Source: Introducing Serval’s AI-Native Access Management
Source: serval.com/updates/introducing-access-management — Nov 3, 2025
What It Covers
Launch of Serval’s integrated access-management product. Strategic claim: software access requests are ~40% of help-desk tickets, currently fragmented across separate JIT-access tools, and belong inside the ITSM as trackable, auditable tickets with AI-driven UX.
Key Claims
- “Software access requests comprise ~40% of help desk tickets.” (extracted)
- “Serval is the first ITSM with an integrated access management solution.” (extracted)
- Three configurable primitives:
- Profiles — who can request access to what app/resource/role
- Policies — time-bound access, approval workflows, business-justification requirements
- Provisioning methods — SCIM (via existing IdP), custom workflows, direct API, manual
- Four AI-specific capabilities:
- Conversational disambiguation — users describe what they need (“Figma access”); Serval surfaces available roles (Editor / Admin / Group Admin) and guides them to the right level. Quote from Kyle Randolph (CISO @ Verkada): “Instead of messing with clunky web interfaces or pinging someone in security, you just type your request in natural language in Slack, explain what you need and why, and the LLM handles translating it into the right access so you can get your job done.” (extracted)
- AI-built custom approval workflows — beyond manager-routing: e.g. “check if peers have similar access in Okta → evaluate business justification with AI → approve if conditions met.”
- Custom provisioning workflows from natural language — e.g. send invite via app’s API, open GitHub PR for Terraform change.
- Risk/cost analysis — identify overprovisioned licenses and excessive access; reclaim wasted spend.
- Customer metrics cited:
- Perplexity, Mercor, Verkada — automating >50% of tickets, “largely thanks to access management flows.”
- Together AI — 95% of just-in-time infrastructure access requests automated. Derek Chamorro (Head of Security): “Most importantly deprovisions automatically so it’s not depending on the host to remember to remove access.”
- Perplexity Kyle Polley (Head of Security): Serval ensures access is “granted only for the necessary duration.”
Notable Phrasing
- “AI-native access management”
- “Imperfect or incomplete requests” (UX framing for users who don’t know exact IAM role names)
- “Audit trails with justification, approvals, and duration in one system”
Strategic Implications
- Access management is Serval’s second product surface — a direct attack on Tier-D adjacent tools (Opal, Tori, Lumos, JumpCloud) by absorbing the use case into the ITSM.
- The 40% of tickets claim, if accepted, makes access management the single highest-leverage automation surface — and explains why Serval ships it as a first-class product, not an integration.
- Verkada CISO endorsement is notable: Verkada is the founders’ alma mater, so the deployment is partly relationship-driven, but the public quote still functions as a customer reference.
Limitations
- “First ITSM with integrated access management” claim is contestable — Console also has a named Access Management module. (Likely both companies independently arrived at this conclusion.)
- No data on lift in time-to-access, deprovisioning compliance rate, or licence-spend recovery.