Ask HN: Is making requests approval service for IT worth it?

1 points by daemon_9009 ↗ HN
Hi, I have seen a loop hole in the approval giving process in the IT dept of various tech companies, so how they do it currently is: let's say an employee wants a certain permission for github, he will either raise a ticket using their portal or mail it to the manager asking for approval, the manager forwards it to the IT support and they approve it manually(well using the github portal they have, but it is a manual work since they have to locate the person and give the permission). The current solutions like rippling, electric etc. does not provide the feature for raising the tickets, the portal is with only one person, hence the approval process becomes single-point contact thing.

My solution was to make this process a multi-point contact thing, by integrating the request raising process and the approval giving process(by using API ofc) so the request need not go the IT support but is tackled by someone in between who had the required access rights, hence this becomes a multi-point service. Can this platform be converted into a business? or the right questions should be will tech companies consider buying something like this when the requests are generated seldomly?

9 comments

[ 2.5 ms ] story [ 29.8 ms ] thread
Do you think this could implemented as a workflow in Jira?
My current customer has this workflow: 1. The person or someone else raises an request for an account(some users have up to 3 accounts for security reasons); 2. An certain amount of people approves it 3. The system adds the account to an group. all the systems can look up the account and the groups he is a member of in the AD. This also works for applications that don't authenticate themselfs over ldap, like SAML or OAuth, since the sso is configured to relay the groups.
well you mentioned the system only adds the account to a group in AD, if i am not wrong Azure directories work for cloud based platform, and also it requires the company to use their own domain for sso, AD is now Entra ID. But what about the permissions that AD dont cover like github, jira, database access?
Jira and bitbucket are also integrated in the AD groups, the access to servers is provided through an server in the middle for root users and an obscure pam module provides access to non-root users.
is AD single point contact or multi point approval system, can people in between approve the requests? and can the tickets be raised for a certain permission? can that permission be tracked? i think AD is merely a portal for azure and other cloud platforms.
AD is the source of truth that is changed updated by the permission system. The permission system tracks the progress and the people who approve it.im merly a user of it and i can say that an absolute minority of applications don't use the AD for authentication.
so is it safe to beleive that AD is multi-point approval system, almost for all applications, and tickets can be raised using it? So that means making another platform is rather obsolete, isn't? Also I have never used AD but reading its docs i came to know that, for using sso the company has to use the domain provided by the AD, like yourcompanyname@microsoft.com, what company will want its users to sign in using this kind of a domain?
Ad is an extension omtop of ldap.using the kerberos like usernames is possible, but most systems accept the username, since there are no conflicts with the usernames.
jira has its own dashboard to do all kinds of stuff, it will be redundant to recreate it, i guess. what do you think?