When you configure a role in Apporetum, you define the guardrails that will limit who can be provisioned with the role and for how long.
All applications and roles will have their own requirements, which can be simple or complex. But, if you get the system to enforce them, then everything else becomes easy.
Set who can be given a role
Choose who in your organisation can be provisioned a role, including your external partners.
Set start and end dates
Allocate timebound access to any user.
Set friendly names for roles
You can configure user friendly names and descriptions for roles so the access administrator can be sure they are provisioning users to the correct role.
Flag a role as sensitive
Let the service desk know this role needs them to double-check or triple-check their work.
Require an additional approval of a role
If you require the approval of a role assignment, Apporetum supports this workflow.
Show warning messages
Granting a role may have other implications (such as triggering licensing costs in an application). Set custom warning messages to appear when granting roles, to avoid running into issues.
Find answers to commonly asked questions about Apporetum Access Manager
With Apporetum you can limit which users can be provisioned which role based on the organisation they belong to. Some roles may only be available to internal staff, others may be available to only managed service providers, and others might be anyone. Of course, you can have any combination as well.
With Apporetum, you can set the maximum duration an entitlement is provisioned before it needs to be revalidated. If this period is reached without revalidation, it will be automatically removed.
Users will not lose their entitlements if the guardrail is changed and they no longer satisfy the conditions. They will, however, be flagged for review through a reconciliation process. This way organisations can introduce rules without affecting access if they are not sure how many existing users may be impacted by the change.