3 Ways to Get Zero-Touch IT Working in Your Organization

Over the last two decades, nearly every trend in software has had the effect of piling work onto increasingly stretched IT teams. SaaS, cloud infrastructure, IPaaS, non-human identities, and most recently the rise of agentic AI, have each added new apps, new identities and new permissions to IT’s burden. The cost of this capacity gap is felt across:

• Security, as risky and excessive access go unchecked
• Efficiency, as employees wait for overworked IT teams to grant the access they need, and
• Profitability, as unused SaaS licences and duplicative SaaS contracts multiply.

In order to restore the balance, we need to move away from the idea that access decisions can only be made one-at-a-time through manual processes. Instead, the majority of rote access decisions should be implemented automatically, based on comprehensive access policies.

As the first Autonomous Identity platform, Lumos allows you to automate access for many common access use cases. Here are three ways you can apply zero-touch IT in your organization with Lumos.

1. Pre-approve access requests
2. Auto-remove dormant or underutilized access
3. Use AI to analyze usage patterns in your org to improve birthright access

Let's look at each of these processes more closely.

1. Pre-approve access requests

Lumos’ AppStore provides a consumer-grade experience for employees to request apps as easily as adding an app to their phones. One of the most powerful features of the AppStore is the ability to create pre-approval rules based on the attributes of the owner. Pre-approval rules are useful for:

• Apps that don’t require security approvals but do have a limited supply of licenses
• Granting time-limited high-level emergency access for on-call support staff.
• Granting automatic request for apps to some employees, but requiring manual approvals for others. For example, access to Github repositories might be granted automatically to senior engineers, but only on approval to other 

App admins can create a pre-approval rule for any app from its settings page in the AppStore. For example, these two rules for the Loom app automatically allow a pro-level license for engineering employees so that they can record and share detailed demos of features in development, while marketing employees are automatically granted a limited license to view videos and record shorter demos for outreach.

More complicated rules can be made based on groups in your Identity Provider, attributes such as title, manager and office location, and even on-call schedules.

Another advantage of pre-approval rules is that access can be pre-approved for a limited amount of time. This means that employees can get seamless access to apps when required without IT having to resort to excessive birthright access grants, or taking extra manual effort to remove access when it is no longer needed.

2. Auto-remove dormant or underutilized access

While granting access can be complicated and time-consuming, making sure access is removed when no longer needed can be even more challenging. The key reason for this is that there will always be more urgency for employees to get the access they need today than to remove the access they needed yesterday, and when IT teams are already overworked, cleaning up unneeded access never gets to the top of the priority list, leading to untamed access sprawl as employees accumulate more and more access, and wasted spend as you pay for app licenses that aren’t used.

With Lumos, you can create simple “inactivity workflows” for each app that capture usage data from the app, identify employees that aren’t using their access, and either remove access entirely, or downgrade to a less powerful or cheaper tier.

For example, this workflow identifies premium-level Zoom users who have not created a meeting lasting longer than 40 minutes in the last 30 days, and downgrades them to the free tier of Zoom:

Inactivity workflows free up IT teams from the burden of sifting through each app’s “Users” page to clean up licenses, saves your organization money, and ensures that when new employees need access, there is always a pool of available licenses.

3. Use AI to analyze usage patterns in your org to improve birthright access

To further reduce the workload for your IT teams, while empowering employees with the access they need, Lumos can apply AI analysis to your onboarding policies, comparing them at scale with request data from the AppStore and activity data from the apps themselves to identify improvements.

For example, apps that are commonly requested and approved for specific teams can be added to birthright access for those teams. Similarly, access that is part of birthright access, but is rarely used, can be removed from birthright access and handled through the AppStore.

Lumos’ total visibility into apps and identities across your stack, and capturing granular detail and even user activity, means that your access policies can adapt and improve over time, reducing risky access, removing roadblocks to necessary access, and reducing wasted spend across your whole stack.

Learn more

Lumos is the first autonomous identity platform. It automatically discovers and manages access across all your apps. Instead of being overwhelmed by the sprawl of apps and access, Lumos empowers organizations with one unified solution that controls access on auto-pilot. Lumos customers can enhance security, cut software spend and boost employee productivity — all in one platform. Trusted by hundreds of companies, Lumos powers millions of access requests across global companies. To learn more:

• Take a tour of the AppStore to learn more about approval workflows.
• Read about how zero-touch IT workflows can help you optimize Zoom licenses.
• Learn how to use these techniques and more to tame access sprawl in your organization.

For a personalized deep-dive into how you can apply zero-touch IT in your organization, schedule a demo today.