Reference Guide
...
SAPM Notification Settings
SAPM Mail List Notifications

Password Retrieval Second-Level Approval Notifications

5min

A two-level approval can be set up for the desired user groups with a Device Group Realm defined with the device that contains the SAPM account. These user groups should have a SAPM Second Level Approval Requirement function group defined in their Portal Functions Realm. To do so, follow these steps:

  1. Navigate to Policy Control > Portal Functions.
  2. Set the realm between the SAPM Second Level Approval Requirement function group and the user group of the user that will need the second-level approval.

When a user who requires two-level approval attempts to retrieve an SAPM password, a SAPM Password Approval Request email is sent to the list below:

  • User groups with the single.connect.sapm.admin and the single.connect.sapm.network.admin portal functions

single.connect.sapm.admin

Grants rights to manage all SAPM accounts and view all logs.

single.connect.sapm.network.admin

Grants rights to manage and view all accounts of devices defined to the user in device group realms.

  • User groups with the FULL_CONTROL permission over the SAPM Account that requested the approval.

To set up managerial approval for SAPM password retrieval:

  1. Navigate to Policy Control > Portal Functions.
  2. Set the realm between the SAPM Admin function group and the user group of the user that will be able to provide first approval for all password retrieval requests AND/OR Set the realm between the SAPM Network Admin function group and the user group of the user that will be able to provide first approval for all password retrieval requests related to the devices in their Device Group Realms only.

If a user from these lists approves the initial request, a SAPM Password Approval Request email is sent to the second-level approvers, who are:

  • User groups with the single.connect.sapm.secondlevel.admin and single.connect.sapm.secondlevel.network.admin portal functions.



single.connect.sapm.secondlevel.admin

Grants rights to give second level approval for all SAPM accounts and view all logs.

single.connect.sapm.secondlevel.network.admin

Grants rights to give second level approval for all accounts of devices defined to the user device group realms.



To set up two-level managerial approval for SAPM password retrieval:

  1. Navigate to Policy Control > Portal Functions.
  2. Set the realm between the SAPM Second Level Admin function group and the user group of the user that will be able to provide second approval for all password retrieval requests AND/OR Set the realm between the SAPM Network Admin function group and the user group of the user that will be able to provide second-level approval for all password retrieval requests related to the devices in their Device Group Realms only.

If a user from these lists approves the second-level request, the requester receives an email and can proceed to password checkout.

If any of the authorizers deny the request, informational emails are sent to all participants, and the request is terminated.