Entitlement
  • 22 Sep 2024
  • 6 Minutes to read
  • Dark
    Light
  • PDF

Entitlement

  • Dark
    Light
  • PDF

Article summary

To create entitlement workflows:

  1.  Go to Workflow > Add Workflow.

  2.  On the add workflow screen, enter the following details:

    • Workflow Name: Enter a Workflow Name.

    • Workflow Type: Choose it as Access Request. 

    • Workflow For: Choose Entitlement from the drop-down.

  3. Click Add. The Configuration screen appears by default.

  4. Select one of the following options:

    • Suspend access when time for which access is granted expires: The account will be suspended when the given access time expires.

    • Delete access when time for which access is granted expires: The account will be deleted when the given time expires.

  5. Click Save.

Target

  1. Click Target > Add Target.

  2. Select the Application from the drop-down and choose the entitlement name you want as a target for this workflow.

  3. Click Add.

Remove Target

  1.  Select an application to delete.

  2. Click Remove Target to delete.

  3.  Confirm to Delete.

Approvers

  1. Click Approvers > Add Approver.

  2. Auto Approval: You can skip the approval process during the Access request workflow configuration. If the approval process is skipped, the request will automatically be approved.
    Select 'Yes' to Auto Approval.

  3. Click Add Approver. The Add Approver screen appears.

  4. Enter the approver's name and select the Approver Type (Manager, Role, User or Conditional Approver).

User as Approver

  1. Select User as Approver Type.


  2. Provide the username you wish to assign as the Approver. In this case, all the users mentioned will have approval authority. 

  3. Require approval from all?  

    • If All the selected users need to approve the request. 

    • If not, if any one of the users takes an approval action, the workflow will be completed.

  4. Check the Configure Step Duration to delegate the request to another user if the number of days defined in the Step Duration is exceeded. 

  5. Provide the Username to whom the request must be delegated if the number of days exceeds.

  6. Click Add.

Role as Approver

  1. Select Role as Approver Type.

  2. Provide the Role Name that you wish to assign as the Approver. In this case, all the users in that role will have the approval authority. 

    1. Require approval from all?  

      • If All the selected users need to approve the request. 

      • If not, if any one of the users takes an approval action, the workflow will be completed.

    2. Check the Configure Step Duration to delegate the request to another user if the number of days defined in the step duration exceeds. 

    3. Provide the Username to whom the request must be delegated if the number of days exceeds.

    4. Click Add.

Manager as Approver

  1. Select Manager as Approver Type. 

  2. Provide the Manager Name you wish to assign as the Approver.  

  3. Check the Configure Step Duration to delegate the request to another user if the number of days defined in the step duration exceeds. 

  4. Provide the Username to whom the request must be delegated if the number of days exceeds.

  5. Click Add. 

Conditional Approver

A Conditional Approver can be selected as the Approver Type based on the requester's attribute.

  1. As displayed in the following screen, an option to specify Requester will be available by adding user’s attribute with the condition ' Equals to, not Equals to, starts with, Ends with, Greater than, Lesser than, Contains, and a text field for the Attribute value.

  2. After the Requester is defined, you can select the Approver type as User, Role/Manager, Attribute-Based or Skip Approval.

    • Attribute-based Conditional Approver: Define the approver’s attribute, and this is a mandatory field for at least one row of Approver Condition.

    • Skip Approval: You must define Requester Attribute. It will skip the approval of that specified attribute and move forward to the next level of approval. You may add multiple requester attributes.

Example: In the requester attribute, we put a condition if the Location equals India. The request will not go to the approver if the location is in India. It will skip this step and go to the next level of approval.

  • Step Duration (days): Enter the number of days for the current approver to be valid. When the duration exceeds the days entered here, delegate the approval to another user.

Requester

As an administrator, you can allow users to perform the following:

  • Request access only for themselves,

  • Request access to their direct reports (as a manager)

  • Request access for any user in the organization.

To configure the Requester:

  1. Go to Requester > Add Requester.

  2. You can add a role(s), so the users present in the defined role will be able to raise a request for the configured Target.  

  3. Under Role Search, you can now select any of the following criteria to search for a role from the drop-down selection:

    • Equals to -The role name must be exactly similar to what is entered in the value field.

    • Not Equals to - The role name need not be similar to what is entered in the value field.

    • Starts with - The role name can start with what is entered in the value field.

    • Ends with - The role name can end with what is entered in the value field.

    • Contains - The role name can be part of what is entered in the value field.

    • Match all conditions - Select this checkbox to match all the search criteria.

  4. Select the appropriate role from the output of the search criteria.

  5. Click Add. A "Successfully added roles as requester" confirmation message is displayed.

  6. Against the selected Role, select either of the following:

  • Request for Direct Reports:  If you want to allow a user (as a manager) to request access to their direct reports.

  • Request for Others: If you want to allow a user to request access for any user in the organization.

View/Edit Custom Attribute

As an administrator, you can view/edit Custom Attribute Settings applicable only for Application and Entitlement Access Request workflows.

To perform operations on the target tab:

  1. Click Target >View/Edit Custom Attribute Settings.

    2. Below screen appears:

    3. Based on the attributes selected, it will be displayed to the end user while requesting access or to the approver while approving access. Select the following checkboxes:

    • Show in Access Request: This box allows the requester and approver to view the corresponding attribute while requesting or approving access for specific applications/entitlements. If the field is unchecked, the other two options are disabled.

    • Editable by Requester: Select this box to allow the requester to edit corresponding attributes while creating a request for the application/entitlement. If the field is unchecked, the requester can only view the details entered by the approver.

    • Editable by approver: Select this box to allow the approver to edit corresponding attributes while approving the request for application/entitlement. If the field is unchecked, the approver can only view the details entered by the requester.

View/edit User Schema Attribute

As an administrator, you can view/edit User Schema Attributes. It is applicable only for Application and Entitlement Access Request workflows.

To perform operations on the target tab:

  1. Click Target. The Target screen appears:

    2. Click View/Edit User Attribute Settings. Below screen appears:

  2. Based on the attributes selected, it will be displayed to the end user while requesting access or to the approver while approving access. Select the following checkboxes:

    • Show in Access Request: This box allows the requester and approver to view the corresponding attribute while requesting or approving access for specific applications/entitlements. If the field is unchecked, the other two options are disabled.

    • Editable by Requester: Select this box to allow the requester to edit corresponding attributes while creating a request for the application/entitlement. If the field is unchecked, the requester can only view the details entered by the approver.

    • Editable by approver: Select this box to allow the approver to edit corresponding attributes while approving the request for application/entitlement. If the field is unchecked, the approver can only view the details entered by the requester.

Delete a Target

  1. Select the target.

  2. Click Remove Target. A “Do you want to delete the selected user attribute name-value target?” confirmation message is displayed.

  3. Click Delete. A “Target deleted successfully” confirmation message is displayed.


Was this article helpful?

What's Next