Self-Service Portal

What it does

The Self-Service Portal (SSP) shows employees what they already have and lets them request additional access, without opening a ticket. A request goes straight to the right approver, and on approval ServiceChanger updates the membership through the same rules as the rest of the product.

The SSP is a separate module. ABAC, group assignment, and license tracking all work without the SSP.

Products

In the SSP you offer access as a product. A product links to:

• a group, or
• an attribute.

For each product you set a title, description, and optionally a logo. You can hide a product from the catalog if you only want to offer it through a direct link.

Showing considerations

A product can carry considerations that help both the requester and the approver, such as:

• License cost tied to this access
• Project, region, or department specific
• High security or admin rights
• Temporary access
• MFA required or training required
• Includes email, read only, or confidential data

Approval flow

For each product you decide who has to approve:

Condition	Who approves
Manager	The requester's manager.
Owner	The owner of the group or attribute.
Owner and manager	Both have to agree.
Owner or manager	Either one is enough.
Auto-approve	No approval needed, granted immediately.

A request walks through the steps that belong to the condition. Each decision (approved, rejected, skipped) is recorded with an optional note, so you can later see who decided what.

Request statuses

A request is pending, approved, or rejected. On approval ServiceChanger provisions the access automatically. In exceptional cases an operator can skip a step; that is recorded explicitly as a bypass.

Temporary access

Access can be granted temporarily. If a particular temporary grant keeps recurring for people with the same attribute, group mining suggests turning it into a permanent attribute link. See Group mining.

Related

• ABAC and attributes
• Group mining