search
Sprinto DashboardAPI Reference

Configure Access Rules for Ticketing Systems (MCAS)

User access rules play a pivotal role in defining valid users and login protection methods for accessing critical systems. Unlike the Automatic Critical Access System (ACAS), the Manual Critical Access System (MCAS) requires manual configuration of login protection methods and user access validity details.

hashtag
Before You Begin

  • Log in to Sprinto as an administrator.

hashtag
Defining User Access Rules

  1. Navigate to Data Library > Access > Critical Systems and select the desired critical system from the list. Use the search bar for quick navigation.

  2. On the Critical System’s Summary page, click Configure/Manage. Optionally, you can also click View & Fix next to the Rules for who can access critical systems should be configured. Note: Update user access rules for all accounts in case of multiple accounts for a critical system.

  3. Defining Access Validity: Take the following steps to define the valid users that can access the critical system:

    • On the Manage page, click Configure/Manage next to access validity.

    • Choose one of the following options to define valid users:

      • All Staff Members Are Allowed Access: For systems accessed by all staff members, such as HRMS services, email providers, VPN services, etc.

      • Role-Based Access: For systems accessed by specific roles in the organization. Select the job roles and click Save. Note: You can select multiple roles under Valid roles if required.

      • Ticket-Based Access: For systems accessed based on access requests logged through a ticketing system. Configure the ticketing system after selecting this option. Note: " Connected " is highlighted next to already integrated services. Optionally, you can click Connect to integrate a service provider.

  4. Defining Login Methods:

    • On the Manage page, click Configure/Manage next to login methods.

    • Select the login protection methods for accessing the critical system and click Save.

      • Multi-Factor Authentication (MFA)

      • Complex Password

      • Single Sign-On (SSO)

      • Virtual Private Network (VPN)

    • After configuring login protection methods, the Sprinto check Evidence should be uploaded for selected login methods within the critical system {critical system name} gets activated. Refer how to resolve guide for further details.

hashtag
Conclusion

Once both user access rules is configured against a critical system, the activated Sprinto check status gets updated to “Passing.” Depending on your user access process changes, you can modify these rules anytime if required.

PreviousAdd and Manage Critical SystemsNextManage Ticketing Systems

Last updated