Managerial Approval for Connections
The Connection Approval feature is used for setting up and managing user authentications in device connections (in RDP Proxy, SSH Proxy, SFTP Proxy, and HTTP Proxy). Admins can configure an approval process so that users will require managerial approval to connect devices. Connection approvals may be given by managers or members of user groups.
To disable instant approval connections and use only connection reservation, the following parameters are set to true. Their default value is false.
disable.instant.approval.for.ssh disable.instant.approval.for.rdp disable.instant.approval.for.sftp disable.instant.approval.for.http
Refer to the APPENDIX 1: System Config Manager Parameters
If you want to set up an approval process to manage connections of a specific group to a specific device group, you should configure an Approval Workflow. Refer to Approval Workflow the chapter for details.
If the requester is also the manager of the group and auto.approve.when.requester.is.approver is set as true, approval will be given automatically and the connection will be established. Thus, the manager does not need to actively approve.
When you want to approve or reject connections via email, the manager receives an email including the header as this: <instanceName> - Connection Approval Notification - #<approvalID>
My approvals page shows request details and the Approver Manager, which helps me know who will be approving the request.
If the manager does not approve or reject connection requests and approval.status.change.to.expire is defined as min, the request status changes from Waiting to Expired on my Approvals Page.