Identity Cloud

Request access

In Identity Governance, end users can request access to resources, such as target applications, entitlements, or roles.

You define the resources end users can request by adding them to the access catalog.

An organization works with access requests as follows:

  1. An Identity Governance administrator who can configure access requests can:

    • Define resources requested in the access catalog.

    • Assign owners to each resource. Resource owners become approvers when an end user creates an access request.

    • Optionally, configure custom attributes that end users can use for filtering when they create access requests.

    • Optionally, modify the default workflows for each type of access request. Workflows are referred to as identity orchestration, where, for example, you can set the start date and frequency of emails in a workflow.

      Modifying the default workflow for access request types also defines scripts that control what happens when an access request is escalated. For example, specify that the access request be forwarded to another user if the designated owner of a resource takes too long to approve the request.

  2. After an administrator defines requestable resources in the access catalog, end users submit requests to gain or remove (managers only) access to resources using the end user UI.

  3. Approvers approve or deny access requests — End users configured as the approver (designated owner) to review and approve or reject the request. The items that display to the approver are known as request items.

Copyright © 2010-2023 ForgeRock, all rights reserved.