Identity Governance Blog

What Trick or Treating Teaches Us About Requesting and Granting Access

By Andrew Silberman, Product Marketing Director at Omada

November 10, 2022

How is requesting access similar to trick or treating?

Trick or treating traces its roots back to Scotland and Ireland, where young people would take part in a tradition called ‘guising’ where they would dress up in costumes, sing songs, recite poems or tell a joke before being given a ‘treat.’ While the trick ‘before’ treat has since been replaced with trick ‘or’ treat, the concept remains the same, where kids go from house to house knocking on doors in costumes and will receive candy. Trick or treaters are a smart bunch, they are typically able to quickly discern what houses have the goods, and which houses give out dental floss. They then will know where to go to get what they really want and skip over houses that do not. In the business world, unfortunately for many organizations, members of their workforces waste lots of time going from metaphorical house to house in trying to find the proper place to request access to a litany of business resources, wasting a lot of time in the meantime.

Some businesses will use disparate applications for requesting access to different categories of resources like having one place to go where people request office equipment, another for software, others for location-specific items, and on and on. This can result in a massive time suck where people must hop from system to system before they finally find the right place to request access to whatever it is they seek. From a security standpoint, it can be even more challenging to ensure that these requests are tracked, monitored, and do not raise a conflict with any prior access or policy. It is clear that businesses need a way to both provide a unified platform for all members of the workforce to request access to the litany of business resources available to them, and make sure those requests are tracked, logged, and checked against preexisting policies.


Access request management service

Typically, IT Service Management (ITSM) platforms provide a single interface where employees, contractors, third parties, and more can request access to all business resources, like laptops, applications, infrastructure, data sets, password resets, and more. ITSM tools also help to ensure that the requests are routed directly to the appropriate line of business (LoB) or application owners where they can review the requests and grant access. The users are then notified of their successful request and can go on as they please.

Identity governance and administration (IGA) solutions also can be used as a centralized platform where people can send access requests to business applications and data. IGA solutions have a solid role to play in this, as they can ensure that proper access is provisioned upon a successful request, access can be reviewed and certified on a regular basis, and separation of duty (SoD) policies can be checked to ensure that access that is granted does not conflict with any preexisting policy so that compliance is maintained. However, IGA and ITSM still create a ‘trick or treat’ conundrum where it still may cause confusion as to where people need to go to request access to what. However, by taking a better together approach, IGA and ITSM solutions can solve this problem and streamline efficiency for all business users and administrators.


Integrating Identity Governance with IT Service Management

Together, IGA can provision access automatically to new ITSM accounts, update existing accounts, or disable accounts whenever someone leaves. This follows the ‘hire to retire’ mindset that is necessary to maintain strong identity lifecycle management. ITSM can help by routing all requests and questions to the right people, further simplifying interactions as people need access across an increasingly spread-out IT landscape and across multiple departments. ITSM can also enable people with self-service workflows like easily requesting a new laptop, requesting access to new SaaS applications, and anything in between. These requests are tracked within IGA to make sure that any time someone is granted access to a business resource that it is shown who granted the access, for what reason, for how long, and checks that access against existing SoD policies. This way, administrators can also provide end users with a single place where they can go to request access and track those requests while remaining confident that access is within the bounds of organizational policy and control. In some sense, this is the best of both worlds, chocolate and peanut butter combined, where people can easily request access to everything they need, administrators can quickly review those requests, and security and compliance are maintained.

Think of it as if you were a young trick or treater. If you knew there was one house that had all your favorites at it, you would not need to waste time going from door to door when behind some of those doors only lie raisins or the aforementioned dental floss. Going straight to the source is the best use of everybody’s time and ensures an optimal outcome.

If you are curious for more on how IGA and ITSM help businesses maintain fluidity while enforcing strong security and compliance, be sure to check out our webinar where we discuss the strategic importance of integrating Identity Governance with IT Service Management.

Let's Get

Let us show you how Omada can enable your business.