This week’s guest post for the AppExchange Series has been written by Francesco Quinterno, founder of accessnow which built a Salesforce app to help emergency management…for more details jump down to this great post!
accessnow was founded by Atlanta based Francesco Quinterno and Lesley Morgan.
They’ve leveraged their experience while working for The Coca-Cola Company, Colgate-Palmolive, Warner Brothers, IBM and Coca-Cola Enterprises to build an application that enables Governance, Risk Management and Compliance on the Salesforce platform.
They can be reached at [email protected].
Our purpose as Developers, Admins, Architects is to deliver applications that improve the lives of our customers. When things go smoothly the user community is appreciative and fills us with praise. However, when things go wrong, it can be a lonely place with no praise. A place where everyone’s focus shifts to asking who and how the issue was caused. In these heated moments, it takes cool heads and swift actions to get the business “back into business.”
One of the critical tasks during an emergency is getting the right experts the right access as quickly as possible. It is not uncommon during these high pressure situations to neglect security and governance protocols and act in a non-compliant way. Sys Admins can provide super user access without any reference to an incident number or change request which is then further exacerbated when and if the access is not taken away. All the above are the ingredients for a failed audit in the months to come.
With accessnow, the premier Salesforce Emergency and Privileged Access Management application, you don’t have to compromise speed for compliance.
Meet Maggie Greene, the IT Support User: when an emergency arises, Maggie creates an accessnow request.
- a reference number (which can be an incident number or change request number from the Case, Servicenow, Remedy or any ticketing system)
- the reason for needing the elevated access
- duration of the request
- start time (immediately or scheduled in the future)
- the profile and/or role
- or permissions
- or permissions and role
- or a single role
Available roles/profiles/permissions are defined based on Maggie’s skillset and job function.
Once she’s selected everything, she saves and submits for approval.
At this point, the request is either automatically or manually approved based on configuration of who the requester is and what is being requested.
Notifications can be configured for all these stages. Requester can be notified of his request creation and approval. Approver can be notified there is a request pending approval.
On approval of the accessnow request, Maggie automatically receives elevated access to begin the troubleshooting process.
While troubleshooting, all changes to data, configuration changes and data views are captured in audit logs that are native to Salesforce.
accessnow also captures logs when users with an accessnow request use the Log In As function. Anyone viewing the audit logs will clearly see the changes to data or configuration were carried out by a person who was logged in as someone else.
In screenshot below Maggie Greene created request and used the Log in As function to log in as Darryl Dixon. While Maggie was logged in as Darryl she changed data on a case. She then logged out as Darryl and changed Data as herself.
Call Center Resource Management Use Case
During heavy call volumes you need help from other resources to answer the phones. Sys Admins shouldn’t be spending their valuable time changing profiles, permission sets, and roles for multiple people.
Call center supervisors create slots of time where help is required. Internal employees claim these slots and for every approved time slot, an accessnow request is generated and approved.
Once the request is approved the internal employee is assigned a Call Center profile for the time defined in the slot.
While working with the new profile, all activities are logged. Once the time elapses the internal employee’s Call Center profile is revoked and their original profiles are reinstated.
The application’s value is that it eliminates the dependency on Sys Admins for granting and revoking temporary Privileged Access. It allows users to urgently gain temporary access on-demand and automates the approval of the request and revoking of the privileged access. It allows auditors to access logs of activities performed while users had privileged access without having to interrogate Sys Admins. The logging is vital for SOX Internal Access Controls. accessnow allows Architects and Sys Admins to implement the Least Privilege Security Model by reducing the number of permanent Administrators required in the system. It allows organizations to close the gap on GDPR articles 17, 19, 23 and 32.
Contact us at [email protected] for more information.