/
Configuring Pre-Approval Processes for the IAM Shop

Configuring Pre-Approval Processes for the IAM Shop

Owned by Phillip Hanegan
Oct 15, 2024
4 min read

Pre-approval in EmpowerID allows certain users to activate resources without requiring manual approval. By configuring Access Request and Eligibility policies, administrators can streamline access for users who are pre-approved for specific resources. This article will help you set up eligibility criteria, configure Access Request policies, and test pre-approval setups to ensure users can activate resources.

Procedure

Step 1: Configure Pre-approval Eligibility for Resources

Administrators must define user eligibility criteria to enable the pre-approval process for specific resources. This involves setting parameters based on user attributes, roles, or organizational requirements to determine which users qualify for pre-approval. Once eligibility criteria are defined, you must enable pre-approval for the selected resources.

Steps to Configure Pre-Approval Eligibility

  1. Sign in to Resource Admin as an administrator.

  2. Select the Appropriate Resource Type: From the drop-down, choose the type of resource you wish to configure (e.g., Groups for a group).

  1. Search and Access Resource Details: Search for the specific resource and click the Details button to access the Overview page.

    image-20241014-170938.png

     

  2. Configure Eligibility: Click the Configure Eligibility button.

    image-20241015-144857.png

  3. Edit IAM Shop Settings: In the wizard that appears, select Edit IAM Shop Settings and click Next.

     

  4. Select Assignee Type: Under Pre-Approved Assignees, choose the appropriate assignee type (e.g., Management Role for a specific role).

     

  5. Select Specific Assignee: Search and select the relevant assignee (e.g., if you picked Management Role, locate the specific role).

     

  6. Add Additional Assignees as Needed: Repeat the previous steps to add other assignees if necessary. Repeat these steps to add other assignees if necessary.

  7. Review and Finalize Assignees: Click the Added flag to review all pre-approved assignees. If needed, click the Delete button to remove any assignee before submitting changes.

     

  8. Click Next and Review Operation Results: Click Next to proceed and review the operation results.

  9. Submit Operation Summary: Click Submit to close the Operation Execution Summary.

     

  10. Finish Workflow: Confirm Do you want to finish the workflow? and click Submit.

     

  11. Verification: The pre-approved assignees will now appear under Eligibility on the resource's Overview page.

     

Step 2: Configure Access Request Policies for Pre-Approval

To allow pre-approved users to activate resources without the need for a business request, you must configure the appropriate Access Request Policies for that scenario.

Steps to Configure Access Request Policies:

  1. Navigate to Access Request Policies: On the EmpowerID Web interface, expand Low Code/No Code Workflow and click Access Request Policies.

  2. Edit the Access Request Policy: Search for the target policy and click Edit.

     

  3. Enable Direct Activation: Toggle Allow Activation (Skip Business Request) to True.

  4. Save Changes: Ensure all changes are saved.

Step 3: Test Pre-Approval

After configuring eligibility and access request policies, do the following to test your pre-approval setup to ensure it works as expected.

Testing Procedure:

  1. Log in as a Test User: Use a test user account that meets the pre-approved eligibility criteria.

  2. Navigate to the IAM Shop: Shop for a resource for which the user has been pre-approved. Verify that the Activate button is visible.

  3. Activate the Resource: Click the Activate button and confirm that the system indicates activation is in progress (e.g., a message stating that access will be activated soon).

     

Next Steps

After completing the configuration of pre-approval eligibility and access request policies, consider the following:

  1. Monitor and Verify Resource Activations: Regularly check the IAM Shop to ensure that the Activate button appears as expected for pre-approved resources and that activations proceed smoothly.

  2. Review Eligibility and Access Policies Periodically: Eligibility criteria and access policies may need adjustments based on organizational changes or new requirements. Review these settings periodically to keep them up-to-date.

IN THIS ARTICLE





 

Related content

Configure Location Usage Types
Configure Location Usage Types
EmpowerID Admin Guide v7.211.0.0
Read with this
Configuring Pre-Approval Processes for the IAM Shop
Configuring Pre-Approval Processes for the IAM Shop
EmpowerID Admin Guide v7.212.0.0
More like this
Assign Business Roles to Business Domains and Subdomains
Assign Business Roles to Business Domains and Subdomains
EmpowerID Admin Guide v7.211.0.0
Read with this
Configure Approval Steps
Configure Approval Steps
EmpowerID Admin Guide 23
More like this
Working with Location Usage Types
Working with Location Usage Types
EmpowerID Admin Guide v7.211.0.0
Read with this
Shop for Resources
Shop for Resources
EmpowerID User Guide v21
More like this