Configuring Pre-Approval Processes for the IAM Shop
Pre-approval in EmpowerID allows certain users to activate resources without requiring manual approval. By configuring Access Request and Eligibility policies, administrators can streamline access for users who are pre-approved for specific resources. This article will help you set up eligibility criteria, configure Access Request policies, and test pre-approval setups to ensure users can activate resources.
Procedure
Step 1: Configure Pre-approval Eligibility for Resources
Administrators must define user eligibility criteria to enable the pre-approval process for specific resources. This involves setting parameters based on user attributes, roles, or organizational requirements to determine which users qualify for pre-approval. Once eligibility criteria are defined, you must enable pre-approval for the selected resources.
Steps to Configure Pre-Approval Eligibility
Sign in to Resource Admin as an administrator.
Select the Appropriate Resource Type: From the drop-down, choose the type of resource you wish to configure (e.g., Groups for a group).
Search and Access Resource Details: Search for the specific resource and click the Details button to access the Overview page.
Configure Eligibility: Click the Configure Eligibility button.
Edit IAM Shop Settings: In the wizard that appears, select Edit IAM Shop Settings and click Next.
Select Assignee Type: Under Pre-Approved Assignees, choose the appropriate assignee type (e.g., Management Role for a specific role).
Select Specific Assignee: Search and select the relevant assignee (e.g., if you picked Management Role, locate the specific role).
Add Additional Assignees as Needed: Repeat the previous steps to add other assignees if necessary. Repeat these steps to add other assignees if necessary.
Review and Finalize Assignees: Click the Added flag to review all pre-approved assignees. If needed, click the Delete button to remove any assignee before submitting changes.
Click Next and Review Operation Results: Click Next to proceed and review the operation results.
Submit Operation Summary: Click Submit to close the Operation Execution Summary.
Finish Workflow: Confirm Do you want to finish the workflow? and click Submit.
Verification: The pre-approved assignees will now appear under Eligibility on the resource's Overview page.
Step 2: Configure Access Request Policies for Pre-Approval
To allow pre-approved users to activate resources without the need for a business request, you must configure the appropriate Access Request Policies for that scenario.
Steps to Configure Access Request Policies:
Navigate to Access Request Policies: On the EmpowerID Web interface, expand Low Code/No Code Workflow and click Access Request Policies.
Edit the Access Request Policy: Search for the target policy and click Edit.
Enable Direct Activation: Toggle Allow Activation (Skip Business Request) to True.
Save Changes: Ensure all changes are saved.
Step 3: Test Pre-Approval
After configuring eligibility and access request policies, do the following to test your pre-approval setup to ensure it works as expected.
Testing Procedure:
Log in as a Test User: Use a test user account that meets the pre-approved eligibility criteria.
Navigate to the IAM Shop: Shop for a resource for which the user has been pre-approved. Verify that the Activate button is visible.
Activate the Resource: Click the Activate button and confirm that the system indicates activation is in progress (e.g., a message stating that access will be activated soon).
Next Steps
After completing the configuration of pre-approval eligibility and access request policies, consider the following:
Monitor and Verify Resource Activations: Regularly check the IAM Shop to ensure that the Activate button appears as expected for pre-approved resources and that activations proceed smoothly.
Review Eligibility and Access Policies Periodically: Eligibility criteria and access policies may need adjustments based on organizational changes or new requirements. Review these settings periodically to keep them up-to-date.
IN THIS ARTICLE