Access Request Process Details
This page is a stub, it is a work in progress. |
1. The access request lifecycle
This chapter describes the access request process by listing its actors, displaying the process schema, and describing each stage of the process and each step that can be performed. The process is designed to handle exceptions manually by IGA administrator.
The process description and schema are simplified to be easily adopted by people. Complexity of exceptions in approvals and implementation is hidden.
Following actors are active in the process:
-
Requestor - the person, who created the request for role assignment/removal/modification,
-
Requestee - the person for whom the request is created,
-
Approver - approves or rejects the requests,
-
IGA administrator - troubleshoots failed requests.
Stage | Description | Action needed by | Note |
---|---|---|---|
Preparation |
Requestor creates request and can define its parameters (e.g. validity period). |
— |
— |
Approval |
Approval process the request is running. The request is waiting for one or more approvers. |
Approver |
— |
Rejected |
Final stage - the request was rejected by one of approvers. Nothing was provisioned. |
— |
— |
Processing |
The provisioning (or deprovisioning) of individual components is running. If provisioning requires manual operations (ITSM tickets), the process is waiting till all the tickets are resolved. |
— |
The request is in the processing stage until all components are successfully provisioned, or IGA admin manually resolved the issue and moved the request forward. |
Access granted |
Final stage - the request was successfully processed and access is granted. |
— |
— |
Request failed |
Final stage - when the request failed and IGA administrator was not possible to resolve the failure. |
— |
The inconsistency may be present - e.g. when all but one application roles in business role were provisioned, but one not. And solution for the issue was not found. |
Actual stage | Operation | Target stage | Who can perform | What happens | Notification | |
---|---|---|---|---|---|---|
1. |
— |
Request access |
Preparation |
Requestor |
Requestor can select the role, requestee and can define its parameters (e.g. validity period). |
— |
2. |
Preparation |
Send for approval |
Approval |
Requestor |
Approval cycle is started. |
Requestee, |
3. |
Approval |
Approve |
Approval |
Approver, |
Approval stage is approved and the approval is moved to another stage. |
Next approver |
4. |
Approval |
Cancel |
Cancelled |
Requestor, |
Request is moved to Cancelled stage. |
Requestor & requestee |
5. |
Approval |
Reject |
Rejected |
Approver, |
Request is moved to Rejected stage. |
Requestor & requestee |
6. |
Processing |
— |
Access granted |
— |
Automated step. |
Requestor & requestee |
7. |
Processing |
Manually resolve |
Access granted |
IGA administrator |
Just administrative closure of request that is in error state - in case that troubleshooting was successful. |
Requestor & requestee |
8. |
Processing |
Manually close |
Request failed |
IGA administrator |
Just administrative closure of request that is in error state - in case that troubleshooting was NOT successful. |
Requestor & requestee |
The user, who pushed the button is excluded from notification. |