By default, One Identity Manager supplies approval policies and approval workflows. These are used in the approval processes of the Identity & Access Lifecycle shop.
Approval policies/workflow |
Description |
Shelf | Product |
---|---|---|
Compliance checking simplified |
Compliance checking and exception approval for all products on the shelf that do not have their own approval policy assigned to them. For more information, see Testing requests for rule compliance. |
Identity Lifecycle |
Self-service |
Assignment requests and delegations are automatically approved by default. For more information, see Standard products for assignment requests. |
Identity Lifecycle | Delegation |
Identity Lifecycle | Business role entitlement assignment | ||
Identity Lifecycle | Business role membership | ||
Self-service |
Automatic approval for all products on the shelf that do not have their own approval policy assigned to them. For more information, see Self-service. |
Group Lifecycle Azure Active Directory groups Azure Active Directory subscriptions Disabled Azure Active Directory service plans Exchange Online distribution groups Office 365 groups Microsoft Teams teams |
Terms of Use acknowledgment for third-party orders (sample) |
Copy template for requests with terms of use. For more information, see Approving requests with terms of use. |
|
Challenge loss of role membership |
Limited period assignment requests for role memberships are automatically granted approval. For more information, see Requests with limited validity period for changed role memberships. |
Identity Lifecycle | Challenge loss of role membership |
New manager assignment |
Requesting a change of manager must be approved by the new manager. For more information, see Requesting change of manager for an employee. |
Identity Lifecycle | New manager assignment |
Approval of Active Directory group create requests |
New Active Directory group requests must be approved by the target system manager. The groups are added in One Identity Manager and published in the target system. For more information about this, see the One Identity Manager Administration Guide for Connecting to Active Directory. |
Group Lifecycle | New Active Directory security group |
Group Lifecycle | New Active Directory distribution group | ||
Approval of Active Directory group change requests |
Changes to group type and range of Active Directory groups must be approved by the target system manager. For more information about this, see the One Identity Manager Administration Guide for Connecting to Active Directory. |
Group Lifecycle | Modify Active Directory group |
Approval of Active Directory group deletion requests |
Deleting an Active Directory group, must be approved by the target system manager. For more information about this, see the One Identity Manager Administration Guide for Connecting to Active Directory. |
Group Lifecycle | Delete Active Directory group |
Approval of Active Directory group membership requests |
Product owners and target system managers can request members for groups in these shelves. For more information about this, see the One Identity Manager Administration Guide for Connecting to Active Directory. |
Active Directory groups |
Approval of SharePoint group create requests |
New SharePoint group requests must be approved by the target system manager. The groups are added in One Identity Manager and published in the target system. For more information about this, see the One Identity Manager Administration Guide for Connecting to SharePoint. |
Group Lifecycle | New SharePoint group |
Approval of group membership requests |
Product owners and target system managers can request members for groups in these shelves. For more information about this, see the One Identity Manager Administration Guide for Connecting to SharePoint. |
SharePoint groups |
Approval of system entitlement removal requests |
This approval policy can be used to configure automatic deletion of memberships in Active Directory groups. |
Approval of system entitlement removal requests |
Approval of privileged access requests |
Requests for access must be approved by the owner of the privileged object. To make an access request, additional system prerequisites must be met by the Privileged Account Management system. For more information about PAM access requests, see the One Identity Manager Administration Guide for Privileged Account Governance. |
Privileged access | Password request Privileged access | SSH session request Privileged access | Remote desktop session request Privileged access | Telnet session request |