IT Admin Procedure (ITAP) for Effective Use of the Admin By Request Portal
Table of Contents
- Purpose
- Scope
- Intent
- Essential Core Knowledge
- Procedure and Guidelines
- Additional Notes and References
- Examples
- Responsibilities
- Approval
Purpose
The purpose of this IT Admin Procedure (ITAP) is to guide administrators on effectively utilizing the Admin By Request portal, which includes managing inventory, approving requests, reviewing audit logs, and utilizing advanced features such as Break Glass and PIN Codes. It also outlines the process for requesting custom sub-settings to accommodate specific unit requirements.
The objective is to provide clear instructions to ensure administrators understand their permissions, best practices, and security considerations when using the platform.
Scope
This ITAP applies to all unit administrators who have access to the Admin By Request portal. It covers the following functionalities:
- Access and management of inventory, approvals, audit logs, Break Glass, and PIN Code features.
- Procedures for requesting custom sub-settings.
Intent
The intent of this ITAP is to:
- Provide a structured procedure for administrators to effectively use the Admin By Request portal.
- Ensure consistency in how units utilize the portal's features.
- Facilitate customization through the request of tailored sub-settings.
- Promote secure and efficient management of devices and user requests within the platform.
Essential Core Knowledge
Administrators following this ITAP should possess the following foundational knowledge:
- Basic understanding of the Admin By Request platform and its functionality.
- Familiarity with Role-Based Access Control (RBAC) as implemented in Admin By Request.
- Experience with Entra ID (formerly Azure Active Directory) for managing group memberships.
- Basic IT administrative skills, including managing user access and device permissions.
Useful References:
Procedure and Guidelines
Navigating the Admin By Request Portal
The Admin By Request portal provides administrators access to critical management tools, such as inventory, approvals, and audit logs.
Inventory
In the Inventory section, administrators can:
- View details about devices within the unit, such as hardware specs, login time, and status.
- Filter devices by criteria like status or OS.
- Manage devices through advanced features like Break Glass and PIN Code.
Break Glass Feature:
- Usage: Bypass approval workflows during emergencies for immediate access.
- Risks: May introduce security vulnerabilities if improperly used.
- Best Practices: Restrict to senior admins, log usage, and document actions.
PIN Code Feature:
- Usage: Generate temporary PINs for end-users needing administrative privileges for specific tasks.
- Risks: Potential misuse if shared or not properly managed.
- Best Practices: Limit PIN validity, and regularly review issuance.
Approvals
In the Approvals section, administrators manage and approve requests for temporary privileges. Review user requests based on organizational policies and approve or deny accordingly.
Audit Log
The Audit Log allows administrators to track actions within the portal, ensuring transparency and compliance.
Steps:
- Navigate to the Audit Log.
- Use filters to locate specific actions.
- Export logs if needed for review.
Requesting Custom Sub Settings
To request custom sub-settings for your unit:
- Identify Needs: Determine the required custom configurations.
- Submit Request: Contact Platform Engineering with detailed descriptions of the settings needed.
- Approval and Implementation: Platform Engineering reviews and implements the request upon approval.
Additional Notes and References
- Regularly review inventory and approvals to ensure compliance.
- Contact Platform Engineering for assistance with the portal.
Examples
An example scenario where Break Glass is used in an emergency to resolve a critical system failure would involve bypassing the standard approval process to restore services.
Responsibilities
- Unit Administrators: Responsible for managing inventory, requests, audit logs, and Break Glass/PIN Code features.
- Platform Engineering: Responsible for supporting the administrators and implementing custom sub-settings.