Requests
The RapidIdentity Requests module provides organizations with an exception-based access request method. It serves as a self-service function for requesting access to an application or system or an elevated level of access to an application or system by its users. Known as Workflow in the Legacy user interface, The Requests module provides an interface to view and configure entitlements, tasks, and workflows.
Users can view two different Requests interfaces in the new Requests module: Entitlements and Tasks.
 |
Entitlements
The Entitlements section contains two categories: My Entitlements and Catalog.
An Entitlement is an abstracted representation of one or more levels of access to one or more systems. Entitlements are managed within RapidIdentity by an administrator or a user with added permissions. An Entitlement assignment to an Identity should result in RapidIdentity updating that system to enable the appropriate access for the recipient when granted. An Entitlement can represent an Account, Memberships (group or roles) and/or Permissions in a local system.
Entitlements can include various configurations that can help define its function and the person or groups, along with specific attributes who can request them.
My Entitlements
The My Entitlements interface allows users the ability to view details associated with any entitlements that have ever been requested on behalf of the user and the current state of each request. The initial view displays the expiration date (if applicable) of the entitlement, along with the categories that they pertain to and the data classification. My Entitlements displays all entitlements, in which action has previously been taken on. This includes each time an entitlement has been granted, revoked, denied, failed, or if it is pending.
Users can choose either of two display options to view entitlements: List or Grid.
The List view provides an entitlement table allowing users to view the entitlement expiration date, category, and data classification.
Users can also click History to view their history with a particular entitlement and Details to view any configured information provided with that entitlement or with the entitlement request.
The list view also provides icons to display the status of an entitlement request.
See Table 1 for a list of icons and their descriptions.
Icon | Icon Status | Icon State Description |
|---|---|---|
 | Not Associated | Whitespace is used to indicate that there is no association between the user and the entitlement. |
 | Revoked | The undo icon is used to indicate that an entitlement has been revoked. |
 | Pending | The rotate right icon is used to indicate:
NoteThis icon indicates that this entitlement request is pending additional action from an administrator or user with permissions. |
 | Granted | A check icon is used to indicate:
|
 | Grant Denied | An X icon is used to indicate:
|
When an entitlement is selected, the user has the ability to view its History, or Revoke it, depending on its status. Additionally, active entitlements can be revoked by clicking the Revoke button located at the end of the row that houses the entitlement. Details can also be viewed from this location. The user also has the ability of printing a list of all of their entitlements in the My Entitlements section by clicking the Print button.
The Details section contains two tabs: Details and Entitled Users.
 |
The information found in the details section is dependent on the information that was included while being created.
Table 2 displays the fields commonly displayed in the Details tab and a brief description.
Field Name | Description |
|---|---|
Icon | Icon associated with the entitlement. |
Name | Name provided as an entitlement descriptor. |
Description | A brief description of the entitlement. This element will display if the entitlement was initially provided a description. |
Status | The status of the entitlement in association to the user. |
Request Start Date | Displays the date in which the entitlement was initially requested by the user. |
Request End Date | Will display the time the entitlement request was approved, denied, or revoked. |
Owners | Displays the owner of the entitlement. |
Categories | Displays categorization of the entitlement. |
Data Classification | The Data Classification associated with the Entitlement. This is predetermined during the creation of the entitlement and will display who has access to view the entitlement. |
Approval History | Displays the history of the approval and its associated comments, if any. If the entitlement requires a manager approval, this will step will also be displayed as it gets approved. |
Catalog
The Catalog interface allows users to request and view details of entitlements.
The user can only request those entitlements that show available to request.
Entitlement Status Symbol | Symbol Function | |
|---|---|---|
| The "eye" symbol indicates that the entitlement is active. | |
| The "strikethrough eye" indicates that the entitlement is inactive. |
The checkbox allows an entitlement to be selected. The Request button appears in the footer when one or more entitlements are selected at a given time.
