Configuring Pre-Approval Processes for the IAM Shop

Pre-approval in EmpowerID allows certain users to activate resources without requiring manual approval. By configuring Access Request and Eligibility policies, administrators can streamline access for users who are pre-approved for specific resources. This article will help you set up eligibility criteria, configure Access Request policies, and test pre-approval setups to ensure users can activate resources.

Procedure

Step 1: Configure Pre-approval Eligibility for Resources

Administrators must define user eligibility criteria to enable the pre-approval process for specific resources. This involves setting parameters based on user attributes, roles, or organizational requirements to determine which users qualify for pre-approval. Once eligibility criteria are defined, you must enable pre-approval for the selected resources.

Steps to Configure Pre-Approval Eligibility

  1. Sign in to Resource Admin as an administrator.

  2. Select the Appropriate Resource Type: From the drop-down, choose the type of resource you wish to configure (e.g., Groups for a group).

  1. Search and Access Resource Details: Search for the specific resource and click the Details button to access the Overview page.

    image-20241014-170938.png

     

  2. Configure Eligibility: Click the Configure Eligibility button.

    image-20241015-144857.png

  3. Edit IAM Shop Settings: In the wizard that appears, select Edit IAM Shop Settings and click Next.

     

  4. Select Assignee Type: Under Pre-Approved Assignees, choose the appropriate assignee type (e.g., Management Role for a specific role).

     

  5. Select Specific Assignee: Search and select the relevant assignee (e.g., if you picked Management Role, locate the specific role).

     

  6. Add Additional Assignees as Needed: Repeat the previous steps to add other assignees if necessary. Repeat these steps to add other assignees if necessary.

  7. Review and Finalize Assignees: Click the Added flag to review all pre-approved assignees. If needed, click the Delete button to remove any assignee before submitting changes.

     

  8. Click Next and Review Operation Results: Click Next to proceed and review the operation results.

  9. Submit Operation Summary: Click Submit to close the Operation Execution Summary.

     

  10. Finish Workflow: Confirm Do you want to finish the workflow? and click Submit.

     

  11. Verification: The pre-approved assignees will now appear under Eligibility on the resource's Overview page.

     

Step 2: Configure Access Request Policies for Pre-Approval

To allow pre-approved users to activate resources without the need for a business request, you must configure the appropriate Access Request Policies for that scenario.

Steps to Configure Access Request Policies:

  1. Navigate to Access Request Policies: On the EmpowerID Web interface, expand Low Code/No Code Workflow and click Access Request Policies.

  2. Edit the Access Request Policy: Search for the target policy and click Edit.

     

  3. Enable Direct Activation: Toggle Allow Activation (Skip Business Request) to True.

  4. Save Changes: Ensure all changes are saved.

Step 3: Test Pre-Approval

After configuring eligibility and access request policies, do the following to test your pre-approval setup to ensure it works as expected.

Testing Procedure:

  1. Log in as a Test User: Use a test user account that meets the pre-approved eligibility criteria.

  2. Navigate to the IAM Shop: Shop for a resource for which the user has been pre-approved. Verify that the Activate button is visible.

  3. Activate the Resource: Click the Activate button and confirm that the system indicates activation is in progress (e.g., a message stating that access will be activated soon).

     

Next Steps

After completing the configuration of pre-approval eligibility and access request policies, consider the following:

  1. Monitor and Verify Resource Activations: Regularly check the IAM Shop to ensure that the Activate button appears as expected for pre-approved resources and that activations proceed smoothly.

  2. Review Eligibility and Access Policies Periodically: Eligibility criteria and access policies may need adjustments based on organizational changes or new requirements. Review these settings periodically to keep them up-to-date.

IN THIS ARTICLE