Approval Policies
Approval policies determine who must approve a user’s access request, and in what order (e.g., first a manager, then the business owner). Use this guide to configure simple or multi-step approvals based on your organization’s needs.
Creating a Policy
- Manager: The request goes to the requester’s manager for approval.
- Application Admins: The request goes directly to the assigned application admins responsible for that app.
- Business Owner: The request goes to the owner of the requested app.
- Individual User: The request goes to a specific user.
- Manager: The request goes to the requester’s manager for approval.
- Application Admins: The request goes directly to the assigned application admins responsible for that app.
- Business Owner: The request goes to the owner of the requested app.
- Individual User: The request goes to a specific user.
-
First to respond
If multiple admins are assigned to an application, any one of them can approve. -
Everyone must approve
Everyone in the step must approve before it’s finalized (Note: only available in certain plans).
You can add as many approval steps as needed. For example, you can have the Manager approve first, and then an Application Admins as a second step.
Assigning the Policy to Apps
You have two options:
- Assign a policy within an application. If no dedicated policy is chosen the ‘Default’ policy will be used.
- Open your approval policies and you can assign an app to each policy.
Handling Out-of-Office Approvers
- If an approver is unavailable, an AccessOwl Org Admin can override approvals on their behalf by opening the access request in the admin interface.
- The system audit log will show who performed the override and which user it was done on behalf of.
Best Practices
Keep It Simple
Avoid adding more approval steps than you need. Manager + App Admin are often enough for critical apps.
Use Auto-Approve for Low-Risk Apps
This cuts down on notification noise and speeds up onboarding for common tools.
FAQ
Was this page helpful?