Case#1: approval of token operations - self approval - approval by OTP

  • most common type of approval, this instructions could be applied on any type of approvable actions - OTP
  • instructions:
    1. create approvable operation
    2. set OTP type of approval


Case#2: approval of deleting user - configuration for specific user to approve deletion of the user from specific group

  • common type of approval for actions done by operators - USER with rules
  • instructions:
    1. create approvable operation
    2. remove/deactivate default configuration
    3. set new USER type configuration of approval for specific user with specific rules


Case #1 - Approval of token operations - self approval by OTP

1

Open TAC / Approval configuration


2

Add new operation

3

Choose action SELFSERVICE TOKEN OPERATION and press button Add

4

Configuration for SELFSERVICE TOKEN OPERATION action will be added in the list of Approval configuration

5

Click on the row to expand the approval configurations of the operation

6

In the configuration section is deafult approval configuration:

  • Action OTP
  • Status ACTIVE

7

Approval for main token operations of the user is done - if user wants to enroll new token, disable or delete current tokens he will be asked for the approval by OTP.




Case #1 - Deleting user - approval by group with exception for specific user (Head of ...)

1

Open TAC / Approval configuration


2

Add new action

3

Choose action DELETE USER and press button Add

4

Configuration for DELETE USER action will be added in the list of Approval configuration

5

Click on the row to expand the approval configurations of the operation

6

In the configuration section is deafult approval configuration:

  • Action OTP
  • Status ACTIVE

7

Disable OTP type configuration - press Deactivate [ ] button from the context menu of the OTP configuration.

8

The OTP will be disabled and can be adjusted (and activated again or deleted).

9

Press the button Add [ ] to add configuration for exception for specific user.

  • Priority = 1
  • Approval type = User
  • User = username of specific user

10

Click on the row of the newly added approval configuration (User) to display the drawer with the details of the configuration.

11

Press the button Add [ ] to add Rule for exception for specific user.


12

Add new configuration:

  • Metadata ID = target_user_group
  • Operation = Contains
  • Value = specific group


And press Add button to save the Rule

13

Activate the configuration by pressing the Activate [ ] button from the context menu of the User type approval configuration.


14

The configuration is finished

From now on when anybody wants to delete the user then the system checks the approval configuration by priorities - if the subject of the deletion is from group External users then the approval request will be triggered for the user ext-kom-pk. Deletion of other users from other groups will not be involved in the approval process.