Use the Requester tab to configure the requester settings for an access request policy.
Property | Description | ||
---|---|---|---|
Reasons |
Click
| ||
Require Reason |
Select this check box to require that a requester provide a Reason when requesting access. This option is only available if you have selected Reasons for the policy. If you add reasons to a policy, and leave this option cleared, the users will have the option of choosing a reason; but they will not be required to select a reason. | ||
Require Comment |
Select this check box to require that a requester provide a Comment when making an access request. | ||
Require Ticket Number |
Select this check box to require that a requester provide a ticket number when making an access request.
| ||
Duration of Access Approval |
Enter or select the default duration (days, hours, and minutes) that the requester can access the accounts and assets governed by this policy. The access duration cannot exceed a total of 7 days (10080 minutes) | ||
Allow Requester to Change Duration | Select this check box to allow the requester the ability to modify the access duration. | ||
Maximum Time Requester Can Have Access |
If you select the Allow Requester to Change Duration option, you can set the maximum duration (days, hours, and minutes) that the requester can access the accounts and assets governed by this policy. The default access duration is 7 days. The maximum access duration is 31 days. The user can change the access duration, but he cannot access the accounts or assets governed by this policy for longer than the maximum access duration time. |
Use the Approver tab to specify the approver settings for an access request policy.
Property | Description | ||||
---|---|---|---|---|---|
Auto-Approved |
Select this option to automatically approve all access requests for accounts and assets governed by this policy. | ||||
Notify when Account is Auto-Approved | To |
(Optional) When no approvals are required, enter an email address or select To to choose a user to notify when access is auto-approved. If you used the To button to add Safeguard for Privileged Passwords users, you can use the
| ||||
Approvals Required |
Select this option to require approval for all access requests for accounts and assets governed by this policy. Enter the following information:
| ||||
Notify if approvers have pending requests after To |
(Optional) Select this check box to enable notifications.
| ||||
Approval Anywhere has been enabled. View enabled users. |
Indicates that the Approval Anywhere feature has been configured. Click the users link to view a list of the users who are authorized to approve requests using this feature. You can add users as Approval Anywhere approvers by clicking the |
Use the Reviewer tab to define the reviewer settings for an access request policy.
Property | Description | ||||||
---|---|---|---|---|---|---|---|
Review Not Required |
This check box is selected by default indicating that no review is required for completed access requests for accounts and assets governed by this policy.
| ||||||
Review Required |
Select this check box to require a review of completed access requests for accounts and assets governed by this policy.
| ||||||
Require Comment |
Select this check box if the reviewer is required to enter a comment when reviewing an access request. | ||||||
Notify if reviewers have pending reviews after To |
(Optional) Select this check box to enable notifications.
|
Use the Access Config tab to configure the access settings for the type of access being requested, based on the access type specified on the General tab.
Property |
Description | ||
---|---|---|---|
Access Type |
This is a read-only field displaying the type of access selected on the General tab:
| ||
Include password release with sessions requests |
Select this check box to include a password release with session access requests.
| ||
Terminate expired sessions |
Select this check box to terminate sessions that have expired.
| ||
Change password after check-in |
Select this check box if the password is to be changed after the user checks it back in.
| ||
Allow simultaneous access |
Select this check box to allow multiple users access to the accounts and assets governed by this policy. | ||
Maximum users at one time |
When the Allow simultaneous access option is selected, enter the maximum number of users that can request access at one time. | ||
Asset-Based Session Access |
Select one of the following options to define the type of account credentials to be used to access the asset or account when a session is requested:
|
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy