Transcription
AHS Identity & Access ManagementI/Request User GuideAHS IAM I/Request Access ProcessUser GuideEffective September 2019, please use the AHS Identity & Access Management (AHS IAM) systemto request access to the new I/Request system. Please do not use the former access request process.Topics in this User GuidePrerequisite AHS IAM Security Profile . 2AHS IAM Terms & Definitions . 2Understand I/Request Access Processes. 3Remote Access for I/Request End-Users . 4Log into AHS IAM Remotely . 5Request I/Request . 10Approve Request for I/Request . 26I/Request Provisioning Administrator – Process an I/Request Work Request . 33Pick up I/Request Access Credentials . 36Resubmit a Denied or Cancelled Request . 37Modify I/Request Access. 43Remove I/Request Access . 49User Guide screen data are fictitiousVersion July 2019Page 1 of 54
AHS Identity & Access ManagementI/Request User GuidePrerequisite AHS IAM Security ProfileTo use the AHS Identity & Access Management (AHS IAM) system, you must have completed yourAHS IAM Security Profile. If you have not created your Security Profile, please use the AHS IAMSecurity Profile User Guide available on the AHS IAM Support Page underLearning.AHS IAM Terms & DefinitionsThese may or may not be the same as your organization’s definitions.AHS EmployeeA person on-boarded and paid through AHS Human Resources e-People.AHS Non-EmployeeA person not on-boarded or paid through AHS Human Resources e-People.Community End-UserA person who works for a privately owned health delivery facility. Examples:physician, pharmacist, dentist, chiropractor.Combination End-UserA person who is more than one of the above types.I/Request Authorized ApproverA person who provides approval of an I/Request access request in AHS IAM.For I/Request internal facilities the approver must have the correct Delegation ofHuman Resources Authority (DOHRA).Have an AHS DOHRA of 1 to 12ORHave a Covenant Health DOHRA of 1 to 6For I/Request external facilities, the approver must be given the role of I/RequestAuthorized Approver for specified external facilities. They are granted that role by aSeniors Health I/Request Authorized Approver Admin and then only for certain externalfacilities.I/Request Provisioning AdministratorA person who performs final processing steps for all I/Request access requests madein AHS IAM. This role is in effect short-term: from June 2019 until further notice.User Guide screen data are fictitiousVersion July 2019Page 2 of 54
AHS Identity & Access ManagementI/Request User GuideUnderstand I/Request Access ProcessesUsing AHS IAM to request access to the I/Request system is easy enough. But there are a few rulesyou should be aware of.Please remember that AHS IAM may define employee, non-employee and community staff personsdifferently than your organization does. Refer to AHS IAM Terms and Definitions and use thehyperlinks on the terms below as needed.All I/Request access requests are subject to final processing by the I/Request ProvisioningAdministrator until further notice.Who can submitrequests in AHS IAM?Employee RequesterAt what type ofI/Request facility –internal or external?InternalFor what type of enduser?Who can approverequests?AHS DOHRA /Covenant HealthDOHRANon-EmployeeRequesterExternalAHS EmployeeI/Request AuthorizedApprover for that facilityCommunity RequesterExternalAHS Non-EmployeeI/Request AuthorizedApprover for that facilityCombination RequesterInternal and ExternalCommunity End-UserAHS DOHRA /Covenant HealthDOHRACombination End-UserorI/Request AuthorizedApprover for that facilityUser Guide screen data are fictitiousVersion July 2019Page 3 of 54
AHS Identity & Access ManagementI/Request User GuideRemote Access for I/Request End-UsersSecurID TokensIf you or an end-user need to access the I/Request system from outside an AHS facility, a SecurIDtoken will be needed to provide a second form of authentication at login. This is called Two-FactorAuthentication. You will be able to request remote access to I/Request when completing the I/Requestaccess request process in AHS IAM.The SecurID token can be a hardware device that looks similar to thisapplication that runs on your smartphone with an icon similar to thisor a software.When you are issued either type of SecurID token you will be required to create a 4 digit personalidentification number (PIN). The token generates a number that changes every 60 seconds. Use yourPIN and the digits displayed at the time of login to authenticate your identity.If you need to return your hard token, use a bubble envelope and this mailing address:AHS IT Remote AccessCN Tower, 18th Floor10004 - 104 Avenue, NWEdmonton, Alberta T5J 0K1User Guide screen data are fictitiousVersion July 2019Page 4 of 54
