When a user requests something you own, you'll be notified that you should review the request. If you approve it, the request will move forward. But if you deny the request, it's immediately stopped and the access isn't granted. You can even reassign an access request to someone else.
On each access request card, you can see the following information:
- The name of the requested access profile or role.
- The date the access was requested.
- The name of the user who will receive the access if this request is approved.
- Who requested the access (either the recipient themselves or someone else on their behalf).
- If granting the request would put the recipient in violation of one of your company's separation of duties policies, a warning icon, and a Review Violation button.
When you receive an access request, you will receive an email notifying you that you must review access. Follow the link in the email or follow the steps below.
If you are a member of a governance group and you are added to a group after a request is made, you will not receive that request. If someone else in the group has already reviewed the access request, it will disappear from your list, as only one person per group needs to approve or deny access.
Reviewing an Access Request
1. Sign into IdentityNow and go to Approvals.
2. Under Requested Items, select the request card. Details about the request will appear on the right side of your screen.
3. Review the following information as required and determine whether the user needs access:
- Violation: When applicable, this tab contains details about the policy or policies that would be violated if this access request were approved. Click the name of the policy to see more information, including who to contact with questions about the policy.
- Access Item: This tab contains the item's Description, Type, Role Owner, and Created date
- Comments: When applicable, this tab contains any comments associated with the access request.
4. Select Approve or Deny.
If you approve this access, one of the following things can happen next:
- If you are the final reviewer in the queue of users who need to review this access, manual or automated provisioning will begin.
- If more users need to review this access, the access request is sent to the next reviewer in the queue.
- If the access request has an expiration date and is approved after that date has passed, the request will be cancelled and the requester will not be granted access.
If you deny the request, the following happens:
- The approval process ends. Even if there are multiple reviewers in the queue, only one reviewer needs to deny access.
- If a dialog appears asking you for comments, enter the reason you are denying the request. You can enter up to 500 characters. This feature is supported on tablets and desktop devices.
If you believe someone else would be able to review this access better than you, you can reassign an access request to them.
6. To see access requests you've already approved or denied, select the Reviewed Items tab. You can then select the original request card to see details or comments from you, the original requester comments, or reassignment related comments. This information is preserved indefinitely.
Reassigning an Access Request
1. Sign in to IdentityNow and go to Approvals.
2. Under the access request you need to reassign, select the Reassign icon.
3. Under Reassign To, enter the name of the new reviewer.
4. Under Add Comments, enter the reason you're reassigning this access request to the new reviewer or any other comments related to the request.
5. Select Reassign.
The access request leaves your queue and is sent to the new reviewer. The new reviewer receives an email notifying them that the access request has been reassigned to them.