Policy Change Request

Policy Change Request enables end users to request access or elevated permissions for applications on demand that are currently restricted by the applied policy. End users can now use this feature to submit requests directly from the Ivanti Neurons desktop app or when an application has been denied. The feature is integrated with ServiceNow, leveraging the advanced process engine in the request module to streamline approval workflows and track audits of these requests.

Policy Change Request settings are configured globally as per rule and are evaluated at session connection and when a configuration change occurs.

For example, an end user can raise a policy change request to access specific applications outside a secured network or when they need temporary access. Then, the ServiceNow integration will create a new request item based on the end user requirements. This request can be approved manually or automatically, depending on the ServiceNow catalog configuration.  End users are notified via pop-up messages once their requests are approved or rejected.

Process Workflow

See the list below to understand the feature workflow in a sequential order:

  • The end user initiates the request directly from the Application Denied message box, through a context menu option on the target app, or from the request policy change app on the endpoint. Refer to Creating Policy Change Requests for information.
  • The end user configures information for the policy change, such as duration and reason, and submits the request.

  • The request creates a ticket in the ServiceNow platform automatically and approves the change request based on the organization's requirements. For more information about ServiceNow integration, refer to Configuring ServiceNow for Policy Change Request.

  • The policy change request expires based on a predefined time interval.

Creating Policy Change Requests

  1. Double-click the Request Policy Change icon () on the desktop to initiate the request.
    Alternatively, you can right-click a denied application and select Request access privilege for this application.
    The Application Control Challenge Response dialogue box appears.
  2. Click Create New Request to request authorization.
    The new request page appears.
  3. Enter the application name, duration, request type, and other relevant details for the request.
  4. Click Submit Request.
  1. Double-click or run the denied application.
    The Application Denied dialogue box appears.
  2. Click the Click here to request access to the application link to request for authorization for that application.
  3. Enter the application name, duration, request type, and other relevant details for the request.
  4. Click Submit Request.
  1. Expand the Notification Area/System Tray in Taskbar and click the Request Policy Change icon () on the to initiate the request.
    The Application Control Challenge Response dialogue box appears.
  2. Click Create New Request to request authorization.
    The new request page appears.
  3. Enter the application name, duration, request type, and other relevant details for the request.
  4. Click Submit Request.