Access request
The Access request process allows you to define the scope of your access requests. You can easily select who should have access to specific resources or systems using this process. With the Access request process you can:
- Request access for multiple identities simultaneously.
- Request access more simply and intuitively.
- Check your access requests on a new page.
Experience the request access process with Omada Identity Cloud interactive walkthrough. Learn how to perform a manager approval of access requested by one of your subordinates.
Follow these steps to request access:
-
Click Request access tab in the Home page. The page will open, and you will see four steps.
-
Select the identities for whom you want to request access. Click Add to add as many identities as needed.
tipIf you intend to request access for more than one identity simultaneously, they must share the same business context.
-
Select the business context (if it is enabled) and click Next.
-
Search for the systems or resources to which you want to provide access. Click Add to include as many resources or systems as you want. You can also select Show assigned resources to display resources assigned to that identity, if applicable.
tipIf you don't find the resource you are looking for, you can click on Cannot find the correct access? to type the access request manually.
info-
You can edit the resources and choose the desired account type for each resource.
-
The new Access request process will also take into account Auto-account type configuration. A warning will indicate if a resource cannot be added to the request due to a lack of a valid matching account type.
-
View the account type for each beneficiary.
-
Assign the appropriate account type if a beneficiary matches the resource account type.
-
Multibeneficiary account type assignments are also supported.
-
-
Select a reason (if it is enabled) for requesting access and choose a valid date to grant access to the identity from the selected day.
noteSet the Reason field to be optional or hidden entirely. Set the Requires value to False to make the field optional or to True to hide it.
-
On the final step, review and edit identities and resources. Click Next to complete the access request.
To view your active access requests, navigate to the Access tab in the navigation pane. Here, you will find a list of all your active access requests. The Access request tab allows you to receive paged results from the server.
-
It is not possible to request access for technical identities using this new Access request process. If you want to request access for a technical identity please refer to Omada Identity - Legacy Access Request User Guide.
-
If a resource doesn't require attributes but has an assigned account type, the resource will be associated with that account type.
-
Identities can only be assigned a resource if both the identity and the resource share matching account types.
-
Access can be requested for multiple identities only if they share the same business context.
If you are still using the legacy access request, please refer to the Omada Identity - Legacy Access Request User Guide to find more information about it.
When using the filters, please take into account that the search filter operates by matching the first letters of the word you are searching.
Select resources
Assigned resources toggle
On the new Access Request page, we have moved the Show assigned resources toggle to a new settings menu. In this menu, you will find a new toggle called Show popular resources first. To sort resources by popularity, you need to enable context on the Access request form, and make sure the customer setting Access request popularity enabled is set to True. You can access the settings menu by clicking the icon next to the Resources dropdown.
Add attributes
When you request access for a resource that requires attributes, a chip is displayed in the Attributes column. Click on Add attributes to assign the necessary attributes to the resource.
Search filtering
You can use the Enable Search Filtering that lets you choose how you want to view your list of resources in the Resource step when requesting access.
Now when adding resources you will see a Suggested filters section to the search box. These filters are quick tags that help you narrow down your resource search. The section contains chips with possible filters to use. The chips come in two types: System and Resources and each filter chip shows the type and name, for example: System: Omada Identity.
When you start typing in the search field:
-
Filters related to your search appear in the Suggested filters section.
-
You can click on a filter chip to apply it, and the resource list updates based on that filter.
-
You can apply multiple filters of different types, but only filter the same type at a time.
-
You can select two different system filters or two different resource type filters simultaneously.
We limit the number of filter chips to better usability. If you select a filter of a certain type, other filters of the same type hide. They become visible again if you remove that filter from your search.
To change the default values for the Reason field you need to go to Setup > Reason for request.
Eligibility Filtering added to search query - Technical Preview
The Graph API has a new search filtering functionality for Access Request. This change introduces context-based visibility rules for resources, allowing you to pre-filter the resources that can be displayed in Access Request to resources that match the context of the selected identities.
- A resource tagged with Context B and Context C will be visible in search results only if selected beneficiaries are assigned to one or both of these contexts.
- If a beneficiary is added without Context B or context C, the resource will be excluded from the search results.
- Resources without any defined context will always appear in search results, ensuring comprehensive accessibility.
- A warning dialog will appear if you navigate back to step one after selecting resources and attempt to add a new identity. The warning dialog will inform you that the selected resources will be cleared if you proceed.
To access this feature, please ensure that the Enable resource eligibility filtering customer setting is enabled. To do that, go to Set up > Administration > More > Customer settings. Look for the customer setting Enable resource eligibility filtering and set it to TRUE.
Edit contexts in Access Request
You can choose which identity details are shown when you request access. To do that go to Setup > Properties and find the system name AR_CONTEXT, click Edit lookup view and set up the filters you want to appear in the Access Request process.
Now, when requesting access, the identity details displayed will match what you configured in the Lookup view.
Experience the approve access request process with Omada Identity Cloud interactive walkthrough. Learn how to perform a manager approval of access requested by one of your subordinates.
Request access on behalf
You can request access on behalf of another person depending on the authorization role you have. Here, you can see which roles may require access on behalf of another person:
- Administrators: can request access for themselves.
- Auditor: can request access for themselves.
- CIAM end user: can request access for themselves.
- CIAM service user: can request access for themselves.
- Contractor: can request access for themselves.
- Data administrator: can request access for all identities.
- Employee: can request access for themselves.
- Manager: can request access for themselves and the identities they manage.
- Operation administrator: can request access for themselves.
- Password filter: can request access for themselves.
- Platform admin: can request access for themselves.
- Resource owner: can request access for themselves.
- Service desk: can request access for themselves.
- System owner: can request access for themselves.
- User: can request access for themselves.
Request access button
The plus button to request access in the Access Request list view is hidden by default if you don't have the right permissions. You can change that in Setup > Tree structure. Select Access Request (v2) and check the permission Create (create new objects below this object).
Policy and Risk
To enable Policy and Risk checks in Access Request, go to Setup in the left side menu and look for Policy and Risk checks. To enable the Policy and Risk checks, make sure that:
- The Inactive field is unchecked.
- The policy check is set by default. If you want to make it optional, make sure you select Optional in Access Request field.
- The Mode field is set to Simulation or Both.
With the Policy and Risk checks configured, they will automatically run when clicking the Next button on step 2 in the Access Request flow:
If the Policy and Risk check has been configured as Optional in Access Request, then when clicking on the arrow in the Next button, you can manually trigger the Policy and Risk check.
