Managing admin consent requests in ITSM tools

This blog is tagged to the following categories:

By Bart van Manen on

Allowing end users to install any application from the internet is a security nightmare. But locking down all workstations and allowing only pre-approved software restricts productivity and imposes a huge administrative burden. How can you choose between these two evils? Who will review all those admin consent requests? How can you respond quickly when a colleague needs a new tool?

What’s in this blog?

This blog proposes a solution that eases the burden on IT teams while tracking all important information within your organization.

Why tracking application usage is key for compliance

Privacy laws like the General Data Protection Regulation (GDPR) have strict rules on handling personal data. Following these rules is crucial to avoid fines and maintain client trust.

Compliance with these laws requires extensive documentation. A key part of GDPR compliance is keeping thorough records of all personal data processed by your organization, tracking access and necessity. Documenting this takes time, but during a data breach, it allows for quick notifications and serves as proof to authorities that the breach wasn’t due to negligence.

Preparing the documentation forces you to critically review your processes and data. This is perfect preparation for when a disgruntled client uses their privacy rights to get revenge for perceived injustices. Think of the documentation as a shield against future attacks or an experienced colleague reviewing your work before publication.

Since you and your colleagues need access to personal data, you’ll always require some registration. Whether to register processes or individual applications is up to you, but consider which applications and (application) suppliers are involved to review where your data might end up. This means you’ll always need to keep a record of which applications can access what data.

When you use Microsoft Entra ID (previously Azure AD), you can set a policy for whether users can start using new applications that meet your requirements without further approval. The Entra portal allows you to configure whether users can consent to apps themselves, which permissions are OK for users to give to applications without administrator oversight, if users can request apps with additional permissions, and who can review those admin consent requests. By using these options, you can give colleagues the freedom to use tools they selected, while keeping control over your sensitive data and the applications that have access to it.

The (sensible) default is to allow user consent for a limited set of permissions. This means users can allow applications that don’t use personal data, while you control applications that require additional permissions. A nice first step to reduce requests for admin approval!

But reviewing all the remaining admin consent requests can still be a lot of work. The Entra portal has several limitations that make the process more challenging:

  • It doesn’t allow you to assign requests to a specific reviewer.
  • It doesn’t show if a colleague is already reviewing a request.
  • It doesn’t offer your organization policy as a reference.
  • It doesn’t show if a specific tool has been requested before.
  • It doesn’t tell you about past decisions.
  • It doesn’t help you communicate your conclusion to the requester.

These limitations can cause repetitive work, but you can eliminate this by using an IT service management (ITSM) tool like TOPdesk.

First, get the admin consent requests in your ITSM tool. Then, add a reviewer with a TOPdesk mail import-linked email in Entra, and set the portal to send email notifications to reviewers upon new requests. This ensures all requests are imported in TOPdesk, where you can see if a colleague is working on the request, and assign them to a specific co-worker when the request benefits their expertise.

The real magic happens when you use action sequences in TOPdesk to automatically detect and enrich admin consent requests. Automation can link the TOPdesk request to the right requester, add procedures for processing admin consent requests, and—saving the best for last here—automatically search through old requests to add their conclusions and prevent duplicate work!

With these additions, you can process admin consent requests in seconds and even publish an automatically updated list of approved applications to colleagues.

Breaking down the action sequence

Action sequences are pre-set workflows that handle repetitive tasks, reducing manual work and ensuring consistency. Here's how we use an action sequence to manage admin consent requests at TOPdesk:

Automated request detection

When a new software request comes in, an action sequence evaluates if it concerns an admin consent request using text recognition.

Assign the right requester

The action sequence uses text recognition to pull details from the request, like the application name and email address of the original requester, to update the request. This assures the request is linked to the right requester, allowing you to give them feedback.

Procedure linking

The action sequence updates the request with your internal procedures, providing guidelines for the operator reviewing the application.

Search previous requests

The action sequence uses the application name to search recent admin consent requests for questions about the same software and adds the results in the request. By adding conclusions from similar past requests, the operator can make informed decisions in seconds.

Feedback to colleagues

After the request is processed, the closure email provides feedback to the requester. This keeps everyone updated on the request's progress.

Update knowledge base

Optionally, use the approved requests to update a list of approved apps in your knowledge base. This allows colleagues to check if an application was previously approved without additional review work.

Automating admin consent requests lets your operators focus on critical tasks and tackle high-priority incidents. The TOPdesk registration serves as a record of which applications can access what data, and the automated response emails ensure prompt feedback on requests, improving the service experience for everyone.

Keeping detailed records of software use and reviewing new applications is crucial for a secure and compliant IT environment. Efficiently processing admin consent requests ensures data security while allowing colleagues to experiment with new tools to boost productivity. Action sequences in TOPdesk's ITSM software automate and streamline the review process, keeping the workload manageable and improving the end user service experience.

We hope this blog inspires you to improve your security processes. If you want to read more about how ITSM tools can help you stay on top of cybersecurity, check out our blog on how ITSM and cybersecurity work together!

Read the blog

Inspire others, share this blog

Share this blog on X
Share this blog on LinkedIn
Share this blog on Facebook

Bart van Manen

Data Protection Officer, TOPdesk

Photo of Bart van Manen
Visit the LinkedIn profile of Bart van Manen

More on this topic