Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

ITSM and app request workflows: what IAM teams need to know


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9079
Topic starter  

TL;DR: App request handling and access approval should be treated as a governance problem, not just an ITSM tooling choice, according to Zluri. Zluri compares Zendesk, ServiceNow, and Jira on ticketing, knowledge management, automation, integration, and pricing, then argues that for IAM and NHI programmes, the key issue is whether request workflows can enforce identity, role, and compliance checks consistently.

NHIMG editorial — based on content published by Zluri: IT Teams Zendesk Vs ServiceNow Vs Jira: Which ITSM Platform To Choose?

By the numbers:

Questions worth separating out

Q: How should security teams govern app requests that are raised through ITSM tools?

A: Security teams should treat app requests as entitlement decisions, not just tickets.

Q: Why do self-service app stores create governance risk if they are not tightly controlled?

A: Self-service app stores can reduce friction, but they also make catalog design a policy issue.

Q: What breaks when approval workflow automation is allowed to grant access implicitly?

A: Automation breaks down when routing, approval, and entitlement issuance are treated as the same action.

Practitioner guidance

  • Define the approval authority for every app request Document which requests can be routed by ITSM automation, which require manager review, and which need IAM or security approval before access is granted.
  • Classify requestable apps by risk and lifecycle impact Use risk score, compliance requirement, and data sensitivity to decide which apps belong in self-service and which should remain gated by additional review.
  • Separate ticket routing from entitlement issuance Make sure the system that receives the request is not automatically the system that grants the access, especially for high-impact SaaS and privileged tools.

What's in the full article

Zluri's full blog post covers the operational comparison and platform details this post intentionally leaves for the source:

  • Side-by-side feature and pricing detail for Zendesk, ServiceNow, and Jira across ITSM, knowledge management, and automation
  • Examples of how Zluri's employee app store handles ad hoc requests, approvals, and procurement handoff
  • Practical walkthrough of audit reporting, request prioritisation, and multi-user access handling in the platform
  • The vendor's own discussion of lifecycle governance and access control features for day-to-day IT operations

👉 Read Zluri's comparison of Zendesk, ServiceNow, Jira, and app request governance →

ITSM and app request workflows: what IAM teams need to know?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8508
 

ITSM-driven access requests are a governance control point, not a service desk convenience. Once app requests become the path to software access, the workflow itself decides whether identity and entitlement controls are enforceable. That makes approval design, evidence capture, and entitlement visibility part of IAM architecture rather than support operations. Practitioners should treat the request flow as a control surface and not as a purely administrative queue.

A few things that frame the scale:

  • Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap, according to The State of Secrets in AppSec.
  • The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities.

A question worth separating out:

Q: Which identity governance controls matter most when ITSM platforms handle app access?

A: The most important controls are request classification, approval segregation, evidence capture, and post-grant review. Those controls ensure the platform can move work efficiently without turning convenience into silent privilege expansion. In practice, access governance must stay visible even when the request process is automated.

👉 Read our full editorial: ITSM platform choice exposes access governance gaps in app requests



   
ReplyQuote
Share: