While provisioning processes can be triggered through the automated user lifecycle management functionality, OpenIAM also provides a self-service portal through which end-users can request access. This request/access functionality is provided through a shopping cart + service catalog design.
- Applications and application specific entitlements such as membership to an Active Directory group or a role on AWS
- Profile Role – Role defined for a job/position which grants access to a number of applications which are needed for a particular job
The access request/approval workflows support:
- Multiple approvers – You can define as many approval steps as you need and you can select common targets such as a supervisor, object owner or admin, and group of approvers
- Service Level Agreements (SLA) to ensure that tasks are completed in a timely manner so if they are not, they can be escalated to the appropriate person
The access request approval functionality also supports “delegated approval” and “out of office” functionality.