22.4 Approving Access Requests and Monitoring Approvals

If the Access Request policy specifies you as an approver for requests, you might have to approve requested items. Your Access Request administrators define these policies and specify items as needing further approval. You can reassign your tasks and view reassignment details.

Approval for technical role requests will display a single approval for the role if the Access Request Approval policy is configured for role level approval. Approving a role with role level approval, approves all permission requests associated with the role. If the approval policy is configured for permission level approval, approval requests will be generated for each permission the user does not hold. Those permissions will need to be approved individually.

Some administrators require business role members, a person’s supervisor, or an application owner to approve requested items, and some items might require multiple approvers. In these situations, you must approve items before the next designated approver receives them.

  1. In the Request interface, select Approvals and then select the type of approvals available to you based on your authorization.

    NOTE:Approvals and SoD approvals tasks are tasks that were generated based on requests made by users and processes of your Identity Governance system. Workflow approvals tasks are tasks that are generated when a approval request policy assigns workflow created using the Workflow service as an approver.

  2. (Optional) Search for specific request items using typeahead search or advanced search filters using the expression builder.

  3. (Optional) In the title bar, select Your Name > My Settings > Enable tile view to view the Application and Technical Roles as tiles.

    NOTE:Once you enable the tile view, you can switch from table to tile view on both request and approval pages.

  4. (Optional) Select Reassign to delegate an approval task.

  5. (Optional) Select View reassignments to view reassignment status of the current task.

  6. (Optional) In the title bar, select Your Name > My Settings > Delegate Mappings to delegate all your approval tasks.

  7. To approve or deny all items within an approval request:

    1. Expand the request and review details such as permission type, application, and request reason.

    2. Select all items included in the specific approval request.

    3. Select Actions and approve or deny requests to make a decision without providing additional information. Or approve or deny with additional information such as fulfillment instructions.

      NOTE:Some approval forms for specific resources might have required parameters. In those cases, the only bulk option for that resource will be the approve or deny with info options because you are required to provide a value. When there is a required field, clicking the approve or deny buttons on the right hand side will also open up the approval form.

  8. To approve or deny requested items individually:

    1. Select a requested item and review the details about the request, including information that might be helpful in making a decision.

      NOTE:By default, Identity Governance enables decision support information such as application name, permission type, risk, and business role authorization status. If you do not use business roles, and if you are also an administrator, you can disable the business role authorization status display by deselecting the Administration > Analytics and Role Mining Settings > Show business role authorization status option.

    2. (Optional) Provide fulfillment instructions or feedback to the requester. These instructions are mainly used for manual fulfillment.

    3. Select Approve or Deny for each requested item.

  9. Select Submit items.

  10. (Conditional) If you have the authorization to view other users’ approval tasks, click View all approvals at the top corner of the page to view all the approval requests.