- 09 May 2024
- 4 Minutes to read
- Print
- DarkLight
- PDF
Roles
- Updated on 09 May 2024
- 4 Minutes to read
- Print
- DarkLight
- PDF
Follow the steps to create a role workflow
Go to Workflow > Add Workflow.
On the add workflow screen, enter the following details:
Workflow Name: Enter a Workflow Name.
Workflow Type: Choose Access Request.
Workflow For: Choose Role from the drop-down.
Click Add. The Configuration screen appears by default.
Select one of the following options:
Suspend access when time for which access is granted expires: The account will be suspended when the given access time expires.
Delete access when time for which access is granted expires: The account will be deleted when the given time expires.
Click Save.
Target
Click Target > Add Target.
Choose the Role name you want as a target for this workflow.
Click Add.
Remove Target
Select an application to delete.
Click Remove Target to delete.
Confirm to Delete.
Approvers
Click Approvers > Add Approver.
Auto Approval: You can skip the approval process during the Access request workflow configuration. If the approval process is skipped, the request will automatically be approved.
Select 'Yes' to Auto Approval.Click Add Approver. The Add Approver screen appears.
Enter the approver's name and select the Approver Type (Manager, Role, User or Conditional Approver).
User as Approver
Select User as Approver Type.
Provide the username you wish to assign as the Approver. In this case, all the users mentioned will have approval authority.
Require approval from all?
If All the selected users need to approve the request.
If not, if any one of the users takes an approval action, the workflow will be completed.
Check the Configure Step Duration to delegate the request to another user if the number of days defined in the Step Duration is exceeded.
Provide the Username to whom the request must be delegated if the number of days exceeds.
Click Add.
Role as Approver
Select Role as Approver Type.
Provide the Role Name that you wish to assign as the Approver. In this case, all the users in that role will have the approval authority.
Require approval from all?
If All the selected users need to approve the request.
If not, if any one of the users takes an approval action, the workflow will be completed.
Check the Configure Step Duration to delegate the request to another user if the number of days defined in the step duration exceeds.
Provide the Username to whom the request must be delegated if the number of days exceeds.
Click Add.
Manager as Approver
Select Manager as Approver Type.
Provide the Manager Name you wish to assign as the Approver.
Check the Configure Step Duration to delegate the request to another user if the number of days defined in the step duration exceeds.
Provide the Username to whom the request must be delegated if the number of days exceeds.
Click Add.
Conditional Approver
A Conditional Approver can be selected as the Approver Type based on the requester's attribute.
As displayed in the following screen, an option to specify Requester will be available by adding User’s attribute with the condition ' Equals to, not Equals to, starts with, Ends with, Greater than, Lesser than, Contains, and a text field for the Attribute value.
After the Requester is defined, you can select the approver type as User, Role/Manager, Attribute-Based or Skip Approval.
Attribute-based Conditional Approver: Define the approver’s attribute, and this is a mandatory field for at least one row of Approver Condition.
Skip Approval: You must define Requester Attribute. It will skip the approval of that specified attribute and move forward to the next level of approval. You may add multiple requester attributes.
Example: In the requester attribute, we put a condition if the Location equals India. The request will not go to the approver if the location is in India. It will skip this step and go to the next level of approval.
Step Duration (days): Enter the number of days for the current approver to be valid. When the duration exceeds the days entered here, delegate the approval to another user.
Click Add.
Requester
As an administrator, you can allow users to perform the following:
Request access only for themselves,
Request access to their direct reports (as a manager)
Request access for any user in the organization.
To configure the Requester:
Go to Requester > Add Requester.
You can add a role(s), so the users present in the defined role will be able to raise a request for the configured Target.
Under Role Search, you can now select any of the following criteria to search for a role from the drop-down selection:
Equals to -The role name must be exactly similar to what is entered in the value field.
Not Equals to - The role name need not be similar to what is entered in the value field.
Starts with - The role name can start with what is entered in the value field.
Ends with - The role name can end with what is entered in the value field.
Contains - The role name can be part of what is entered in the value field.
Match all conditions - Select this checkbox to match all the search criteria.
Select the appropriate role from the output of the search criteria.
Click Add. A "Successfully added roles as requester" confirmation message is displayed.
Against the selected Role, select either of the following:
Request for Direct Reports: If you want to allow a user (as a manager) to request access to their direct reports.
Request for Others: If you want to allow a user to request access for any user in the organization.
Delete a Target
Select a target and click Remove Target.
A “Do you want to delete the selected user attribute name-value target?” confirmation message is displayed.
Click Delete. A “Target deleted successfully” confirmation message is displayed.