When users request access to resources, EmpowerID uses policies to route those requests for approval. These policies include:
Access Request Policies – These policies are used to control access requests.
Approval Flow Policies – These policies target those who can approve or reject access requests.
Notification Policies – These policies specify who needs to be notified throughout the approval lifecycle of an access request.
In this model, Access Request policies are comprised of Approval Flow policies, which specify who can approve or reject requests for resources. Approval Flow policies, in turn, can be comprised of Approval Steps to direct the approval process through a sequential number of approvers. Notification policies work in tandem with these to generate approval notifications whenever access requests are raised by users.
EmpowerID includes default Access, Approval Flow, and Notification policies out of the box that generate approval tasks for those with the RBAC delegations needed to approve access requests and send email notifications to all involved parties; however, you can override this default behavior in favor of more granularity by creating or customizing these policies to specifically target designated personnel.
The topics in this section take you through the steps needed to configure approvals and approval routing within EmpowerID. The procedures outlined demonstrate building the above policies from a top-down approach by doing the following:
First, create an Approval Step with an Approver Resolver Rule
Second, create an Approval Flow policy with the Approval Step
Third, create a Business Request Type for the Approval Flow policy
Fourth, set the Business Request Type on the workflow used in the Approval Flow policy
Fifth, create an Access Request policy with the Approval Flow policy