For IT leaders, the work keeps piling up. In fact, in our recent study on the impact of the pandemic on IT organizations, a whopping 86% said their workload has increased. That’s part of the reason we are releasing Delegated Administration, a new tool to delegate administrative tasks via scoped, custom permissions, so you can share the workload , eliminate bottlenecks, and reduce ticket response time.
Delegated Administration allows you to create custom privileges that can be granted individually or as part of a role. It currently covers Users, Apps, and Roles, and in an upcoming release, will also support Events and Reports, and will then move to other areas of the product, such as Groups and Policies.
Here are a few ways to use Delegated Administration:
- You’re a small IT team supporting a large company
Or an IT team of one supporting 100 employees, which we’ve heard is common from many small- to mid-sized companies. In this case, it’s often prudent to ask some department heads to take on their own team’s access requests. However, typically, you would need a manager’s approval anyway, and this way, the manager can speed up the access process for their own team. It’s a win-win.
- You’ve recently been breached through a highly privileged account
This could have been a socially engineered attack (pretending to be a boss or other higher-up who needs credentials), or other means of accessing a highly privileged account, but either way it’s bad news. It also means that you can reduce the chances of a second attack of this type by limiting access to only the services your users truly need.
- Your security team is growing
Often when a security, risk, and compliance team starts growing, it means that access levels and security policies will need to be revised. The next logical step down the road is reducing risk, so fewer people have certain types of permissions. Time to get ahead of their requests to reduce risk!
- Your company is acquiring another company, and you want to keep things separated but managed by central IT
The stress of onboarding a large amount of new users can be reduced, thanks to Delegated Administration. When your new team starts, you can give super admin permissions to the primary IT person, but scope it so it’s ONLY for their users. That way, they can still handle it as if they were a second company — without granting them access to all users within your organization.
- You’re looking for a way to be proactively security-first
Maybe you’ve been hearing about the principle of least privilege and Zero Trust. After all, President Biden just signed an Executive Order that describes Zero Trust Architecture (ZTA) as allowing users “full access but only to the bare minimum they need to perform their jobs.” Earn some brownie points from your boss and audit your organization’s access by scoping permissions down to only what users truly need.
If any of these scenarios sound familiar, it’s time to start learning how to set up your OneLogin environment to take advantage of Delegated Administration. Check out the documentation and the demo video to see how it can work for you.