access requests being handled manually.
Employees want one place to go for the things they need. Whether it’s to request something, raise something, or find something out, they want a single, centralized platform to do it on.
However, in a lot of cases, service management is spread across different departments and different systems. Got a remuneration question? Post it in the finance or payroll channel. Got a question about sickness or bereavement? Post it in the HR chat. Need a new laptop? Raise an IT ticket. Need access? Make a Notion task.
No employee wants the confusion of contacting different teams or navigating multiple tools every time they need something. Unfortunately, in many companies, access request management only exacerbates the problem because it’s handled by a separate system, or indeed multiple separate systems, to everything else.
Is the solution an access request management tool?
Implementing an access request management system would centralize the user access request process and prevent error-prone and focus-breaking context-switching. In other words, an IT agent wouldn’t need to move between platforms and apps in order to ask for approval and grant access. The whole process, from request to provisioning, would be handled in a single tool.
Most importantly, a good access request management tool will automate the process. For example, it should automatically route requests to approvers, automatically notify them than an approval is pending, and automatically provision access if approval is given. This reduces the risk of error and data breaches.
An even better tool will offer the employee a pre-approved choice of apps to select, rather than a free text field where they can ask to access any app they fancy. Then it would automatically check whether approval is actually needed or if access can be provisioned immediately.
The problem with dedicated access request management tools
The problem with a system that only handles access requests is that it doesn’t solve one of the employee’s biggest pain points. That they don’t want an access request portal that’s separate from the other systems they have to use for requesting service.
It’s also not useful for the IT team. If all other ITSM requests are made using a different helpdesk, it means there’s no single source of truth for their data. This leads to context switching and makes ITSM reporting more complex and admin-heavy.
Is an ITSM tool a better solution for access requests?
The good thing about an ITSM tool is that it’s structured to handle all IT-related requests, including access.
This enables employees to only need to use one portal for both access and other IT requests. It also means that the IT team can manage access requests, approvals, and other IT requests on the same dashboard. This helps them keep on top of service-level agreements (SLAs) and more easily track team performance and bottlenecks across the entire ITSM environment.
There are some major potential drawbacks. The first is that employees still don’t want an ITSM tool that’s limited to IT requests. If they have a question for the finance, HR, or facilities teams, they want to ask them in the same portal.
Fortunately, some ITSM tools have become enterprise service management (ESM) tools. For example, Atlassian always positioned Jira Service Management as an ITSM helpdesk back in the day. Then they realized that non-ITSM teams were starting to use helpdesks in an ITSM-like way. As a result, Atlassian added features for business teams to Jira Service Management, such as project templates for HR, facilities, financial, and legal. As such, Jira Service Management is now regarded as an ESM tool.
There’s another, more serious potential drawback of using ITSM or ESM tools instead of dedicated tools for access requests. It typically won’t be as easy to automate the access request process. The main concern of a dedicated access management system will be automated request and approval workflows and automated user provisioning. But an ITSM or ESM helpdesk, by virtue of being a request management tool for all requests, is more concerned with centralizing, managing, and reporting on requests than on automating what happens to them.
Having our cake and eating it: automating access requests in ITSM tools
An ITSM or ESM tool is only going to be an efficient and scalable solution for access request management if you can automate the process. Many ITSM systems do come with automation capabilities, although their flexibility and efficacy vary from tool to tool.
Let’s look at the automation capabilities available in Jira Service Management.
Automating access requests with automation rules
Automated Jira request management in the native tool is achieved by writing automation rules. These rules perform actions in your service project based on triggers and conditions. So, in the context of Jira access requests, you could use them to automatically assign a request to an approver, or automatically alert an agent when an approval has been granted.
However, Jira automation isn’t for the faint of heart. Setting up automation rules is a time-consuming process and it’s easy to make mistakes. There’s also no scope for automated user provisioning because you can’t grant access to external apps in Jira Service Management without an integration. And for your access request management to be truly scalable, you really need automated user provisioning.
Automating access requests with an add-on
An identity governance add-on for your ITSM tool should offer a simpler way of automating the access request process, including the important provisioning step.
For example, Multiplier is an identity governance and access request management app for Jira Service Management. Multiplier connects to identity providers such as Okta, Azure AD, Google Workspace, and Jumpcloud to sync all your apps and roles. This allows you to present employees with a pre-approved list of apps when they make an access request. It also means that an IT agent doesn’t have to manually review and validate the request; Multiplier does it for them.
Each of your apps can have multiple roles that users can request. These can be mapped to an approval workflow so that Multiplier can automatically route requests to a manager or app owner.
Most important is Multiplier’s automated user provisioning. If a user submits a request that doesn’t require approval, the app automatically provisions access, alerts the user, and closes the ticket. If a request does require approval, Multiplier routes it to the approver and provisions access as soon as approval is granted.
In the case of more sensitive apps, Multiplier can automatically provision access for a specified duration and revoke access when that duration expires. That way, an IT agent doesn’t have to set reminders in their calendar.
Finally, Multiplier notifies the requester that they now have access and closes the ticket.
Multiplier also integrates with Slack, so users can make Slack access requests without navigating to the Jira Service Management portal. A manager or app owner can approve requests directly from Slack, triggering automated provisioning without the requester or the approver needing to leave Slack.
Conclusion
Implementing an access request management system absolutely meets the need for efficient and scalable handling of surging access requests. This is because it centralizes and automates what used to be a frustrating manual process.
BUT there’s another big pain point to consider, which is that employees want one place to go to request service. An access request management system only handles one type of request, but an ITSM tool, or better still, an ESM tool, can handle all of them. You just have to make sure that the ITSM tool you choose will automate the access request process in the same way a dedicated system would.
This is why Jira Service Management is a great option. It’s an already powerful platform for centralizing and organizing service requests. But augment it with an identity governance app like Multiplier and it becomes a super-fast, super-efficient self-service access request system. Something you’ll really need as soon as you start to grow.
Learn more about how Multiplier can enable you to manage application access requests in Jira, or try the app for free for one month.
