Approval Request Process in IAM

 


 

 Approval Request Process in IAM:

The Approval Request Process is a structured workflow that ensures access requests go through proper validation before granting permissions. This helps organizations maintain security, compliance, and access governance.

     Steps in the Approval Request Process:

  1. User Initiates Request – A user submits a request to gain access to a specific resource, application, or role.
  2.  Manager Review & Approval – The request is sent to the user's manager for validation.
  3.  Second-Level Approval (if needed) – Additional approvals may be required (e.g., security team, compliance team, or application owner).
  4.  Escalation (if no response) – If the approver does not take action within a set timeframe, the request is automatically escalated.
  5.  Final Decision – The approvers either approve or reject the request. If approved, the requested access is granted.
  6.  Audit & Logging – The entire process is recorded for security and compliance tracking.

 Detailed Workflow:

1️⃣ Single-Level Approval Process with Escalation


    A[ User Submits Access Request] --> B[πŸ‘¨‍πŸ’Ό Manager Reviews Request]
    B -- Approve --> C[✅ Access Granted]
    B -- Reject --> D[❌ Access Denied]
    B -- No Response (48hrs) --> E[⏫ Escalation to Manager's Manager]
    E --> F[πŸ‘¨‍πŸ’Ό Manager's Manager Reviews Request]
    F -- Approve --> C
    F -- Reject --> D

Explanation:

  • User Submits Request (A): The process starts when a user submits a request for access.
  • Manager Reviews Request (B): The request goes to the direct manager for a decision.
  • Approval/Reject:
    • If approved, access is granted (C).
    • If rejected, access is denied (D).
  • No Response Escalation (E & F):
    • If the manager does not respond within 48 hours, the request is escalated to the manager's manager (E).
    • The manager's manager then reviews and either approves (C) or rejects (D).

2️⃣ Multi-Level Approval Process


    A[πŸ“₯ User Submits Access Request] --> B[πŸ‘¨‍πŸ’Ό Manager Reviews Request]
    B -- Approve --> C[πŸ”Ž Salesforce Admin (or User Group) Reviews Request]
    B -- Reject --> D[❌ Access Denied]
    B -- No Response --> E[⏫ Escalation to Manager's Manager]
    E --> C
    C -- Approve --> F[✅ Access Granted]
    C -- Reject --> D
    C -- No Response --> G[⚠️ Escalation or Auto-Reject]

Explanation:

  • User Submits Request (A): Raphael, for example, submits an access request for a sensitive system.
  • First-Level Approval (B):
    • Her manager reviews the request.
    • If approved, it moves to the next level (C).
    • If rejected, the process stops (D).
    • If there is no response, it escalates to the manager’s manager (E), who then forwards it to the Salesforce Admin.
  • Second-Level Approval (C):
    • The Salesforce Admin (or a designated user group) reviews the request.
    • If approved, access is granted (F).
    • If rejected, access is denied (D).
    • If there is no response, the system can either escalate further or auto-reject (G).

      • 🌟 Key Points to Remember:

      • Timely Responses: Setting a clear timeframe (e.g., 48 hours) ensures that requests don’t stall.
      • Escalation Paths: Automatically escalating non-responsive approvals helps maintain momentum and avoids bottlenecks.
      • Multiple Checks: Requiring multiple approvals increases security, especially for sensitive systems.
      • Audit Trail: Every step is logged to provide accountability and support compliance audits.

        Why is the Approval Request Process Important?

        Ensures security – Prevents unauthorized access to sensitive systems.
        Maintains compliance – Meets regulatory requirements (e.g., SOX, GDPR).
        Reduces risk – Ensures access is granted only when necessary.
        Enhances accountability – Creates a clear audit trail.

Comments

Post a Comment

Popular posts from this blog

Accounts in Salesforce 🏒

Image
  Salesforce Sales Cloud - Understanding Accounts 🏒 What is an Account in Salesforce? πŸ€” An Account in Salesforce is like a folder that stores information about a business or an individual you are dealing with. Think of it as a contact list for businesses or customers that your company interacts with. Real-Life Example Imagine you own a furniture business πŸ›‹️. You sell to both companies (like a hotel chain) and individuals (like a homeowner). If you are selling to a company , the company (e.g., "Luxury Hotels Ltd.") is an Account in Salesforce. If you are selling to an individual , that person (e.g., "John Doe") is also an Account in Salesforce but treated as a Person Account (more on this later). Important Fields in an Account and Their Uses πŸ“‹ Each Account contains fields that store specific information. Here are some important ones: Account Name 🏷️ – The name of the business or customer. (e.g., "Luxury Hotels Ltd.") Account Type 🏒 – Define...
Read more

πŸ’₯Important points to know about role in salesforce πŸ’₯

Image
1,  Role is optional in Salesforce but at what scenario role is necessary ? πŸ’₯ In Salesforce, the Role field is technically optional, but it becomes necessary in    certain  scenarios, particularly for security, sharing, and reporting purposes. Here are the few key  situations where a Role is required and highly recommended. with out   R ole you can not achieve below.  Role-Based Sharing Rules  If your organization uses Role Hierarchy to control data visibility, assigning a role is essential. Records owned by users with a higher role can be made visible to those in lower roles, but without a role, users might not be included in these sharing rules.  Organization-Wide Defaults & Record Access  When OWD is set to Private or Public Read-Only , users without a role may not get proper access to records unless explicitly shared. Users with roles can inherit access based on the hierarchy. Reports & Dashboards  Role-based fi...
Read more

What is contract in salesforce πŸ“œ

Image
  Understanding Contracts in Salesforce πŸ“œ Welcome to Salesforce! If you’re new to the platform, don’t worry—I’ll explain Contracts in a simple, engaging, and easy-to-understand way. Think of contracts as the formal agreements between your company and your customers that define the terms of a business deal. Let’s dive in! πŸš€ What is a Contract in Salesforce? πŸ€” A Contract in Salesforce is a record of an agreement between your company and a customer. It helps track details such as: ✅ Start & End Dates – When the contract begins and ends. ✅ Terms & Conditions – The rules both parties agree to. ✅ Status – Whether the contract is still in negotiation, active, or expired. Real-life Example: Imagine you run a software company that sells subscriptions. A client subscribes to your software for 12 months. The signed contract ensures they pay monthly and receive updates, while you guarantee service for the duration. Why are Contracts Important? πŸ”‘ Contracts help bu...
Read more