Organizations that use Clear Skye enable their end users to request access to systems and data through the familiar ServiceNow portal they already use daily at work. To request access, those end users don't need to know all the gnarly details that must happen and answer prompts for dozens of attributes before access is granted.
A Rules Engine for Access Requests
Request Variables automate the numerous variations of rules that identity teams need to consider when creating and updating accounts. They act as a rules engine, enforcing organizational standards and IT processes for IGA requests. For example, Request Variables determine how to define and implement the naming convention for an account and in which order rules should be orchestrated. No more first-in, first-out for critical access requests.
Request Variables enable an IGA administrator to configure conditional attributes that may be attached to a request object, and these attributes are then available throughout the request process, including any child automated activities.
Let’s take a closer look at Request Variables and the guardrails they provide for access requests through ServiceNow.
In this example, we have an “Account Create” request, and clicking into “Request Variables” and then sorting by “Set by” takes us to the variable definition.
From naming conventions to policies, you can use Request Variables to define how your data is populated. Request Variables can be used for any request type and can set any field.
In this case, with the request type Account Create, the environment is Active Directory, and it is related to a standard employee, then it will follow naming standards of first dot last name.
In the next example, you can see the Request Type and Environment remain the same, but the Account Type for vendors is treated differently.
Some Clear Skye Request Variables are pre-populated, such as default timezones, how Azure guest users are classified, and email encoding keys.
Each organization, however, has unique needs, and many custom Request Variables can be set up before the system is deployed, giving your organization the foundation it needs to streamline and securely process access requests.
Your IGA Foundation
While requesting access is straightforward to the end user, IT teams can feel confident in a solid foundation of rules for enforcing every access process that happens within the system. Some rules, like password reset policies, are enforced org-wide, while each AD domain or OU may have its own rules for certain activities and account types.
With the ability to define universal rules, Request Variables can apply to all of your existing systems. New applications also benefit from using these pre-defined rules, meaning IT need only address the deltas specific to the new application. This automation and reusability help enforce standards and maintain simplicity for users on the front end as your organization changes and grows.