Notifications
Clear all
Topic starter
11/06/2026 11:32 pm
TL;DR: IT service management is presented here as the operating layer for access requests, incident handling, change control, and service delivery metrics, with Zluri arguing that automation improves speed and consistency across those workflows. The real governance issue is that ITSM can accelerate approvals without fixing entitlement sprawl, stale access, or weak lifecycle controls.
NHIMG editorial — based on content published by Zluri: Access Management IT Service Management (ITSM): 101 Guide
By the numbers:
- ITSM automation can manage the same process 10x more efficiently than a manual method involving multiple steps.
Questions worth separating out
Q: How should security teams use ITSM for access requests without weakening governance?
A: Treat ITSM as the workflow layer, not the authority layer.
Q: Why do ITSM workflows often create access creep?
A: They are usually optimised for speed, not entitlement hygiene.
Q: How do you know if ITSM is actually improving identity governance?
A: Look beyond ticket closure time.
Practitioner guidance
- Map access requests to entitlement ownership Require every request to resolve to a named owner, a business justification, and a revocation condition before approval.
- Link role changes to access reduction Use change management events to trigger removal of outdated permissions, not just provisioning of new ones.
- Separate service metrics from governance metrics Track resolution time and SLA breach rate alongside entitlement recertification, orphaned account cleanup, and access scope validation.
What's in the full article
Zluri's full guide covers the operational detail this post intentionally leaves for the source:
- Step-by-step ITSM workflow examples for request intake, prioritisation, and approval handling.
- Specific automation points inside access request management, including alerting and dashboard routing.
- Metric examples for measuring service desk responsiveness, SLA performance, and user satisfaction.
- Practical setup details for integrating request handling with Slack and multi-step workflows.
👉 Read Zluri's guide to ITSM access management and service delivery →
ITSM access requests and the identity governance gap teams miss?
Explore further
12/06/2026 8:14 am
ITSM is becoming an identity control plane whether teams label it that way or not. The article frames ITSM as a way to streamline access requests, incident handling, and change management. In practice, those are identity decisions disguised as service operations. The discipline matters because approval speed without entitlement governance simply creates a faster path to overprovisioning. Practitioners should treat service management workflows as part of access governance, not as a separate operational layer.
A few things that frame the scale:
- 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, according to Ultimate Guide to NHIs.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them, according to NHI Lifecycle Management Guide.
A question worth separating out:
Q: What is the difference between ITSM efficiency and access governance quality?
A: Efficiency measures how quickly requests move. Governance quality measures whether the resulting access is appropriate, temporary when needed, and removed when no longer justified. A team can meet every SLA and still overprovision users if the underlying decision criteria are weak.
👉 Read our full editorial: ITSM access requests expose the identity gaps behind service delivery
