While provisioning processes can be triggered through the automated user lifecycle management functionality, OpenIAM also provides a self-service portal through which end-users can request access. This request/access functionality is provided through a shopping cart + service catalog design.

  • Applications and application specific entitlements such as membership to an Active Directory group or a role on AWS
  • Profile Role – Role defined for a job/position which grants access to a number of applications which are needed for a particular job

The access request/approval workflows support:

  • Multiple approvers – You can define as many approval steps as you need and you can select common targets such as a supervisor, object owner or admin, and group of approvers
  • Service Level Agreements (SLA) to ensure that tasks are completed in a timely manner so if they are not, they can be escalated to the appropriate person

The access request approval functionality also supports “delegated approval” and “out of office” functionality.