Approval Workflow
The Managerial Approval feature can also be managed by creating workflows so that the authentication and authorization processes are fully customized in terms of approval management. The Approval Workflow is available for Managerial Approval of Connections and Commands. The implementation of an approval workflow for connections and/or commands leads to a fully customized and flexible environment to manage the authentication process.
These Managerial Approval features allow the configuration of a one level approval mechanism by default, with the user group manager as the managing authority. Additional and increasing levels of managerial approval can be added, in which case, the approval authority can now be assigned for each level - the approval authority can be a user group manager, members of a user group, or any external email address or phone number, which are not required to be defined in the Single Connect instance.
The Approval Workflow feature can be managed as a policy and used in a policy realm so that the designed workflow can be applied to device realms to flexibly control each user groups’ authentication and authorization processes for each device group.
To configure the Approval Workflow:
- Navigate to Policy Control > Session Policy > Approval Workflow.
- Define a name for the Approval Workflow and click Add Level.
- Configure the level details in the Add Level window. Select the Authority and Approval Tool and click Save.
- After adding one level into the workflow, you can save the workflow or add more levels by using the Add Level button.
Hints for the Approval Workflow Configuration:
- The Authority field in the Add Level window includes two options:
- The Group Manager option allows the manager of the selected group to respond to the approval request. The Group option allows one of the selected group members to respond to the approval request.
- The Select Group field in the Add Level window is a combo box that defines which User Group’s Manager or members will be selected as the approving authority.
- The Approval Tool field in the Add Level window includes two checkboxes: Email and SMS - these are the mediums for sending the approval request to the approving authority.
- The Timeout Period field in the Add Level window is a combo box where you can select the timeout period to start an escalation. Default values are 30 minutes, 2 hours and 24 hours. You can change the values in the combo box with the approval.workflow.level.timeout.period.values parameter in the System Config. Man. The request gets escalated to the Escalation Authority after the specified period. If nothing is selected, no escalation is done.
- The Escalation Authority field in the “Add Level window selects the authority to whom the request will be escalated after the Timeout Period. The selection mechanism is similar to the Authority field.
- The Escalation Group field in the Add Level window defines which User Group’s Manager or members will be selected for the approval escalation.
- The Options button in the Workflow Level settings panel controls the level order and includes two options: Up-Level and Down Level.
The Approval Workflow feature can be used to manage user authentication to devices by using the defined approval workflow as a policy. This is only applicable to RDP/SSH/SFTP/HTTP Proxy sessions. To use the designed workflow during user connection to some devices:
- Navigate to Policy Control > Session Policy > Policy Group.
- In the Action combo box on the right side of the page, select Approval via Email.
- Select the desired workflow from the Workflow for Connection Approval list, which will be enabled after selecting Approval via Email.
The Approval Workflow feature can be used to manage authorization in devices by using the defined approval workflow as a policy, which means some commands will need approval(s) to be run during the session.
To use the designed workflow to configure user authorization:
- Navigate to Policy Control > Session Policy > Policy Group.
- Add the commands that can be run, if approved by the designated authority
- In the Action combo box on the right side of the page, select Approval via Email.
- Select the desired workflow from the Workflow for Command Approval list, which will be enabled after selecting Approval via Email.