Entitlement details can be viewed by clicking Details.
 |
The Details section displays the icon, name, description (if one was provided), owners, data classification, and expiration date (if applicable) of the entitlement.
Request an Entitlement
Entitlements can be requested in the Catalog interface. The overall functionality is similar to the Requests tab in the RapidIdentity Portal Workflows module in the legacy user interface, with the primary exception being that Requests is now accessed through the Module Selector in the Top Navigation Bar, rather than as a tab under the Workflows module.
Follow these two steps to request an entitlement.
Adding text and comments to the request is optional. Click Request.
Select an entitlement and click Request.
More than one entitlement can be requested at a time. Users can select multiple entitlements and click Request. The Request dialog allows each entitlement to be requested separately and users can optionally add comments to each request.
 |
Request Log
The Request Log displays each of the steps performed by an entitlement request. These are useful for troubleshooting a failed workflow or researching actions taken by a particular user. The example below shows a Time Off Request entitlement that has been granted through RapidIdentity.
Note that if an entitlement request has Failed and a custom message had been written into the workflow, the message would show up in this log.
Tasks
The Tasks section contains two categories: Approvals and Certifications. Tasks displays all current requests requiring action based on the approval process for that entitlement. This includes each time an entitlement needs to be Certified/Extended/Approved.
Users will not see any entitlements that require action, unless they have permissions to approve requests. The screen will display, "No results found. You are up to date!"
Approvals
The user will not see any entitlements that require action unless they have the permissions to perform them.
For users who have permissions to approve other user's actions, Approvals will appear as soon as the user requests an Entitlement. From here, delegated administrators can Approve, Deny, or Reassign an Entitlement.
 |
Action | Description | |
|---|---|---|
Approve | The Approve button will approve the selected entitlement request(s) for the user. It is possible to apply multiple entitlements simultaneously. When selected, a dialogue box will appear. Click Yes to confirm or No to discard.
| |
Deny | The Deny button will deny the entitlement to the user. It is possible to deny multiple entitlements simultaneously. When selected, a dialogue box will appear. Click Yes to confirm or No to discard.
| |
Reassign | The Reassign button will defer the Approve or Deny task to another user or role. When selected, a dialogue box will appear. Choose whether to send the task to a User or a Role, then define which User or Role the task should be reassigned to.
|
Certifications
Users will not see any entitlements that require action unless they have the permissions to perform them.
For users who have permissions to certify other user's actions, Certifications will appear as soon as the Entitlement is granted. From here, delegated administrators can Certify, Extend, or Expire an Entitlement that has an expiration date.
 |
Action | Description | ||
|---|---|---|---|
Certify | The Certify button will certify the selected entitlement request(s) for another block of the original entitlement's expiration. It is possible to certify multiple entitlements simultaneously. When selected, a dialogue box will appear. Click Yes to confirm or No to discard. NoteThe Certify action is only available to entitlements that do not have the Disable Certification/Extension option set on the entitlement.
| ||
Extend | The Extend button will extend the selected entitlement request(s) by a chosen timeframe. It is possible to extend multiple entitlements simultaneously. When selected, a dialogue box will appear. Choose the amount of time by which to extend the Entitlement. NoteThe Extend action is only available to entitlements that do not have the Disable Certification/Extension option set on the entitlement. If the requested time to Extend is greater than the configured time for the entitlement, the entitlement will be extended for the default amount as configured.
NoteThe Extend feature from the Tasks sidebar will attempt to extend the entitlement for 7 days, regardless of the time period set within the entitlement. To extend an entitlement for longer than 7 days, navigate to the Requests > Tasks > Certifications menu.
| ||
Expire | The Expire button will immediately expire the selected entitlement request(s). Expiration requests are selected via the check box in the far left column of the tasks pane and it is possible to expire multiple entitlements simultaneously. When selected, a dialogue box will appear. Click Yes to confirm or No to discard.
|
