Temporary Sharepoint Guest & Employee Access with Indent

a year ago
Written by
Indent
@indent

“Oh no, they still have access?!”

This is a situation you want to avoid when working with third parties (contractors, vendors, etc).

We’ve seen this so many times in organizations. A contractor will be brought in for a few months to work on a project and will be given access to very sensitive resources. Their contract ends and they go their way. Months or years later someone will discover that that contractor never had their access revoked.

Situations like this make organizations wary of giving third parties Sharepoint access.

The first concern lies around persistent access. You want to be able to cut off access at the end of the engagement. Even if the third parties themselves are trustworthy, their accounts could be compromised via viruses, phishing, and social engineering, leaving your resources more vulnerable than they need to be.

It can also be hard to anticipate the exact access they’re going to need. You don’t want to let me have access to everything but manually giving access out piecemeal will slow them down.

There is a way though to put guardrails around access for third parties without slowing them down: on-demand Sharepoint access.

What Is On-Demand Access

On-demand access is an automated workflow for giving granular, auto-expiring access quickly and securely.

With Inden’t on-demand access, users are able to request access via Slack or web. The request gets routed to the correct approvers based on your security policies. The approver is then able to approve it for a specific period of time, and it triggers provisioning.

After the approved time elapses, the access gets automatically revoked. It can also be manually revoked with a single click. All that access metadata: who requested, to what, why, when they had access is all logged for later security reviews and audits.

Benefits

With Indent + Sharepoint you can:

  • Ensure your security and compliance policies are followed
    • When configuring Indent you can create rules to govern how approvals should be handled for each workflow, including requiring one or more approvers, maximum duration lengths or auto-approvals.
  • More easily comply with data privacy regulations
    • By having third parties request granular access it’s easier to comply with regulations like the GDPR which mandates companies keep EU data within the EU and can only transfer it outside the EU if the country where it is being transferred has equally rigorous data privacy protections.
  • Auto-provision and revoke access
    • Approving access is easy. Jumping through the hoops to provision it and remembering later to revoke it though is another story. By using Indent, both provisioning and revocation is handled for you, letting you stay in your flow and ensuring access doesn’t persist longer than it should.
  • Simplify gathering audit data
    • Knowing who had access to what and when is critical for good security. When this data isn’t recorded and centralized that becomes much more difficult. The automatically generated access logs in Indent takes care of this for you, and can be filtered and exported for audit purposes.

Setting It Up

To get started with Indent + Sharepoint you’ll need to create an Indent account. During set up you’ll be asked to connect Indent with your stack. Indent has a native Microsoft Azure integration. Once you install that integration, you should be ready to start granting on-demand access. For more info, check out our docs.

Getting Started

Ready to get started? You can either get a personalized demo and onboarding from our team or get started on your own.

Try Indent for free.