Configuring global secret workflow

To simplify the process of providing retrieve secrets workflow for secrets, you can enable secrets workflow as a feature that applies to all secrets stored in the Privileged Access Service. You can also use this global setting in conjunction with secret-specific settings to restrict access requests for some secrets or modify the user or role with approval authority.

To configure workflow for all secrets:

  1. In the Admin Portal, click Settings, then click Resources to display the settings available for the Privileged Access Service.
  2. Click Secrets Workflow.
  3. Select Enable Workflow for all Secrets.
  4. From the Approver List, select either Requestor's Manager or Specified User or Role.

Note:   If using Requestor's Manager approver, and the requestor has no manager, you can select automatically approve, deny, or route to another user/role.

  1. Click Add and select user and role.
  2. Once added, click Save.

After you have configured the workflow for all secrets, users with Privilege Service Power User rights can request retrieve access for the secrets stored in the Privileged Access Service. You can use secret-specific settings to override the global workflow. For example, you can use secret-specific settings to prevent secret retrieve requests for some secrets.