AHS Identity & Access ManagementI/Request User GuideLog into AHS IAM RemotelyAccessing AHS IAM from outside an AHS facility will require remote access permission and a SecurIDtoken. Your I/Request Authorized Approver can request these for you in AHS IAM using the RemoteUser Network Access (RUNA) process.ENTER the AHS IAM URL into your internet web browserThe AHS Citrix Gateway login screen appearshttps://iam.albertahealthservices.caENTER your UsernameTool Tip – this is your AHS Network UserId or your AHS IAM UsernameENTER your PasscodeIf using a hard SecurID token, enter your 4-digit PIN followed by the 6 numbers displayed on theSecurID token into the Passcode fieldIf using a soft SecurID token, enter the 8 numbers displayed in the app windowIf needed, see Tool Tips for Soft Tokens on the following pagesUser Guide screen data are fictitiousVersion July 2019Page 5 of 54
AHS Identity & Access ManagementI/Request User GuideCLICK LogonThe AHS IAM Login screen appearsENTER your Username and PasswordCLICKLog inThe AHS IAMHome screen appearsUser Guide screen data are fictitiousVersion July 2019Page 6 of 54
AHS Identity & Access ManagementI/Request User GuideTool Tips for soft SecurID tokensA soft SecurID token is an application that runs on your Smartphone.These are tool tips for common functions. Additional help is available within the application or bycontacting your local AHS IT Service Desk.Generate a passcodeTAP the RSA app iconThe Enter PIN screen appearsTAP ? for help text (not shown)ENTER your 4-digit PINTAP the blue arrow buttonThe Tokencode screen appears with an 8 digit passcode displayed. This number changesevery 60 seconds.To advance to the next passcodeTAP A different 8-digit passcode will displayTo copy and paste the passcode to an application on your deviceTAPPASTE the code into the target application’s Passcode fieldUser Guide screen data are fictitiousVersion July 2019Page 7 of 54
AHS Identity & Access ManagementI/Request User GuideSee a list of soft tokens and settingsAt the Tokencode screenTAPThe My Tokens screen appearsTAP ? for help text (not shown)TAPA menu displays.EXECUTE an action or CANCELTAP Edit to delete a tokenTAP to Scan QR Code or Enter LInkTAP Done to return to the Enter PIN screenUser Guide screen data are fictitiousVersion July 2019Page 8 of 54
AHS Identity & Access ManagementI/Request User GuideDiscover soft token InformationAt the Tokencode screen, TAPThe Information screen for that token appears with application and token informationdisplayed, including: Version, Serial Number, Expiration Date, etc.TAP ? for help text (not shown)TAP Done to return to the Enter PIN screenUser Guide screen data are fictitiousVersion July 2019Page 9 of 54
AHS Identity & Access ManagementI/Request User GuideRequest I/RequestFurther information about this process is available at: Understanding I/Request AccessProcesses.ENTER the AHS IAM URL into your internet web browserThe AHS IAM Login screen appearshttps://iam.albertahealthservices.caENTER your Username and PasswordCLICKLog inThe AHS IAMHome screen appearsUser Guide screen data are fictitiousVersion July 2019Page 10 of 54
AHS Identity & Access ManagementI/Request User GuideCLICK Request or Modify AccessThe Request Access screen appears withExisting User selectedYou can create a request for Myself, Existing User (default) or a New User. Directions follow.User Guide screen data are fictitiousVersion July 2019Page 11 of 54
AHS Identity & Access ManagementI/Request User GuideRequest I/Request for MyselfIf the request is for yourselfCLICKMyselfThe Request Access screen refreshes. Your information appears in the Selected User ForRequest paneUnder Available Entitlements, at I/Request, CLICK Request AccessThe screen refreshes and the Selected Entitlements pane appears at the bottom of the screenwith I/Request displayedUser Guide screen data are fictitiousVersion July 2019Page 12 of 54
AHS Identity & Access ManagementI/Request User GuideCLICK NextThe Complete Access Request screen appearsSKIP to Complete Access Request Screen instructionsUser Guide screen data are fictitiousVersion July 2019Page 13 of 54
AHS Identity & Access ManagementI/Request User GuideRequest I/Request Access for an Existing UserIf the request is for an existing end-userCLICKExisting UserThe User Search screen pane appearsSEARCH for the existing end-user using the simple or Advanced Search functionsUser Search Results appearSELECT the end-userThe Request Access screen refreshes with the end-user’s details displayed in the SelectedUser For Request paneUser Guide screen data are fictitiousVersion July 2019Page 14 of 54
AHS Identity & Access ManagementI/Request User GuideUnder Available Entitlements, at I/Request, CLICK Request AccessThe screen refreshes and the Selected Entitlements pane appears at the bottom of the screenwith I/Request displayedCLICK NextThe Complete Access Request screen appearsSKIP to Complete Access Request Screen instructionsUser Guide screen data are fictitiousVersion July 2019Page 15 of 54
