Access Requests
Who this is for
Admins configuring access workflows and end users requesting access.
Goal
Create access requests, route approvals, and complete fulfillment with a clear audit trail.
Prereqs
- At least one connected system
- Resources defined for requestable access
Success criteria
A request moves from created to approved to fulfilled with evidence captured.
Request flows by dashboard
- End User Dashboard (EUD): /request to create requests, /?section=tickets to act on tickets.
- Admin Dashboard: /admin/requests/new to create requests, /admin/tickets to act on tickets.
Steps: create a request (EUD)
- Go to /request.
- Select one or more resources.
- Add a justification.
- Submit the request.
- Verify the request appears in your request list.
Steps: create a request (Admin)
- Go to /admin/requests/new.
- Select the target identity.
- Select one or more resources.
- Add a justification.
- Submit the request.
Steps: approve or fulfill
- Go to /?section=tickets (EUD) or /admin/tickets (Admin).
- Open the ticket.
- Approve, reject, or fulfill based on your role.
- Add a comment for audit evidence if required.
Default configuration
- Use manager approval for sensitive resources.
- Use explicit approvers for privileged access.
When to change it
- If approvals are slow, reduce steps or add group‑based approvers.
Impact and risks
- Approval does not guarantee provisioning. Always verify fulfillment status.
Example
An employee requests “GitHub Write Access.” The manager approves, a fulfillment ticket is completed, and the request is marked fulfilled.
Troubleshooting
- Request stuck in progress: check tickets at /admin/tickets.
- Approval completed but access missing: check fulfillment status and connector health.
Assumptions & Questions
- What are the exact field labels on the request forms for justification and resource selection?
Next steps
- /implement/reporting/audit-evidence-export
- /troubleshooting/connector-failures