Skip to content

Configuring Machine Account Requests

You can configure machine account requests to better track and govern your organization’s machine accounts and identities.

Managing Machine Account Deletion Requests

As an administrator, you can set approval processes for machine account deletion requests to mitigate possible risks.

Setting Approval Process Per Source

You can define the approval process for the deletion of machine accounts at the source level. By default, approval settings are enabled, and the source owner is the designated reviewer.

  1. Go to Admin > Connections > Sources.

  2. Select the source you want to configure.

  3. In the Machine Accounts section, select Approval Settings.

  4. In the Machine Account Deletion Requests panel, ensure the Requires Approval option is enabled.

  5. In the Approvers section, choose whether the request will be reviewed by a single approver or multiple approvers:

    • Single Approver

      • Select Single from the Approval Type field.

      • Select the type of reviewer from the Reviewer Category field. You can select from the following options:

        • Account Owner - The owner of the machine account reviews the request.
        • Requester's Manager - The manager of the user who submitted the request reviews the request.
        • Source Owner - The source owner reviews the request. This is the default reviewer.
        • Governance Group - The selected governance group reviews the request. Only one identity in the governance group is required to approve the request.

    • Multiple Approvers

      • Select Multi-Step from the Approval Type field.

      • In the Reviewers section, select Add Reviewer.

      • Configure the approval policy by taking the following actions:

        • Select the types of reviewers from the Reviewer Category field. You can select from the following options:

          • Account Owner - The owner of the machine account reviews the request.
          • Requester's Manager - The manager of the user who submitted the request reviews the request.
          • Source Owner - The source owner reviews the request. This is the default reviewer.
          • Governance Group - The selected governance group reviews the request. Only one identity in the governance group is required to approve the request.

        • Add additional reviewers by selecting Add Approver.

        • Remove reviewers by selecting the Delete icon .

        • Move a reviewer’s tile to change the order the approvers will review the request.

        Note

        All reviewers must approve the request for the deletion to be approved. If one reviewer denies the user’s request, the request is denied.

  6. Select Save to save the approval process.

    If the approval process requires changes, select Edit Approvers. You can add or remove approvers and rearrange the order in which they will review the request.

  7. Choose whether comments are required when reviewers approve or deny account deletion requests.

  8. Select Save to save these approval settings.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.