Configuring multiperson authorization
You can navigate to the in any of the following ways:
Navigate to .
On the Home page, select . In the pop-up, select .
The following table lists the operations that can be performed on an access control policy.
Table:
Operations | Procedure |
|---|---|
Enable access control policy | |
Edit access control policy | |
Disable access control policy | |
Create multiperson authorization policy Note: This can be done only on an SED appliance. | |
Delete custom policy Note: This can be done only on an SED appliance. | |
View multiperson authorization requests | |
Manage multiperson authorization requests |
To enable access control policy
- Navigate to Multiperson authorization.
- Click Enable.
- Confirm the change.
A request is created. Once it is approved, the access control policy is enabled.
You can edit and disable access control policies.
To edit an access control policy
- Navigate to Multiperson authorization.
- Click Edit.
- You can update any of the following fields:
Email addresses: Specify a comma-separated list of email addresses for notifications.
Expire pending requests after: Set the period (in hours) after which any pending requests will expire.
Delete resolved requests after: Specify the period (in days) after which resolved requests will be deleted.
- Click Save.
A request is created. Once it is approved, the access control policy is updated with the changes.
To disable access control policy
- Navigate to Multiperson authorization.
- Click Disable.
- Provide a reason in the pop-up and click Disable.
A request is created. Once it is approved, the access control policy is disabled.
The widget appears on the Homepage when there are one or more pending authorization requests that require user attention. The widget provides a quick snapshot of requests you have submitted as well as requests awaiting your review.
Note:
The counts displayed in the V section on the dashboard and in reflect only active requests. They exclude requests in Done, Rejected, Expired, or Canceled states.
Viewing multiperson authorization requests
- On the Home page, select View requests in the Multiperson authorization widget.
- The Request management page lists all your requests for operations that require multiperson authorization. You can apply filters to view requests that you have submitted, requests sent to you for approval, and to narrow results by time frame or request status.
- Select the request ID to see the request details. The Audit trail tab gives more details on the status of your request.
- Select the Preview request details tab to see the changes that have been made as part of the request.
The requester can cancel his request by selecting Cancel request.
Users with the approver role can approve or reject the multiperson authorization requests.
To manage multiperson authorization requests
- On the Home page, select My actions in the Multiperson authorization widget.
You can also click on the User icon on the top right corner. In the pop-up, select the View authorization request option.
- The Request management page lists all the requests for operations that require multiperson authorization. You can apply filters to view requests that you have submitted, requests sent to you for approval, and to narrow results by time frame or request status.
- Select the request ID to see the request details. The Audit trail tab gives more details on the request. The Preview request details tab to see the changes that have been made as part of the request.
- Select Approve if you want to approve the request. In the Approve request pop-up, provide the reason for approving the request. Click Approve to complete the approval.
Select Reject if you want to reject the request. In the Reject request pop-up, provide the reason for rejecting the request. Click Reject to complete the rejection.
The reason field can contain 8 - 256 characters and may include only alphanumeric characters, spaces, periods, commas, underscores, and dashes.
- The Request details page gets updated with the details.
You can create a multiperson authorization policy only on an SED appliance.
To create a multiperson authorization policy
- Navigate to Multiperson authorization.
- In the Custom policies panel, click Create.
- In the Create multiperson authorization policy window, enter the following details:
Policy name: Specify the policy name.
Expire pending requests after: Set the period (in hours) after which any pending requests will expire.
Email addresses: Specify a comma-separated list of email addresses for notifications.
Exempted accounts: Specify accounts that are exempted from multiperson authorization (if any).
Delete resolved requests after: Specify the period (in days) after which resolved requests will be deleted.
Approvers: Specify the approvers.
Number of approvals: Specify the number of approvals required.
Under Operations, select the operations that require multiperson authorization.
Under Behavior after approval, choose any option:
Automatically: The requested operation will be completed automatically after approval.
Manually: The requested operation will have to be completed manually after approval. Navigate to the Request management page. Select the request and click Complete operation.
- Click Create.
- In the confirmation pop-up, review the information and click Create.
- Click Save.
After the quorum is reached, the request is scheduled by the Flex Appliance and marked as Done after execution.
The new policy details appears on the page.
You can also edit an existing multiperson authorization policy. Click the policy name to open the Edit window. Make the required changes and save the changes.
You can delete a custom policy only on an SED appliance.
To delete a custom policy
- Navigate to Settings > Security and compliance > Multiperson authorization.
- The Multiperson authorization page lists all the custom policies.
- You can delete the custom policy by clicking Delete on the right side of the row.
- Provide confirmation in the pop-up.
A request is created. Once it is approved, the access control policy is deleted.