Access Management
This episode describe the tasks and learning required to complete the Access Management Phase
Introduction
In this phase of the implementation, you will undertake essential steps that are vital for the successful deployment of Eramba. These tasks focus on establishing groups, managing user accounts, and configuring permissions
On the left panel, click on the "Use Case" you previously selected. Read the documentation and then complete tasks.
Risk
Required Learning:
- User Interface course
- Access Management course
In addition, complete the trainings that apply to your use case:
- Risk Management course
Implementation Tasks:
- Create a Group for the GRC Team
- Create User Accounts for GRC Team Members, assign them both the “Admin” group and the newly created GRC Team group. Ensure they are only allowed access to the “Main” portal.
- Create a Dummy Account for Testing. Assign this user to the “No Permissions” group (so it has no access for now)
- Log Out from the Admin Account
- Use Your Own Account Moving Forward
- Identify Departments that will interact with eramba in Your Organization
- Create Groups for Each Department
Remember: Any item created in Eramba (risks, controls, etc.) will always be assigned to groups, not individual user accounts.
Compliance
Required Learning:
- User Interface course
- Access Management course
In addition, complete the trainings that apply to your use case:
- Compliance Management Course
Implementation Tasks:
- Create a Group for the GRC Team
- Create User Accounts for GRC Team Members, assign them both the “Admin” group and the newly created GRC Team group. Ensure they are only allowed access to the “Main” portal.
- Create a Dummy Account for Testing. Assign this user to the “No Permissions” group (so it has no access for now)
- Log Out from the Admin Account
- Use Your Own Account Moving Forward
- Identify Departments that will interact with eramba in Your Organization
- Create Groups for Each Department
Remember: Any item created in Eramba (risks, controls, etc.) will always be assigned to groups, not individual user accounts.
Data Privacy
Required Learning:
- User Interface course
- Access Management course
In addition, complete the trainings that apply to your use case:
- Data Privacy Course
Implementation Tasks:
- Create a Group for the GRC Team
- Create User Accounts for GRC Team Members, assign them both the “Admin” group and the newly created GRC Team group. Ensure they are only allowed access to the “Main” portal.
- Create a Dummy Account for Testing. Assign this user to the “No Permissions” group (so it has no access for now)
- Log Out from the Admin Account
- Use Your Own Account Moving Forward
- Identify Departments that will interact with eramba in Your Organization
- Create Groups for Each Department
Remember: Any item created in Eramba (risks, controls, etc.) will always be assigned to groups, not individual user accounts.
Awareness
Required Learning:
- Access Management course
In addition, complete the trainings that apply to your use case:
- Awareness Programs course
Implementation Tasks:
- Create a Group for the GRC team
- Create a User Account for each member of the GRC team, ensure they are members of the "Admin" group AND whatever you call your GRC group. Make sure they are allowed the "Main" and "Awareness" portal.
- Create a Dummy Account to test functionalities, and make it a member of the "No Permissions" group for now, in terms of Portals allow the "Awareness Portal"
- Logout from the Admin account
- From now on, log in with your account instead of Admin
- Identify the Audiences for your Awareness Programs
- Create one group in eramba for each audience, these might or not be the same as the ones identified in the previous general use case.
- Assign your dummy account to each group created in the previous step, we'll use this to test your awareness programs before you put them in production. Follow Awareness Programs guidelines for the dummy account.
- Enable Awareness Portal
Online Assessments
Required Learning:
- Access Management course
In addition, complete the trainings that apply to your use case:
- User Interface course
- Online Assessment course
Implementation Tasks:
- Create a Group for the GRC team
- Create a User Account for each member of the GRC team, ensure they are members of the "Admin" group AND whatever you call your GRC group. Make sure they are allowed the "Main" and "Awareness" portal.
- Create a Dummy Account to test functionalities, and make it a member of the "No Permissions" group for now, in terms of Portals allow the "Awareness Portal"
- Logout from the Admin account
- From now on, log in with your account instead of Admin
- Enable OA Portal
- Identify Your OA Audience, determine who will be participating in Online Assessments (e.g., Vendors, Internal Departments, Business Units, etc.).
- Create a Group for Each Identified Audience (e.g., SaaS Vendors, Consulting Suppliers, Internal Risk Assessments, etc.).
- Assign Your Dummy Account to Each OA Group. This dummy account will be used for testing purposes
Account Reviews
Required Learning:
- Access Management course
In addition, complete the trainings that apply to your use case:
- User Interface course
- Online Assessment course
Implementation Tasks:
- Create a Group for the GRC team
- Create a User Account for each member of the GRC team, ensure they are members of the "Admin" group AND whatever you call your GRC group. Make sure they are allowed the "Main" and "Online Assessment" portals.
- Create a Dummy Account to test functionalities, and make it a member of the "No Permissions" group for now. Make sure the account is a member of the "Account Review" portal alone.
- Logout from the Admin account
- From now on, log in with your account instead of Admin
- Identify a system within your organization that requires account review, and designate a team responsible for conducting the review for that system.
- Create a group for the team you identified in the previous step
- Assign your dummy account to the group you created on the previous step
- Enable the Account Review Portal
Playlist
- Episode 1The Journey2 mins left
- Episode 2Phases2 mins left
- Episode 3Use Cases3 mins left
- Episode 4Installation or SaaS0 mins left
- Episode 5Access Management5 mins left
- Episode 6Customization5 mins left
- Episode 7Data Entry3 mins left
- Episode 8Reporting1 min left
- Episode 9Automation2 mins left
- Episode 10Rollout3 mins left