Skip to content

Authorization Model

This page explains how the Identity Operations Platform controls who may perform which action, on which target, and under which conditions.

It is intentionally written for customers and operators and focuses on operational principles instead of implementation internals.

Terminology

  • Operator: an authenticated person who performs actions in the platform.
  • Managed Identity: the target identity/account handled by identity operations.

Purpose

The authorization model ensures that privileged identity operations are:

  • restricted to approved operators
  • limited to the required scope
  • traceable for review and compliance
  • consistent across connected identity systems

Authentication vs Authorization

Authentication answers: "Who is the operator?"

Authorization answers: "What is this operator allowed to do right now on a managed identity?"

In Identity Operations Platform, these concerns are separated by design. A successful sign-in does not automatically grant operational privileges.

Core Authorization Principles

Least Privilege by Default

Access is granted only to the minimum set of actions required for a role. Permissions are not assumed implicitly and are evaluated per action.

Action-Based Decisions

Authorization is evaluated for concrete operations (for example view, update, lock, unlock, enable, disable, method operations). This keeps access control precise and reduces accidental over-permissioning.

Scope-Bound Access

Permissions can be constrained to specific targets and contexts, such as:

  • individual managed identities
  • groups
  • defined operational scope instead of global access

Global access is possible, but it is treated as an explicit decision.

Tenant Isolation

Authorization is enforced within tenant boundaries. Privileges in one tenant do not grant access to data or operations in another tenant.

Time-Bound Privileges

Permissions can be temporary and expire automatically. This supports just-in-time access and lowers long-term risk.

Approval and Escalation

For sensitive operations, organizations can require an approval step before execution. The model supports supervisor-based review and escalation paths for controlled exception handling.

This ensures that higher-risk actions can be governed without blocking standard operations. For the full lifecycle and state model, see Approval and Escalation Workflow.

When an Operator Is Not Authorized

If an operator is not authorized for an action, the action is blocked by default. No privileged operation is executed.

If enabled by policy, the operator can then request a temporary permission for that specific action. This request is tied to:

  • the requesting operator
  • the specific managed identity target
  • the specific action

The assigned supervisor can decide:

  1. Accept: a transitory permission is granted to the requesting operator for that exact action scope.
  2. Reject: the request is closed as Rejected and no permission is granted.
  3. Escalate: the request is forwarded to a specific supervisor selected by the currently assigned supervisor.

Transitory permissions are short-lived and purpose-bound. They are intended only for the approved action context and are removed automatically after use or expiry.

Decision-Time Evaluation

Authorization decisions are made at operation time, not only at login time. This allows the platform to consider current identity state and policy context when an action is executed.

As a result, access decisions stay aligned with live operational reality.

Auditability and Accountability

Authorization outcomes are documented as part of the operational audit trail. This enables customers to answer:

  • who performed an action
  • on which managed identity target
  • with which approval context
  • with which outcome

This supports internal governance, incident review, and compliance evidence.

Customer Guidance

To operate the model effectively, customers should:

  1. Define role responsibilities clearly before assigning privileges.
  2. Prefer scoped permissions over global permissions.
  3. Use temporary privileges for exceptional operations.
  4. Enable approval for high-impact actions.
  5. Review privilege assignments and audit evidence regularly.

Summary

The Identity Operations Platform authorization model is designed to provide controlled, context-aware, and auditable identity operations. It balances operational efficiency with strong governance and clear accountability.