You can enable a “request and approval” workflow for specific accounts stored in the Privileged Access Service. Users who don’t have access by default can then submit requests to a designated approver who has the authority to grant or deny them access. By enabling a workflow, users can request access to the privileged accounts you specify and, if their request is approved, check out the account password or use the account to log on remotely.
You can also explicitly prevent an account from being available for access requests. For example, you might configure a “request and approval” workflow for all accounts, then identify a few accounts which do not allow access requests.
To enable workflow for a specific account:
- In the Admin Portal, click Resources, then click Accounts to display the list of accounts.
- Click Local Accounts, Domain Accounts, or Database Accounts to select the type of account you want to modify.
- From the list of local, domain, or database accounts, select the specific account for which you want to enable workflow.
- From the account details, click Workflow.
- Select Yes.
- Search for and select an appropriate user, group, or role to approve requests, then click Add.
- Click Save.
For more information about configuring a “request and approval” workflow, requesting access, and approving requests, see Managing access requests.