To simplify the process of configuring a “request and approval” workflow for privileged accounts, you can enable workflow as a feature that applies to all accounts stored in the Privileged Access Service. You can then select a single user or role to approve all login and password checkout requests. You can also use this global setting in conjunction with account-specific settings to selective restrict access requests for some accounts or modify the user or role with approval authority.
To configure workflow for all accounts:
- In the Admin Portal, click Settings, then click Resources to display the settings available for the Privileged Access Service.
- Click Global Account Workflow.
- Select Enable Workflow for all accounts.
- Click Select and type a search string to search for and select a user or role with authority to approve login and password checkout requests, then click Add.
- Click Save.
After you have configured the workflow for all accounts, users with Privilege Service Power User rights can request login and password checkout access for the accounts stored in the Privileged Access Service. You can use account-specific settings to override the global workflow. For example, you can use account-specific settings to prevent access requests for some accounts or to modify the user or role with approval authority.