AHS Identity & Access ManagementI/Request User GuideRequest I/Request for a New UserIf the request is for a new end-userTool Tip: Always search for the end-user to check if they have a pre-existingrecord in AHS IAM.CLICKNew UserThe User Search screen refreshes to include data entry fields for the new end-userENTER the new end-user’s informationCLICK Create New UserThe Request Access screen appears with the new end-user’s name displayed at the top andAvailable Entitlements listed below.User Guide screen data are fictitiousVersion July 2019Page 16 of 54
AHS Identity & Access ManagementI/Request User GuideUnder Available Entitlements, at I/Request, CLICK Request AccessThe screen refreshes and the Selected Entitlements pane appears at the bottom of the screenwith I/Request displayedCLICK NextThe Complete Access Request screen appearsSince this is both a New User and an I/Request access request, AHS IAM will automaticallypresent the new user’s Network Access Request (NAR) portion first and the I/Request accessrequest portion next. If the new end-user also requires remote access to I/Request, you canindicate that in the I/Request portion of the Complete Access Request screen.CONTINUE to Complete Access Request Screen instructionsUser Guide screen data are fictitiousVersion July 2019Page 17 of 54
AHS Identity & Access ManagementI/Request User GuideComplete Access Request ScreenIf theNetwork Access Request (NAR) pane is displayed, COMPLETE this pane, the end-userrequired AHS Network Access.See theTool Tips for the Network Access (NAR) paneCOMPLETE theSee theI/Request pane.Tool Tips for the I/Request paneIf the Remote User Network Access (RUNA) pane is displayed, COMPLETE this pane, the end-userrequires remote access to I/Request with a SecurID token.See theTool Tips for the Remote User Network Access (RUNA) paneTool Tips for the Network Access Request (NAR) paneCOMPLETE all mandatory * fields and as many optional fields as possible.READ the on-screen information and field tips.At User InformationENTER a Middle Initial OR CHECK No Middle NameAt User Type and CategoryCHOOSE the new end-user’s AHS Zone from the drop down listCHOOSE the new end-user’s Sub-categoryUser Guide screen data are fictitiousVersion July 2019Page 18 of 54
AHS Identity & Access ManagementI/Request User GuideACCEPT or CHANGE Sunset DateWhen you choose a User Sub-category, a Sunset Date of one year will automatically appearIf needed, CHECK Modify Sunset Date to modify the Sunset Date to less than one yearAt EmailIf the new end-user requires an AHS email account, CHECK Create Email AccountIf the new end-user [also] wants to use an external email address, ENTER it in External Email AddressAt Company / LocationCHOOSE the new end-user’s Company from the drop down listAt Additional InformationCHECK I verify that the Information & Privacy and IT Security & Compliance education and traininghave been completed.At Select Approving ManagerFurther information about approvers is available at: Understanding I/Request AccessProcesses.User Guide screen data are fictitiousVersion July 2019Page 19 of 54
AHS Identity & Access ManagementI/Request User GuideENTER the name of the Approving ManagerCLICK SearchUser Search Results will appearCLICK Select beside the correct Approving ManagerWhen you submit the request, the Approving Manager you identify will be notified in two ways.They will receive an automated message from “Identity Management Services” notifying them arequest requires their approval. When they log into AHS IAM, they will see the pending requestin their Approvals queue.They have 10 business days to process the request before it will be returned to you to resubmitor choose another Approving Manager. You will receive an automated message from “IdentityManagement Services” if the request is returned to you.Once the Approving Manager has approved the request, it will be automatically sent to theI/Request Provisioning Administrator to perform final processing.At User to Receive CredentialsThe Requester is the default recipient of the new end-user’s access credentials.If the end-user has an internal AHS email address, their access credentials will be emaileddirectly to them.To change the credential recipient, CLICK Change Selected UserSEARCH for and SELECT a different credential recipientUser Guide screen data are fictitiousVersion July 2019Page 20 of 54
