Hitachi ID Facebook Page

Hitachi ID Twitter Page

Find us on Google+

Request Membership

The requester is the user who asked to join a group.
The authorizer is the group's owner.
The change is a new group membership in Active Directory.
The reason is that the user wishes to access the selected resource.

Watch a Movie

Windows access denied dialog leading to group membership request

Content:

A user is guided through the access request process.
The video starts with the user encountering a Windows "Access Denied" error dialog.
The user is guided to a request to for membership in the appropriate Active Directory security group.

Key concepts:

Users frequently need access to new shares, folders, etc. but they don't understand access control lists (ACLs) or security groups.
To attain high user adoption for self-service security entitlement management, it is important to implement a system which allows for this gap in users' knowledge.

Authorization of a request for security group membership

Content:

A request for group membership is routed to the group's owner for approval.

Key concepts:

The default authorizers for changes to membership in a group are the group's owner(s) on Active Directory.
Customer-specific business logic can route requests to other or additional users for approval.
Approval by N of M people, reminders, escalation and delegation are all built-in.

Request approved, user can access the folder

Content:

The user signs out, signs back in and can access the folder which previously caused an "Access Denied" error.

Key concepts:

On Windows, changes to a user's group memberships only take effect when the user signs into his PC.
This means that after the user was added to the group in question, he must sign off and sign back on before he can access the protected share, folder, etc.