Access denied events can have many triggers, from lost or stolen credentials to unassigned access rules. For incidents that are triggered by any Access denied event, you can configure your automation workflow to execute a different sequence of steps based on the cause.
Considerations for Access denied incident configuration
- Alarms or events that can be used to trigger a Access denied incident.
- Users or user groups who need to be alerted when the incident is triggered.
- Dynamic user procedures to guide the operators towards incident resolution.
- Automation workflow that responds intuitively based on real-time operator responses.
Incident trigger configuration for Access denied incidents
- From the Config Tool home page, open the Incident configuration task, and select the incident you want to configure.
- Click the Triggers page.
- Click Add event.
- Select Access denied and leave Source unspecified.
Recipient configuration for Access denied incidents
This configuration depends on your procedure to handle such events. The recipients and the subsequent series of steps are determined by the steps you want the system to perform to resolve this incident.
In this example, only the operators need to get the alert, because each cause of the Access denied event triggers another incident with its own set of recipients and procedures. In the Advanced recipient configuration, you can select Supervisors and Administrators to be recipients when the intended recipients are logged off.