AHS Identity & Access ManagementI/Request User GuideTool Tips for the I/Request paneCOMPLETE all mandatory * fields and as many optional fields as possible.READ the on-screen information and field tipsAt Remote Access RequiredIf the end-user needs to access I/Request outside an AHS facility, CHECK Remote Access Required.If checked, theRemote User Network Access (RUNA) pane will appear. Seefor Remote User Network Access (RUNA) pane.Tool TipsAt I/Request LocationsFurther information about facilities is available at: Understanding I/Request AccessProcesses.CHOOSE one or more facilities for the end-userFor each I/Request location selected, a Sunset Date for the access must be identified.You can accept the default of one year or change to a date less than one year.You must select a default location.If presented with Select Manager for Approval, SEARCH for and SELECT an Approving ManagerUser Guide screen data are fictitiousVersion July 2019Page 21 of 54
AHS Identity & Access ManagementI/Request User GuideTool Tips for the Remote User Network Access (RUNA) paneMore information about remote access and SecurID tokens is available in this guide at: Login toAHS IAM Remotely.RUNA Request TypeExistingSelect this if the staff member has a token on hand (this is for staff who aremoving between community facilities, AHS staff do not need to submit a newRUNA if they move locations, their remote access remains in place for the termof their employment and is available province-wide).NewSelect this for a new token to be sent.TransferSelect this if you have an unassigned and unexpired hardware token on hand– check the back of the token for an expiration date.At Access InformationIf you are choosing a hard token, COMPLETE the delivery address information.If you are choosing a soft token for your smart phone, identify the operating system and provide yourpersonal email address. Instructions for setting up the soft token will be sent to that device.VERIFY that you have read and agree to the RUNA Soft Token prerequisites.At Additional InformationVERIFY that the end-user has read and agrees to the Alberta Health Services Strong AuthenticationDevice User Policy.Option – Save Request as DraftYou can, at any time, save an in-progress request as a Draft. You can complete it later without losingany of the information already entered. You can also change any of the entered information when youresume the request.At the bottom of the Complete Access Request screen CLICK Save as DraftYou can Cancel the request by CLICKING on Cancel. This will erase the request completely.The Complete Access Request screen refreshes with message, “Success Draft Saved”displayed in the top left corner.User Guide screen data are fictitiousVersion July 2019Page 22 of 54
AHS Identity & Access ManagementI/Request User GuideOpen a draft requestCLICKHome screenIn theDraft Requests pane the saved draft is listedCLICK Resume or DeleteSubmit RequestIf you have finished the request to your satisfaction you can submit itCLICK Submit RequestThe Request Status Viewer screen appearsUser Guide screen data are fictitiousVersion July 2019Page 23 of 54
AHS Identity & Access ManagementI/Request User GuideNote the, “Success Request IAM-####### Submitted.” message in the top left cornerhighlighted in green.Our example included three portions, NAR, I/Request, RUNA. Each appears as “New –Pending”.Once the Approving Manager provides their approval to all portions of the request, theI/Request Provisioning Administrator will be automatically notified.Once the I/Request Provisioning Administrator performs the final processing steps, the requestwill complete and the end-user’s credentials will be provided to the person identified forCredential Delivery.If the end-user has an internal AHS email address they will receive the credentials directly byemail. Credentials cannot be sent to external non-AHS email access for Security and Privacyreasons.User Guide screen data are fictitiousVersion July 2019Page 24 of 54
AHS Identity & Access ManagementI/Request User GuideCLICKHome to return to the AHS IAMHome screenIn the Request Status pane, the pending requests appearYou can monitor the progress and status of your request in the Request Status pane of yourAHS IAM Home screen. This is what it will look like when complete.CompleteUser Guide screen data are fictitiousVersion July 2019Page 25 of 54
AHS Identity & Access ManagementI/Request User GuideApprove Request for I/RequestFurther information about who can approve requests is available at: UnderstandingI/Request access processes.ENTER the AHS IAM URL into your internet web browserhttps://iam.albertahealthservices.caLOGINIn the Access Requests pane, notice a new Approvals item is waitingCLICK ApprovalsThe Awaiting Approval screen will appearUser Guide screen data are fictitiousVersion July 2019Page 26 of 54
AHS Identity & Access ManagementI/Request User GuideApprove Network Account Request (NAR)In our example, the new end-user requires AHS Network Access (NAR). So that is the firstapproval that will display and be required. If this does not apply, skip to the Approve I/Requeststeps.CLICK the Request numberThe Pending Approval – IAM-####### screen displays showing the request for review andapprovalUser Guide screen data are fictitiousVersion July 2019Page 27 of 54
