Process View Requests as an Approver
This content describes how to process dual authorization and retrospective approval password view requests.
capam33
HID_MyApprovalsPanel
This content describes how to process dual authorization and retrospective approval password view requests.
2
Process Dual Authorization Requests
As an approver for a dual authorization password view policy, you can grant, deny, or expire a password view request. You can act on a specific request only once.
When the password view request exceeds the date and time in the request, the request status changes automatically. For example, a password view request start date and time are 2012-11-19 18:06 and the end date and time is 2012-11-19 19:06. After 2012-11-19 19:06, the status of the request that is yet pending changes to Expired. The status of the request that is approved or denied changes to Approved, Expired, or Denied. The status of the request that is checked in or checked out changes to Checked In or Checked Out.
The following methods are different ways to view requests:
2
Handle Requests from My Approval List
Follow these steps:
- Navigate toCredentials,Workflow,My Approvals. A list of requests appears.
- Select a specific pending password view request and select theVIEWbutton.The Password View Request Details page appears.
- After reviewing the reason details in the email, select the appropriate option to approve, deny, or expire the request.
You can also select multiple password view requests and then select
Approve All
or Deny All
.Approve or Deny Requests from the Target Accounts Page
After you receive an email notification of a password view request, review the details in the email. Then, approve or deny the request from the Current Requests section on Target Account page.
You cannot expire a password from the Current Requests section. You must select the entry and must select Expire from the Password View Request Details page.
Follow these steps:
- SelectCredentials,Manage Targets,Accounts. The Account List page appears with a list of current requests.
- Take one of the following actions in the Current Requests section:
- Select the green Thumbs Up icon under the Action column for the appropriate account.
- red Thumbs Down icon under the Action column for the account.The Password View Request Approval pop-up appears.
- SelectApproveorDeny.
- Select the reason to approve the request from the drop-down list.
- (Optional) Enter the reason description.
- SelectSave.
- When you are prompted to confirm the approval, selectYes.
Grant or Deny a One-Click Approval Request
A password view policy might be enabled for dual authorization with one-click approval. When a person attempts to view the account password with these features enabled, Credential Manager sends an email to the approver. The approver can approve or deny the request directly from the received email without logging in to the appliance.
The contents of the email can differ based on the email template configuration. See Configure the Email Server and Email Templates.
The approver can review the reason details in the email then approve or deny the request by:
- Clicking the URL given for approving the password view request. The password view request status is updated to Approved. A web page appears with the approval confirmation message.
- Clicking the URL given for denying the password view request. The password view request status is updated to Denied. A web page appears with the rejection message.
Under the following conditions, the approver might be redirected to an error page:
- The approver is invalid or expired.
- The password view request is invalid or expired.
- The status is invalid.
- The password view request is already approved or denied.
Process Retrospective Approval Requests
As an approver for a retrospective approval password view policy, you can retrospectively acknowledge or decline a password view request. You can act on a specific request only once.
Follow these steps:
- Navigate toCredentials,Workflow,My Approvals. A list of requests appears.
- Select a specific pending password view request and select theVIEWbutton.The Password View Request Details page appears.
- After reviewing the reason details in the email, select the appropriate option to acknowledge or decline the request.
You can also select multiple password view requests and then select
Acknowledge All
or Decline All.
Delete a View Request Using the UI
All password view requests with status Approved, Denied, Pending, Expired, Acknowledged, or Denied are available in the My Approval List. Any password view request that is not required can be deleted from the My Approval List with the UI.
Use the following procedure to delete a request using the UI My Approval List.
Follow these steps:
- Go toCredentials,Workflow,My Approvals. The My Approval List page appears.
- Select the check box corresponding the password view requests to be deleted. SelectDelete.
- When you are prompted to confirm the deletion, selectOK.
Delete View Requests Automatically
You can automate the removal of password view requests using the
Password View Request Delete Interval
Days
setting. For example, if you set the value of the interval for two days, the requests are deleted automatically from the list after every two days. Follow these steps to set the delete interval:
- Go toSettings,Credential Manager,General Settings.
- In thePassword View Request Delete Interval Daysfield, enter the number of days you want view requests removed.
- SelectSave.