Set Up Policy Guardrails – Apporetum

Set up policy guardrails

Reduce human error and make it easy for your people to comply with your security policies.

Define guardrails

When you configure a role in Apporetum, you define the guardrails that will limit who can be provisioned with the role and for how long.

All applications and roles will have their own requirements, which can be simple or complex. But, if you get the system to enforce them, then everything else becomes easy.

Build in compliance with your IT Security Policy.

Apporetum makes it easy for your people to comply with your IT Security Policy. When you configure a role in Apporetum, you can set up the guardrails that force compliance – making it easy for your people to comply and preventing human error.

With Apporetum you can

Set who can be given a role

Choose who in your organisation can be provisioned a role, including your external partners.

Set start and end dates

Allocate timebound access to any user.

Set friendly names for roles

You can configure user friendly names and descriptions for roles so the access administrator can be sure they are provisioning users to the correct role.

Flag a role as sensitive

Let the service desk know this role needs them to double-check or triple-check their work.

Require an additional approval of a role

If you require the approval of a role assignment, Apporetum supports this workflow.

Show warning messages

Granting a role may have other implications (such as triggering licensing costs in an application). Set custom warning messages to appear when granting roles, to avoid running into issues.

Frequently asked questions

Find answers to commonly asked questions about Apporetum Access Manager

With Apporetum you can limit which users can be provisioned which role based on the organisation they belong to. Some roles may only be available to internal staff, others may be available to only managed service providers, and others might be anyone. Of course, you can have any combination as well.

With Apporetum, you can set the maximum duration an entitlement is provisioned before it needs to be revalidated. If this period is reached without revalidation, it will be automatically removed.

Users will not lose their entitlements if the guardrail is changed and they no longer satisfy the conditions. They will, however, be flagged for review through a reconciliation process. This way organisations can introduce rules without affecting access if they are not sure how many existing users may be impacted by the change.

Remove the complexity of granting and removing access to your applications.

Add user access to any application with a single click.

Learn more