AHS Identity & Access ManagementI/Request User GuideUser Guide screen data are fictitiousVersion July 2019Page 28 of 54
AHS Identity & Access ManagementI/Request User GuideREVIEW theNetwork Account Request (NAR) request informationCHANGE information as needed and permittedENTER Comments as neededComments you enter can only be seen by other approvers during the request. Commentscannot be seen by the end-user or Requester. If you see this comment iconon work item, itmeans an Approver has left a comment.CLICK ApproveThe Awaiting Approval screen appears with the work item no longer displayedNote the “Success Work Item Processed.” message displayed in the top left corner highlightedin green.CLICKHomeThe AHS IAMHome screen appearsIn our example, the request included three portions, NAR, I/Request and RUNA. You approvedthe NAR and RUNA portions in the steps above. While the NAR approval was obvious, theRUNA is coincidental behind the scenes.You will notice that the number of items in you Approvals queue reduces by one momentarily.Within seconds, you will see the I/Request portion of the request come through for yourapproval. See the steps to approve the I/Request portion on the next page in this User Guide.User Guide screen data are fictitiousVersion July 2019Page 29 of 54
AHS Identity & Access ManagementI/Request User GuideApprove I/RequestCLICK ApprovalsThe Awaiting Approval screen will appearThe Asset requested is I/RequestCLICK the Request numberThe Pending Approval – IAM-####### screen displays showing the request for review andapprovalUser Guide screen data are fictitiousVersion July 2019Page 30 of 54
AHS Identity & Access ManagementI/Request User GuideREVIEW theI/Request request informationCHANGE information as needed and permittedENTER Comments as neededComments you enter can only be seen by other approvers during the request. Commentscannot be seen by the user or Requester. If you see this comment iconon work item, itmeans an Approver has left a comment.CLICK ApproveThe Awaiting Approval screen appears with the work item no longer displayed.Note the “Success Work Item Processed.” message displayed in the top left corner highlightedin green.Our example included three portions, NAR, I/Request and RUNA.When you approved the NAR portion, the RUNA portion was automatically approved.User Guide screen data are fictitiousVersion July 2019Page 31 of 54
AHS Identity & Access ManagementI/Request User GuideWhen you approved the I/Request portion, a notification was sent to the I/Request ProvisioningAdministrator to perform their final processing tasks. When complete, an automated notificationwill be sent to AHS IT Access Remote Services to provide the SecurID token requested.All three portions of the access request will then be complete.CLICKHomeThe AHS IAMHome screen appearsIn the Access Requests pane, you will see one less Approval item requiring actionCompleteUser Guide screen data are fictitiousVersion July 2019Page 32 of 54
AHS Identity & Access ManagementI/Request User GuideI/Request Provisioning Administrator – Process anI/Request Work RequestThese steps can only be performed by an I/Request Provisioning Administrator. Beforefollowing these steps in AHS IAM, please complete the I/Request access account provisioningprocesses. Further information about the I/Request Provisioning Administrator is available at:Understanding I/Request access processes.ENTER the AHS IAM URL into your internet web browserhttps://iam.albertahealthservices.caLOGINIn the Access Requests pane, notice a new Work Requests item is waitingCLICK Work RequestsThe Work Requests screen appearsUser Guide screen data are fictitiousVersion July 2019Page 33 of 54
AHS Identity & Access ManagementI/Request User GuideSELECT the Request number for actionThe Pending Manual Action – IAM-####### screen appearsREVIEW theI/Request request informationCHANGE information as needed and permittedENTER Comments as neededComments you enter can only be seen by other approvers during the request. Commentscannot be seen by the end-user or Requester. If you see this comment iconon work item, itmeans an Approver has left a comment.CLICK CompleteThe Work Requests screen appears with the work item no longer displayed.Note the “Success Work Item Processed.” message displayed in the top left corner highlightedin green.User Guide screen data are fictitiousVersion July 2019Page 34 of 54
AHS Identity & Access ManagementI/Request User GuideCLICKHomeThe AHS IAMHome screen appearsThere will be one less item in your Work Requests queueCompleteUser Guide screen data are fictitiousVersion July 2019Page 35 of 54
