When users request access to resources, EmpowerID uses policies to route those requests for approval. These policies include:

• Access Request Policies — These policies are used to control access requests.
• Approval Flow Policies — These policies target who can approve or reject access requests.
• Notification Policies — These policies specify who needs to be notified throughout the approval lifecycle of raised access requests.

In this model, Access Request policies are comprised of Approval Flow policies, which specify who can approve or reject requests for resources. Approval Flow policies, in turn can be comprised of Approval Steps to direct the approval process through a sequential number of approvers. Notification policies work in tandem with these to generate approval notifications whenever an access requests are raised by users.

EmpowerID includes default Access, Approval Flow, and Notification policies out of the box that generate approval tasks and for those with the RBAC delegations needed to approve access requests and send email notifications to all involved parties; however, you can override this default behavior in favor of more granularity by creating or customizing these policies to specifically target designated personnel.