Managing Temporary Access Requests
When you encounter an issue with your Coveo-powered solution, you may request help from the Coveo Support team. To help you fix your issue, Coveo’s product specialists often need to access your Coveo organization to assess the problem and conduct some tests.
Coveo has high security standards and enforces the principle of least privilege whenever possible. Your product specialist and other Coveo employees may therefore need additional privileges to investigate your issue thoroughly (see Privilege Management).
The vast majority of issues don’t require Coveo Support to be granted administrative privileges in your Coveo organization. Coveo Support employees aren’t authorized to grant privileges to customers in a Coveo organization. If you want to be granted access to a Coveo organization, you must follow the access request workflows of your company.
Coveo’s security team has established which additional privileges each category of personnel can occasionally request for troubleshooting, advice, or other purposes. The temporary access request feature enforces this restricted list of additional privileges. As a result, no one can use this feature to grant themselves privileges that are unnecessary within the scope of their duties.
As an administrator, you can review the privileges Coveo employees are temporarily granted on the Temporary Access page.
Reviewing Temporary Access Requests
The Temporary Access page is a list of the privilege requests that have recently been submitted by Coveo employees for your organization (see Temporary Access Request Process). It shows whether each request is active or inactive (i.e., whether the employee currently has the corresponding privileges), a justification for the request, and the date on which the temporarily granted privileges will automatically be revoked.
To review the privileges associated with a request, click this request, and then in the Action bar, click Details. You can also click to display a list of activities about the listed temporary access requests.
The privileges associated with an active request can be permanently revoked by clicking the request, and then in the Action bar, clicking Revoke. Inactive requests can’t be reactivated.
Subscribe to notifications to receive an email whenever a new temporary access request is submitted for this organization.
Temporary Access Request Process
The following table illustrates how the process of a temporary access request unfolds in a support case context. The Administrator is you, an administrator of this organization. The Requester is a Coveo employee that needs a certain set of privileges to access your organization and solve your issue.
|Step||Administrator's perspective||Requester's perspective|
|1||You encounter an issue with your Coveo-powered solution. You report it to the Coveo Support team.|
|2||The Requester analyzes the support case and determines whether they need additional privileges to solve it. If they do, they fill a temporary access request, in which they list the required privileges.|
|3||Once the request is sent, the requested privileges are automatically granted.|
|4||Since you subscribed to notifications of new temporary access requests, you receive an email with a link to the request in the Coveo Cloud Administration Console.|
|5||You review the request details, which include a justification and the privileges granted. You have the option to revoke the request, for example when your issue is solved before the request expiration date.|
|6||The Requester uses their new privilege set to help you solve your issue.|
|7||On the request expiration date, the temporarily granted privileges are revoked.|
|8||The privilege request remains visible in the table for some time after its expiration or revocation.|
|Action||Service - Domain||Required access level|
|View who at Coveo has been granted temporary access to your organization||
Organization - Temporary access
|Revoke temporarily granted privileges||
Organization - Temporary access