Purposes

Overview of Purposes

In JITPBAC (Just-in-Time Purpose-Based Access Control), a Purpose is a core construct used to define and manage access permissions for identities within Cloud and SaaS applications. A Purpose acts as a structured grouping of access rights, aligning them with specific tasks, responsibilities, or roles within an organization.

Purpose Lifecycle

1. Creation: A Purpose is created by defining the connections, resources required for access by an administrator.

2. Assignment: Identity owners request access to a Purpose and provide details such as the reason, expected usage period, and any extensions needed. Access requests are reviewed and approved by first-line manager, app-owners or risk-managers.

3. Provisioning: Once assigned, access is automatically provisioned at the start of the defined time window. The user can also choose to manually start and stop the purpose as per their convenience.

4. Usage: Identity owners can access resources as specified by the Purpose during the active period.

5. De-provisioning: Access is revoked automatically when the time window ends, ensuring no lingering permissions. Notifications alert identity owners of impending de-provisioning, allowing them to request extensions if permitted.

6. Revocation and Updates: Administrators can revoke access or update Purpose parameters at any time to address security risks or changing requirements.

Relevant Links:

• Create Purpose

• Edit Purpose

• Delete Purpose

• Filtering Purposes

• Create User-Purpose Access Request

• Starting & Stopping Assigned Purposes