After you enable work flow for privileged account access requests, users can request access to the privileged local, domain, database, or service accounts that you specify. If the request is approved, the user can then check out the account password or use the account to log on to a system, domain, or database remotely.
Users requesting access must still be assigned to a role with Privileged Access Service Administrator or Privileged Access Service Power User administrative rights and have View permission to see the systems and accounts that are available in the Privileged Access Service. If they are a member of a role with one of these rights, however, they can search or browse for systems and accounts, then submit a request for login or password checkout access to a designated approver. The “approver” might be a specific user or any member of a specific role. If you configure a role as the approver, the first member to respond to the request is given the authority to approve or reject the request.
The following topics describe how to configure request and approval workflow for account access requests, how to use a workflow to request account access, how to approve or reject a request, and how to view and manage requests that are being processed:
- Authorizing global approval for access requests
- Configuring a request and approval workflow
- Creating roles for workflow administration
- Requesting password checkout access
- Requesting login access
- Responding to access requests
- Viewing request status and history
- Viewing request details
- Deleting requests