Requesting access is now easier than ever with the new Access Request Agent in Harbor Pilot. Instead of navigating the standard access request experience, you can now use natural language to request access for yourself, check on a request, or cancel a request. This eliminates the need to understand complex catalog structures like roles, entitlements, and Access Profiles.
End users can access the Harbor Pilot via a new settings page. An administrator must first enable this feature in the GenAI Settings.
New Capabilities
Start an access request via natural language in Harbor Pilot (e.g., “request access to Salesforce”).
When a request matches multiple access items, prompt the user to clarify which item they mean (and narrow results).
Account selection support when the requestee has multiple accounts on the target source (to ensure the request provisions to the intended account).
Ask for current status of an access request via natural language in Harbor Pilot.
Cancel an access request via natural language in Harbor Pilot.
End users can now use Harbor Pilot. Admins must turn this on in Global → System Settings → Feature Settings → GenAI → Enable Harbor Pilot for End Users.
Users find it difficult and confusing to navigate the Identity Security Cloud to request access to an application, a critical but infrequent task, due to lack of UI familiarity and a lack of clarity on how access is structured (roles vs. entitlements vs. Access Profiles).
Solution
The Access Request Agent enables end users to kick off and complete an access request via Harbor Pilot using natural language:
The user describes what they need (“I need access to Workday”).
If multiple matches exist, Harbor Pilot asks follow-up questions to select the right access item.
Harbor Pilot asks for (and includes) business justification.
Harbor Pilot shows a final summary for confirmation.
Upon submission, Harbor Pilot confirms success and provides a link to view the request in the Request Center.
Who is affected?
Customers who have turned on Harbor Pilot. End users can now access Harbor Pilot in a new settings page. This must be turned on by an admin in GenAI Settings.
Action Required
In order for users to access Harbor Pilot on their new settings page, an administrator must first enable it in the GenAI Settings.
Important Dates
Calendar
By RSVP’ing to this event you will be reminded of this release prior.
Does this functionality update include account only requests? That would be really useful!
In addition, there is a configuration switch allowing customers to choose if governance group membership should be visible to the requester in case of pending approval of a governance group. This switch exists to both facilitate the customers who want it to be visible and to offer a security control for customers where this information should not be public to the requester. Can the requester now ask for the membership in natural language regardless of this setting? If so, this functionality would introduce a security vulnerability once it gets released.
I don’t see any change in the UI other than Harbor Pilot in the upper corner where it is for admins. When asked if Harbor pilot can request access, it is cordial and tries to be helpful until it tells you that it cannot make access requests on your behalf and that you must do it yourself.
Hi @alec
I tried this out on a demo tenant. I enabled Harbor Pilot for end users and as an end user, I opened Harbor Pilot chat asking me to give me the status of my access request. It told me to go to the search tab to figure it out. But regular identities don’t have search. And it also told me it can’t grab the data itself. So it seems this will waste time confusion instead of helping the user.
If it can’t than how could this functionality ever “eliminate the need to understand complex catalog structures like roles, entitlements, and Access Profiles.”?
Or is the functionality not fully deployed yet on my demo tenant, even though I can see the “enable for end users” option?
When trying this out, I was able to raise a request. However it didn’t prompt me for a justification or an end-date. When asking about it, it mentioned that’s not within the current capabilities. (and the mandatory justification is filled in with “AI requested on behalf of 1234567”
By RSVP’ing to this event you will be reminded of this release prior.