Requests
Approval Policies
Approval policies determine who must approve a user’s access request, and in what order (e.g., first a manager, then the business owner). Use this guide to configure simple or multi-step approvals based on your organization’s needs.
Creating a Policy
- Manager: The request goes to the requester’s manager for approval.
- Application Admins: The request goes directly to the assigned application admins responsible for that app.
- Business Owner: The request goes to the owner of the requested app.
- Individual User: The request goes to a specific user.
Assigning the Policy to Apps
You have two options:- Assign a policy within an application. If no dedicated policy is chosen the ‘Default’ policy will be used.
- Open your approval policies and you can assign an app to each policy.
Handling Out-of-Office Approvers
- If an approver is unavailable, an AccessOwl Org Admin can override approvals on their behalf by opening the access request in the admin interface.
- The system audit log will show who performed the override and which user it was done on behalf of.
Best Practices
Keep It Simple
Avoid adding more approval steps than you need. Manager + App Admin are often enough for critical apps.
Use Auto-Approve for Low-Risk Apps
This cuts down on notification noise and speeds up onboarding for common tools.
FAQ
Can we set a time-based or temporary approval window (e.g., access for two weeks)?
Can we set a time-based or temporary approval window (e.g., access for two weeks)?
Currently, AccessOwl does not offer an automatic expiration feature for approved requests. You can manually revoke or schedule an offboarding event once you no longer need that access.
Does AccessOwl provide automated escalation if an approver doesn’t respond for a certain number of days?
Does AccessOwl provide automated escalation if an approver doesn’t respond for a certain number of days?
Right now, no. You must manually override or reassign approvals. The product roadmap includes potential escalation features in future releases.
Can we apply different approval policies to different user groups or roles automatically?
Can we apply different approval policies to different user groups or roles automatically?
By default, policies apply at the application level. If you need more granular assignment by role or department, consider using separate apps or blocks and attaching distinct policies to each. More advanced user-based policy assignments are under consideration.
Is there a way to lock a policy so even admins can’t override it?
Is there a way to lock a policy so even admins can’t override it?
No. An AccessOwl Org Admin always has the option to override in emergencies.