Shape the future of IBM watsonx Orchestrate


This is the IBM Automation portal for IBM watsonx Orchestrate. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Learn more about IBM watsonx Orchestrate - Use this site to find out additional information and details about the product.

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add idea Subscribe
Status Future consideration
Created by Guest
Created on Apr 17, 2025

RELATED IDEAS

Agent Access Control: JIT(Just-in-time) JEA( Just-enough-access)

In regulated domains like Talent (HR systems) or Finance (ERP, banking platforms), granting AI agents standing access to sensitive data and systems poses significant security and compliance risks.

Just‑In‑Time (JIT) and Just‑Enough‑Access (JEA) are critical because they enforce the principle of least privilege—granting AI agents (or users) only the permissions they need, only when they need them, and only for as long as they need them.

  • agent requests elevated privileges only when it needs to perform a specific task (e.g., fetching candidate

  • the system dynamically scopes permissions to the minimal set of actions and data fields required (e.g., “read-only access to payroll records for employee ID X”)

  • each access request is checked against an attribute‑based policy engine (e.g., OPA, Azure PIM), which evaluates real‑time context such as time of day, agent identity, task type, and risk level policies incorporate risk factors—unusual access patterns or high‑value transactions trigger additional approvals or deny access.

  • upon task completion or expiration of the JIT window, credentials are automatically revoked, and access tokens are invalidated to prevent privilege creep ephemeral keys or certificates are rotated after each session to eliminate reuse risks.

  • every JIT/JEA grant and revoke event is logged with full context (who, what, when, why), ensuring traceability for audits and investigations a central monitoring system watches for policy violations or anomalies and can trigger alerts

Idea priority High
  • Post comment
  • Admin
    Laurent Tillette de Clermont-Tonnerre
    May 8, 2025

    Thank you for your feedback, wouldn't that covered by personal credentials (https://watson-orchestrate.ideas.ibm.com/ideas/LSABER-I-906) which means each user uses their own credentials for a given 3rd party app the tool connects to on their behalf and therefore only gets the user access to the permission/data they have in that system?

    Reply

By clicking the "Post Comment" or "Add Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not include IBM confidential, company confidential, or personal information in any field.
Having problems accessing this portal? Describe the problems in an email to ideasibm@us.ibm.com.