Approvals and Approval Profiles

When a vendor rep's access to the server or applications has expired the next time they log in they are placed into an approval queue.

This section contains the actions to review and approve requests, and the approval profiles you can configure for your vendors and applications.

Review and Approve Requests

To access the approval queue, hover the Admin menu and locate the Approval Requests option from the drop down. This page contains three types of approval queues:

  • Users Requesting ApprovalVPAM users that raise an approval for acces to an application that they don't have access.

  • Vendor Requests: Vendor reps' requests to access the server or an application.

  • Application Requests: Vendor reps' or VPAM users' requests to create a new application.

Click Modify Status to approve or deny the requests in each queue. Some requests may have a request message.

For Users and Vendor Requests, you can:

  • Enable Access indefinitely

  • Enable for a certain time

  • Deny User access

You can also send an optional message to the Vendor Rep and your Users depending on your reason for approving or denying access. This message is included in an email notification to the representative.

Approval Profiles

Approval Profiles are custom forms that administrators and Vendor Reps in the Email Notification List of the Vendor configuration must complete before granting access to applications. To create your own Approval Profiles:

  1. Create a New Approval Profile with a unique name and description.
    You can immediately set it as the Default Profile.

  2. Save the Approval Profile.

After you save this profile, the system enables you to create custom fields and assign Vendors to this profile.

Internal Access for Internal Users (New UI Feature Only)

In the new User Interface, when you create or edit an Application, you can set an Internal Access rule that forces the VPAM Internal User to raise an access request before granting them access to the application. This sections contains the requirements and process to set the Internal Access rule.

To use the Internal Access feature, consider the following requirements:

  • This feature requires additional licensing.
    Contact your Imprivata representative for more information.

  • The feature is only available in the for VPAM servers version 25.1.6 or above.

  • The feature can only be accessed by system administrators.

  • If you are using departments, each Department you set must have at least one user with the APPROVE_INTERNAL_USER_APP_ACCESS permission.

  • Your User must be part of the same department as the Application they require access.

If you do not meet any of these requirements, your Internal Access configuration will fail.

Configuring the Internal Access feature at a server level enables you to protect all your applications simultaneously by enforcing your internal users to request access to applications. To configure the feature at a server level:

  1. Open the System Administration tab.

  2. Select Access Management.

  3. Select Internal User Access.

  4. Select the Require approval for Internal Users when connecting to Applications based on the Application's Department option.

After you leave the tab, all applications in your VPAM server will demand internal users to raise an approval request.

Read the Approvals and Approval Profiles for information on how to configure the requests.

IMPORTANT:
Configuring Internal Access at a Server Level enforces the request requirement on all applications. After you configure at a server level, you can configure exceptions to the requests at a User Group Level or use the User Group Level configuration to enforce the Internal Access feature on a limited number of User Groups only.

Configuring the Internal Access feature at the User Group level enables you to enforce a single User Group to request access to applications. To configure the feature at the User Group level:

  1. Open the User Management tab.

  2. Select the User Group that you want to configure to enforce Internal Access.

  3. Click Edit from the User Group Information section.

  4. Select the Require approval for Internal Users when connecting to Applications based on the Application's Department option.

After you Save Changes, that specific User Group will have to raise an approval requests to connect to the applications they have access to.

After you configure Internal Access, the impacted Users (by User Group or by server-level configuration) are now required to request access before connecting to an application.

The internal user can request access by:

  1. Locating the application they want to access in their VPAM interface.

  2. Clicking the Request Access button on the application they want to connect to.

After they complete the Access form, the requests is sent to the department approver.

Department Approvers are users who belong to the same department as the application or belong to the same User Group that raises the requests and have the APPROVE_INTERNAL_USER_APP_ACCESS permission. Additionally, all System Administrators can review all access requests in the VPAM server.

To manage the requests, Approvers or System Administrators can open the Requests tab. For Approvers, only requests that are assigned to them appear on the list. For System Admins, all the requests are available. The available actions for requests are:

  • Enable access now: Provide indefinite access to the internal user.

  • Enable access for: Provide access by a limited time in minutes, hours, or days.

  • Enable access until: Provide access and set the expiration date.

  • Deny User Access: Reject the request.

  • Disable Account: Reject the request and block the user's account.