Delinea Authorization Powered by Iris AI

This Delinea Iris AI feature is currently available only to customers participating in an approved Public Preview. If you'd like to participate and be among the first to try this feature, ask our support or account team for details.

Delinea Authorization powered by Iris AI (Iris Authorization) is an AI-driven access-approval agent that automates Secret Server approval workflows to streamline approvals, reduce unauthorized-access risk, and strengthen compliance with existing security policies.

Iris Authorization evaluates each access request based on:

• the requester's identity

• the requester's stated intent

• contextual risk signals

• historical patterns

• your organization's policies

To set up Iris Authorization, see Configuring Iris Authorization.

To view access requests processed by Iris Authorization, see Viewing Access Requests.

Iris Authorization vs. Manual Approval

Traditional manual access approvals can be time-consuming for both administrators and users. They are prone to human error and may not adequately assess the risk associated with each request.

Iris Authorization addresses these challenges with automation based on comprehensive data, enhancing security and efficiency while still enabling human administrators to analyze approvals and intervene as necessary.

Iris Authorization will not grant additional access beyond what is requested. In addition, administrators can provide feedback on past approvals, allowing Iris Authorization to learn and adapt over time to improve its decision-making capabilities.

Recommend Mode vs. Decide Mode

Iris Authorization operates in two primary modes: recommendation only and automated decision.

Mode	Behavior
Decide	Iris Authorization automatically approves or denies the request based on predefined criteria.
Recommend	Iris Authorization recommends an action; a human approver receives the request and recommendation in the Inbox and approves or denies.

The process flows like this:

1. Request Submission: A user submits an access request, including a ticket number and justification.

2. Risk Assessment: Iris Authorization evaluates the requester's risk level, access request duration, appropriateness of the stated reason, and other contextual signals.

3. Ticket Verification: If configured in the profile's authorization checks, Iris Authorization retrieves and analyzes the content of the associated ticket (from systems like Zendesk or ServiceNow).

4. Decision Making: Based on the analysis, Iris Authorization either approves or denies the request or presents an approve or deny recommendation to a human approver.

5. Feedback Loop: Administrators can provide feedback on Iris Authorization's decisions, which is used to improve the system's accuracy over time.

Decision Factors

When Iris Authorization evaluates an access request, it considers the following (non-exhaustive) checks:

• User risk level – Users rated Critical or High risk receive stricter scrutiny

• User behavior – Deviations from the user's baseline, including:

  • Failed login attempts

  • Location anomalies

  • MFA use

• Secret access request details – Properties of the request itself, including:

  • Justification is reasonable and professional

  • Duration is not excessive

• ITSM ticket validation (if an ITSM connection is available)

  • Ticket number – Matches the ITSM ticket (e.g., Zendesk) with the access request

  • Ticket justification – Request reason must align with ticket description

Iris Authorization Safety Statement

Human-AI Oversight Requirement

Delinea Authorization powered by Iris AI (Iris Authorization) is designed to augment your skilled oversight – not to replace it. Iris Authorization can be set either to alert you or to take pre-specified actions. This automation still requires a "human on the loop" for customer oversight, audit and feedback, to ensure accuracy and to optimize results over time. AI models are probabilistic in nature, meaning they can inherently produce outputs that are inaccurate or incomplete. You and your end users bear responsibility for any decisions, recommendations, actions, or inactions that arise from utilizing Delinea Authorization powered by Iris AI.

Data Privacy and Processing

Delinea Authorization powered by Iris AI uses the Azure OpenAI service provided by Microsoft. Key data handling and privacy features include the following:

• Regional Data Hosting: Your tenant data is hosted and processed within the same region that you have selected for your cloud operation, ensuring compliance with regional data handling regulations. Any feedback that you send to Delinea ("debugging data") can be stored in other regions (see Data Included in Feedback to Delinea below).

Due to local data hosting requirements, Iris AI (Delinea Authorization Powered by Iris AI and Delinea Auditing Powered by Iris AI) is not available in the United Arab Emirates.

• Data Deletion After Processing: When Azure OpenAI finishes processing data from a Delinea Platform access request, the data is immediately deleted from Azure and not retained by Microsoft. This ensures that evaluation data is handled securely and transiently.

• No AI Training with Customer Data: Delinea Authorization powered by Iris AI does not and will not use customer recordings or data to train AI models unless we obtain your specific prior written authorization to do so.

• Data Included in Feedback to Delinea: When a user flags an Iris Authorization recommendation or decision, the specific data involved (their feedback explanation, the original access request, and the contextual risk data for that request) will become visible to Delinea engineers for troubleshooting analysis and resolution only.

Enabling the AI Agreement

In addition to enabling the Delinea Authorization powered by Iris AI capability, an administrator must approve the AI Agreement before Iris Authorization can begin reviewing access requests.

For steps to enable Iris Authorization and accept the agreement, see Configuring Iris Authorization.