How does Serval help teams manage application access? 

Software access requests comprise ~40% of help desk tickets. These requests are typically handled manually or in access management tools that are disconnected from the ITSM. This fragments operations, slows down employees, and makes auditing more difficult. 

Serval is the first ITSM with an integrated access management solution. We automate just-in-time (JIT) access provisioning and deprovisioning directly from help desk requests, reducing the manual effort required from IT and security teams while giving employees a one-stop-shop for IT support. Serval admins can configure access policies, profiles, and provisioning methods to enforce least-privilege access across applications and roles.

With Serval, admins can configure:

Profiles: Set up profiles for which users are able to request access to specific applications, resources, or roles.

Policies: Set up policies with time-bound access, approval workflows, and business justification requirements.

Provisioning methods: Provision access through SCIM (using your current IdP provider), custom provisioning workflows, API provisioning, or manual provisioning steps.

Why access management belongs in the ITSM 

AI-native access management brings access into the flow of IT and Security work, automating the #1 ticket type and turning every request into auditable data.

1. Employees know where to go.

Nearly half of all help desk requests are access-related and employees shouldn’t be redirected to other tools to get support. With access management automated through the help desk, employees get unblocked faster and admins manage all IT tickets in the same system.

2. Every request becomes a trackable ticket.

Serval tracks the full conversation around access requests, including length and business justification. This means compliance teams have a single source of truth to approve, review, and audit access. All without needing to piece together data from multiple tools.

Why it matters that access management is AI-native

Serval access management incorporates AI to make requests, approvals, and provisioning seamless. 

1. Make imperfect or incomplete requests. 

Users often don’t know the specific role or permission level they need. They may know they need Figma access, but not whether that's "Editor," "Admin," or "Group Admin." They know they need read access to an RDS database in AWS, but not which of thousands of IAM roles will grant these permissions. Serval converses with users to surface available roles and guide them to the right level of access.  

With Serval, employees get unblocked in seconds instead of wasting time in delayed human back-and-forth clarifications, while IT and security maintain their approval workflows and governance capabilities. 

“Instead of messing with clunky web interfaces or pinging someone in security, you just type your request in natural language in Slack, explain what you need and why, and the LLM handles translating it into the right access so you can get your job done.”

— Kyle Randolph, CISO @ Verkada

2. Build custom approval workflows with complex, multi-step logic. 

Like other access management platforms, Serval's access policies can include approval steps from specific users or groups. Serval is unique, however, in using AI to create custom approval workflows for even the most complex approval processes. These approval workflows execute multiple lookups, actions, or AI analysis before returning "approved" or "not approved." 

For example, instead of just routing to a manager for approval, admins can use Serval AI to build a custom approval workflow that checks if the user's peers have similar access in Okta, then evaluates the business justification using AI, and then approves the request if the desired conditions are met. Custom approval workflows allow IT and security teams to implement policies that reduce the administrative burden for lower-risk requests while maintaining strict governance over privileged resources.

3. Support custom provisioning workflows, built from natural language prompts.

Most access management tools support auto-provisioning via SCIM but provisioning is not always as simple as moving users into a SCIM group. 

In Serval, admins can use AI to build custom provisioning and deprovisioning workflows to handle complex cases. Examples include using an application’s user management API to send an email invite, or opening a GitHub PR to make a Terraform change.

4. Identify risky access and wasted spend.

Serval’s AI-powered workflows give you visibility into who has access to what, when they received it, and why. All viewable in-app or downloadable to make audit trail compliance a breeze. These workflows can identify overprovisioned licenses and excessive access that's costing you money or creating security risks.

This means security and finance teams reclaim wasted spend and reduce risk exposure proactively, instead of manually auditing access across multiple systems or waiting until renewal time to discover unused licenses.

How businesses that use Serval’s access management see ROI

Companies like Perplexity, Mercor, and Verkada, they're automating > 50% of tickets, largely thanks to their access management flows in Serval. In Serval, automated provisioning saves everybody time while enhancing security posture.

1. Automating access requests saves time for everyone.

Serval automates access requests for some of the world’s fastest growing companies, including Together, Verkada, Perplexity, and Mercor. At Together, 95% of just-in-time infrastructure access requests are automated by Serval. This saves time for both admins who would otherwise provision access manually and employees who would otherwise wait until their ticket was manually resolved. With Serval, these tickets become "zero-touch" for IT and Security teams and employees receive access instantly.

2. Automating deprovisioning strengthens security.

Access security no longer relies on manual deprovisioning, reducing security mistakes and risks. Together’s Derek Chamorro, Head of Security, shares that Serval "most importantly deprovisions automatically so it's not depending on the host to remember to remove access." And Perplexity's Head of Security, Kyle Polley, tells us that Serval is "an extension of the security team," ensuring access is "granted only for the necessary duration" thereby helping Perplexity practice the principle of least privilege.

3. Centralizing audit logs makes compliance easier.

Audit trails with justification, approvals, and duration live in one system. Companies completing audits like SOC 2, ISO 27001, or conducting internal access reviews have logs ready instead of piecing together data from multiple tools, reducing the burden of evidence collection for compliance teams.