Approval configuration
There is a fixed list of operations for which different approval levels can be set. Thanks to the possibility of defining metadata for a specific action, it is possible to set the approval level granularly enough (practically down to the level of the value of the selected field). Approval can be set for a specific person, or group of persons, or self-approval by specifying an OTP.
Available actions for user with appropriate privileges: |
New approval operation configuration |
||
Display metadata for specified approval operation - metadata are parameters that could be used for the more precize definition of approvable configurations |
||
Create specific configuration of approval process. E.g. add approval by group or specific user (beside OTP approval) Note: approval configuration can be modified only if there is no active approval task waiting for approval. |
||
Create even more detailed configuration of approval process E.g. add specific configuration for onboarding user to specific group to be approved by specific user Note: new rule can be created or adjusted only if there is no active approval task waiting for approval. |
||
Delete action - button is available only in case that there is no active approval request pending on the specific action. E.g. when onboarding approval is waiting for the decision of more user from specific group, the onboard_user action can't be deleted. |
List of actions for which the approval can be set: |
Onboard user |
approval of the onboarding action done from Selfservice or Operational console - approval is done before the user gets the invitation email |
Delete user |
approval of deleting user from the list of users in Operational console |
Selfservice token operation |
approval of the enrollment of the new token, disable or delete operations in the Selfservice |
Unenroll user |
approval of un-enrolling user from the list of users in Operational console |
Delete approval action |
approval of the deletion of the approval action |
vSEC card revoke |
approval of the revoking of the vsec card done from list of vsec cards in Operational console |
Toggle approval configuration |
approval of the disable or enable of approval configuration within the approval action |
Operational console token operation |
approval of the enrollment and other operation on tokens done on behalf (by operators) |
Assign / Unassing ANT ID group |
approval of assigning or unassigning of internal groups done by operators from operator console |
User field operation on behalf |
approval of actions on user field done by operators from operator console |
User field operation |
approval of actions on user fields done by user on Selfservice portal |
Assign / Unassign external group |
approval of assigning or unassigning of external groups done by operators from operator console |
Basic rules for approval configuration: |
1 |
Every predefined action can be set as approvable action |
The list of actions is predefined. |
|
2 |
Every action can have multiple approval configurations. |
Depend on needs of specific client. |
|
3 |
Every configuration can have own set of rules. |
Rules are based on metadates predefined for every action |
Approval process:1. When a user/operator requests one of above described actions in ANT ID, the system collects the relevant metadata. 2. The system will check if there is any rule related to the approved action where the metadata matches the rule definition. - If so, then the configuration containing the specific rule is activated and ANT ID requests approval of the action -> requests OTP or sends an email to the approver/group of approvers - If no, then the configuration is activated at a general level and ANT ID requests an approval action -> requests an OTP or sends an email to the approvers/approval group. |
Go to Examples of configuration of approval process page.
Create an operation for approval |
1 |
Open the Approval configuration menu option in the TAC menu. |
|
2 |
Press button Add operation [ ] to add new approvable operation |
|
3 |
Use operation from the list and press Add button. Notes:
|
View metadata |
1 |
Open the Approval configuration menu option in the TAC menu. |
|
2 |
List of approval operations will be displayed. |
|
3 |
Use menu option View metadata [ ] from the context menu [ ] of desired operation to display the list of metadata. |
Create an approval configuration of operation |
1 |
Open the Approval configuration menu option in the TAC menu. |
|
2 |
List of approval operations will be displayed. |
|
3 |
Use the button to expand the row of the table to display all approval configurations.
|
|
4 |
Press button Add configuration [ ] on the right side of the expanded table. |
OTP: User: Group: None: |
5 |
The creation form will be opened. Parameters of configuration:
|
|
6 |
Press button Add and new configuration item will be displayed in the list of configurations |
|
7 |
Configuration is created inactive (and only inactive configration is ready to be changed or deleted) - to activate the configuration press button Activate [ ] from the context menu of the new configuration. |
|
8 |
The approval configuration is finished and will be aplied in the process. |
|
Create metadata for configuration |
1 |
Open the Approval configuration menu option in the TAC menu. |
|
2 |
List of approval operations will be displayed. |
|
3 |
Use the button to expand the row of the table to display all approval configurations |
|
4 |
Click on the row of the desired approval configuration. |
|
5 |
The drawe with the detail of the configuration approval will be opened. On tab Rules will be all metadata configurations set on the approval configuration. |
|
6 |
Press Add buttom in the Rules tab. |
|
7 |
Select Metadata, Operation and Value Parameters of rules:
|
|
8 |
Press Add button when it is done to save the Rule. |
|
Delete approvable operation |
1 |
Open the Approval configuration menu option in the TAC menu. |
|
2 |
List of approval operations will be displayed. |
|
3 |
Use menu option Delete [ ] from the context menu [ ] of desired operation to display the list of metadata. |
|
4 |
Confirm the confirmation message and press DELETE button to remove the operation. From this moment all actions of the removed operation will not be involved in the approval process. |