Access Requests

Last modified on May 19, 2023

This feature is currently in closed-access beta. Functionality and documentation may change. Contact your Customer Success Manager for more information.

The Request Access page in the Admin UI has two tabs, Catalog and Requests.

Catalog

List of Available Resources That Can Be Requested

The Catalog tab contains a tabulated list of all of the resources that the user can request to access. These resources are made available via workflows that have a role(s) selected to allow all users with that role(s) to request access.

With the Catalog tab, your users can look for resources that they need, and request access to them from the Admin UI. Of particular use for organizations with large numbers of resources, the list is also searchable and has filters available to narrow down results by the values of the same fields shown in the list of resources. The list contains the following fields:

Field	Description
Access	Current status of your access to this resource
Authentication	Type of authentication used for this resource (leased credential or Remote Identity)
Health	Whether the healthcheck for the resource is successful or not
Name	Resource name
Tags	Any tags attached to this resource
Type	Resource type

Access field values

The Access field in the Catalog table can have the following values:

Available: The resource has been made available for requesting access.
Granted by role: A resource is made available for requesting access, but the user already has access because of a role.
Granted by temporary access: A resource is made available for requesting access, but the user already has access because of a temporary access grant or a previous (successful) access request.
Pending: The resource has been requested.

Make a request

From the resource catalog, you may request access to any available resource.

Once you click the button to request access, you are asked some questions about the access you require. You can set the time zone of the request to avoid miscommunication around timing, and then choose the date and time that you desire access to start and end. A helpful date picker as well as a shortcut box for common times makes the request process even faster.

You must make a request for a time that begins no earlier than the time of the request, and it must have a duration of no more than 30 days. Requests automatically time out if they are not approved within the window requested.

The question Why do you need access? is a critical one, as in some cases it may be the only thing that provides context to the individual who is approving the request. Depending on the request in question and the policies of your organization, an answer here without relevant details may result in a denied request.

Lastly, you can review your request in text format to make sure that you have requested the correct resource for the correct times.

If a request for access to a resource is already in progress, a new request cannot be made. If a previous request was denied, however, the status of that resource in the list returns to Available and a repeat request can be made.

Requests

The Requests tab contains a tabulated list of all recent access requests that have been made in this organization. Users viewing the Requests tab are able to see the list of every request for which they are a valid approver, as well as requests that they initiated themselves.

Field	Description
Access Details	Time and date that the request was terminated, and the type of termination
Request Status	Explanation of the current state of the request
Requested	Name of the resource being requested
Requester	Name of the requester
Submitted	Time and date the request was submitted

Request Status values

The Request Status field gives a value that explains the current state of the request.

Approved: The request was approved.
Canceled: When a resource is unassigned from a workflow, any pending requests are automatically canceled.
Denied: The request was denied.
Pending: The request is pending review.
Timed out: A consequence of inaction. If the access end date for the pending request passes without being approved or denied, then the request times out.

Access Details values

The Access Details field gives a value that indicates the time and the date that the request time window ended or will end, and the reason for the expiry.

Active until…: This request was approved and the user currently has access.
Expired on…: This request was approved, but the requested time window has elapsed.
Requested until…: This request is open and has no response yet.
Revoked on…: This request was approved; however, an approver revoked the user’s access before the request expired.

As an approver, you can see more details (such as role information about the user) and respond to the request, as in the example shown.

The Request Details modal shows the requester’s name, the name of the resource they intend to access, the requested time frame, and their own explanation of why they need access. You can approve or deny the request as well as provide a note to the requester. You can click Show more to see details about the user and the resource in question to provide context around who the user is and what the user is requesting to access.

Once a request has been approved or denied, an email is sent to the requester letting them know that the request has been finalized.

At any time, an approver can look at any previously granted request and revoke the access early where necessary or appropriate.

Access requests can be made for resources that are assigned to workflows in StrongDM. For more details on how workflows are created and managed, see the Workflows page.

Access Requests

Catalog #

Access field values #

Make a request #

Requests #

Request Status values #

Access Details values #