AHS Identity & Access ManagementI/Request User GuidePick up I/Request Access CredentialsIf you have been identified as the person to pick up someone’s I/Request access credentialsfollow these steps.ENTER the AHS IAM URL into your internet web browserhttps://iam.albertahealthservices.caLOGINIn the Access Requests pane, notice a new Work Request is waitingCLICK Work RequestsThe Work Requests screen appearsSELECT the Request numberThe Pending Manual Action screen appearsThe Request Status Viewer screen shows all steps in the workflow as complete and the laststep, Credential Delivery as WaitingSEEI/Request pane, Credentials to be DeliveredPROVIDE the I/Request User ID and Password to the end-userCLICKCompleteThe Work Requests screen appearsThe request is no longer displayedCLICKHomeThe AHS IAMHome screen appearsIn the Access Requests pane, you will see one less Work Request item requiring actionCompleteUser Guide screen data are fictitiousVersion July 2019Page 36 of 54
AHS Identity & Access ManagementI/Request User GuideResubmit a Denied or Cancelled RequestThis process can only be performed on an I/Request request that has been submitted byyou and then denied or cancelled.Further information about this process is available at: Understanding I/Request AccessProcesses.ENTER the AHS IAM URL into your internet web browserThe AHS IAM Login screen appearshttps://iam.albertahealthservices.caENTER your Username and PasswordCLICKLog inThe AHS IAMHome screen appearsUser Guide screen data are fictitiousVersion July 2019Page 37 of 54
AHS Identity & Access ManagementI/Request User GuideAt the Request Status pane, CLICK on the IAM-####### of the access request you want to resubmitThe Request Status Viewer screen appears with the request status Canceled or DeniedCLICK Resubmit RequestA verification message appearsUser Guide screen data are fictitiousVersion July 2019Page 38 of 54
AHS Identity & Access ManagementI/Request User GuideCLICK Resubmit RequestThe Complete Access Request screen appears with the end-user’s details displayedUser Guide screen data are fictitiousVersion July 2019Page 39 of 54
AHS Identity & Access ManagementI/Request User GuideUser Guide screen data are fictitiousVersion July 2019Page 40 of 54
AHS Identity & Access ManagementI/Request User GuideREVIEW theNetwork Account (NAR) portion if presented, as in this exampleIf needed, CHANGE any request detailsREVIEW theI/Request form informationIf needed, CHANGE any request detailsReview theRemote User Network Access (RUNA) portion if presented, as in this exampleIf needed, CHANGE any request detailsCLICK Submit RequestThe Request Status Viewer screen appears with the message, “Success Request IAM####### Submitted.” displayed in the top left corner.If you are not a person who has the correct Delegation of Human Resources Authority or are anI/Request Authorized Approver, the resubmit request will need approval by the ApprovingManager you identified and final steps performed by the I/Request Provisioning Administrator.User Guide screen data are fictitiousVersion July 2019Page 41 of 54
AHS Identity & Access ManagementI/Request User GuideOnce all the approvals have been given and work items processed, the Request Status Viewerscreen will show all processes Completed.CLICKHomeThe AHS IAMHome screen appearsIn the Request Status pane, you will see the request CompletedCompleteUser Guide screen data are fictitiousVersion July 2019Page 42 of 54
AHS Identity & Access ManagementI/Request User GuideModify I/Request AccessFurther information about this process is available at: Understanding I/Request accessProcesses.ENTER the AHS IAM URL into your internet web browserThe AHS IAM Login screen appearshttps://iam.albertahealthservices.caENTER your Username and PasswordCLICKLog inThe AHS IAMHome screen appearsCLICK Request or Modify AccessThe Request Access screen appears withUser Guide screen data are fictitiousVersion July 2019Existing User selectedPage 43 of 54
AHS Identity & Access ManagementI/Request User GuideSEARCH for and SELECT the end-userThe Request Access screen appears with the end-user’s details displayedAt Available Entitlements, under I/Request CLICK Change AccessThe screen refreshesThe Selected Entitlements pane appears at the bottom of the screen with I/Request displayedUser Guide screen data are fictitiousVersion July 2019Page 44 of 54
AHS Identity & Access ManagementI/Request User GuideCLICK NextThe Complete Access Request screen
SecurID Tokens If you or an end-user need to access the I/Request system from outside an AHS facility, a SecurID token will be needed to provide a second form of authentication at login. This is called Two-Factor Authentication. You will be able to request remote access to I/Request when completing the I/Request access request process in AHS IAM.
