Configuring Pre-Approval Processes for the IAM Shop

Pre-approval in EmpowerID allows certain users to activate resources without requiring manual approval. By configuring Access Request and Eligibility policies, administrators can streamline access for users who are pre-approved for specific resources. This article will help you set up eligibility criteria, configure Access Request policies, and test pre-approval setups to ensure users can activate resources.

Procedure

Step 1: Configure Pre-approval Eligibility for Resources

Administrators must define user eligibility criteria to enable the pre-approval process for specific resources. This involves setting parameters based on user attributes, roles, or organizational requirements to determine which users qualify for pre-approval. Once eligibility criteria are defined, you must enable pre-approval for the selected resources.

Steps to Configure Pre-Approval Eligibility

1. Sign in to Resource Admin as an administrator.

2. Select the Appropriate Resource Type: From the drop-down, choose the type of resource you wish to configure (e.g., Groups for a group).

3. Search and Access Resource Details: Search for the specific resource and click the Details button to access the Overview page.
   
   

   Open

   

    

4. Configure Eligibility: Click the Configure Eligibility button.
   
   

   Open

   

5. Edit IAM Shop Settings: In the wizard that appears, select Edit IAM Shop Settings and click Next.
   
   

    

6. Select Assignee Type: Under Pre-Approved Assignees, choose the appropriate assignee type (e.g., Management Role for a specific role).
   
   

    

7. Select Specific Assignee: Search and select the relevant assignee (e.g., if you picked Management Role, locate the specific role).
   
   

    

8. Add Additional Assignees as Needed: Repeat the previous steps to add other assignees if necessary. Repeat these steps to add other assignees if necessary.

9. Review and Finalize Assignees: Click the Added flag to review all pre-approved assignees. If needed, click the Delete button to remove any assignee before submitting changes.
   
   

    

10. Click Next and Review Operation Results: Click Next to proceed and review the operation results.
    
    

11. Submit Operation Summary: Click Submit to close the Operation Execution Summary.
    
    

     

12. Finish Workflow: Confirm Do you want to finish the workflow? and click Submit.

     

13. Verification: The pre-approved assignees will now appear under Eligibility on the resource's Overview page.

     

Step 2: Configure Access Request Policies for Pre-Approval

To allow pre-approved users to activate resources without the need for a business request, you must configure the appropriate Access Request Policies for that scenario.

Steps to Configure Access Request Policies:

1. Navigate to Access Request Policies: On the EmpowerID Web interface, expand Low Code/No Code Workflow and click Access Request Policies.

2. Edit the Access Request Policy: Search for the target policy and click Edit.
   
   

    

3. Enable Direct Activation: Toggle Allow Activation (Skip Business Request) to True.
   
   

4. Save Changes: Ensure all changes are saved.

Step 3: Test Pre-Approval

After configuring eligibility and access request policies, do the following to test your pre-approval setup to ensure it works as expected.

Testing Procedure:

1. Log in as a Test User: Use a test user account that meets the pre-approved eligibility criteria.

2. Navigate to the IAM Shop: Shop for a resource for which the user has been pre-approved. Verify that the Activate button is visible.
   
   

3. Activate the Resource: Click the Activate button and confirm that the system indicates activation is in progress (e.g., a message stating that access will be activated soon).
   
   

    

Next Steps

After completing the configuration of pre-approval eligibility and access request policies, consider the following:

1. Monitor and Verify Resource Activations: Regularly check the IAM Shop to ensure that the Activate button appears as expected for pre-approved resources and that activations proceed smoothly.

2. Review Eligibility and Access Policies Periodically: Eligibility criteria and access policies may need adjustments based on organizational changes or new requirements. Review these settings periodically to keep them up-to-date.