Approval Workflow

the approval workflow is available for managerial approval of connections and commands the implementation of an approval workflow for connections and/or commands leads to a fully customized and flexible environment to manage the authentication process these managerial approval features allow the configuration of a one level approval mechanism by default, with the user group manager as the managing authority increasing levels of managerial approval can be added, in which case, the approval authority can now be assigned for each level the approval authority can be a user group manager, members of a user group, or any external email address or phone number, which are not required to be defined in the kron pam instance the approval workflow feature can be managed as a policy and used in a device realm to flexibly control each user group’s authentication and authorization processes for each device group to configure the approval workflow navigate to policy > approval workflow click +add define a name for workflow info and description, then click next to define workflow levels (select the disable instant approval checkbox if you want to disable instant approval ) configure the level details in the levels step, select the authority and approval tool, and click save after adding one level to the workflow, you can save the workflow or add more levels by using the click of the + plus button if a workflow level is deleted, the new workflow will only be used for new reservation requests for already created requests the previously created workflow levels are used hints for the approval workflow configuration the authority field in the add level window includes three options the escalate to group manager option allows the manager of the selected group to respond to the approval request the escalate to group option allows one of the selected group members to respond to the approval request the ad line manager option allows the requester’s active directory manager to respond to the approval request the select user group for approver option allows you to send approval notifications to other approvers only the select user group for requester option allows you to send approval notifications to other requesters only the group field in the add level window is a combo box that defines which user group’s manager or members will be selected as the approving authority the notification type field in the add level window includes three choices email, sms, and email and sms these are the mediums for sending the approval request to the approving authority the timeout period field in the add level window is a combo box where you can select the timeout period to start an escalation default values are 30 minutes, 2 hours, and 24 hours you can change the values in the combo box with the approval workflow\ level timeout period values parameter in the system config manager the request gets escalated to the escalation authority after the specified period if nothing is selected, no escalation takes place the timeout action field in the add level window defines the action after the timeout period selecting escalate to group manager or escalate to group redirects the request to the group manager or the group selected in the escalation field the request expires after the timeout period if expire is selected the escalation group field in the add level window defines which user group’s manager or members will be selected for the approval escalation