PingOne Privilege

Managing access requests

An organization administrator can perform the following actions on a user’s just-in-time (JIT) access requests:

Additionally,

To manage requests, click Access Requests.

The page is organized into several tabs: Pending Requests, Approved Requests, History, and Auto Approve.

Manually approving pending requests

The Pending Requests tab lists all submitted requests that are awaiting a decision.

  1. In the PingOne Privilege admin console, click the Pending Requests tab.

  2. Click View Details on a request to examine its contents.

  3. Review the request details:

    • Requester name and email

    • Requested resources

    • Requested duration

    • User comments

  4. Click Approve or Reject.

    The user is notified of the decision in their user portal. If Slack notifications are enabled, a message is also sent to the configured Slack channel.

Viewing approved requests

The Approved Requests tab displays all active sessions. Click any request to view its details.

Revoking access

An administrator can end an approved session manually before its scheduled expiration.

  1. On the Approved Requests tab, find the active request you want to revoke.

  2. Click View Details to open the request.

  3. Click Close to terminate the session. Access to the resources is instantly revoked.

Viewing request history

The History tab lists all past requests, including approved, closed, and expired ones. The available filters are time and user.

Managing auto-approval policies

The Auto Approve tab lists all active auto-approval policies.

Configuring an auto-approval policy

While approving a user’s requests, you can to create a policy to automatically approve similar requests:

  1. During the manual approval process for a user’s request, select the Auto-approve future requests checkbox.

  2. Specify the maximum duration for which future requests can be auto-approved.

  3. Add any comments for auditing purposes and click Approve.

An auto-approval policy is generated for that user and is listed in the Auto Approve tab.

Deleting an auto-approval policy

To delete an auto-approval policy:

  1. On the Auto Approve tab, find the policy you want to remove.

  2. Click View Details to open the policy.

  3. Click Delete Auto-Approve Policy to remove the policy.

Removing access to a resource

The following process removes a user’s access to an individual resource:

  1. Delete the approval request associated with the resource.

  2. Delete the policy associated with the approval. Learn more about policies in Managing policies.

  3. Delete the auto-approval policy if the access is granted through an auto-approval process.

Revoking access to all resources

A user’s access to all resources can revoked both permanently and temporarily. Access might be permanently revoked if, for example, a user reports their device stolen. Access might be temporarily revoked while, for example, the device’s operating system is being patched.

To revoke a user’s access to all resources permanently, find the user’s device in Devices and remove the device. This instantly terminates all access for that user from that device.

To revoke a user’s access to all resources temporarily, find the user’s device in Devices and deactivate the device. This deactivates all access for that user from that device until it is reactivated.

Users can be deactivated or deleted, as well. Deactivating or deleting a user terminates access from all devices associated with that user.