Skip to content

Access Request Overview

Users can submit access requests to get access to the applications or business roles they need to perform their jobs. As an administrator, you’ll set up access requests for users and configure approval processes for these requests.

Understanding Access Requests

Before you get started, learn more about the access request process:

  1. Administrators set up access requests.

    An administrator may complete the following tasks to configure access requests:

    • Configure requestable items.
    • Set the approval process for access requests.
    • Define segments to specify who can submit access requests.
    • Set global site settings like email notifications and reminders for reviewers.
  2. Users submit access requests.

    Users can submit access requests to obtain access to applications, entitlements, and roles. These requests can be submitted for yourself, others, or your team members.

    Note

    Users can include an expiration date when they submit access requests. On this date, IdentityNow triggers the deprovisioning process at 12:00 AM in the time zone set on the requester’s browser.

    Expiration dates can include a time component when they are submitted through IdentityNow’s API with the Submit an Access Request endpoint. The time is included as part of the removeDate attribute.

  3. Reviewers approve or deny access requests.

    If access requires approval, users will review access requests that other users have submitted. The reviewer can approve or deny these requests.

    If approved, the access to the application or access item is granted. The user will retain this access until the access expires or is revoked.

  4. If an expiration date was specified, IdentityNow initiates revocation as scheduled.

    If IdentityNow is directly connected to the source system, the access is automatically deprovisioned.

    Note

    The expiration date is not sent to the source system as an account attribute.

    If IdentityNow is not connected to the source system, a manual task to remove this access is created and assigned to the source owner. The source owner removes this access in the source.