Approval Workflows

Last modified on February 27, 2024

Approval workflows are the mechanism by which requests for access can be viewed by authorized approvers and be approved or denied. These requests can take the form of access requests via an access workflow, made from the user’s StrongDM Desktop application or from an integration such as Slack. Requests that need approval can also originate with policies, where something about the user’s actions against a resource has triggered the need to have their action approved.

When adding or editing an approval workflow, the Name and Description fields are where you name the workflow and briefly describe it. The description should clearly depict what the approval workflow does. The name and description help administrators to find the correct workflow when navigating the Approval Workflows page of the Admin UI.

Approval Step

The Approval Step section provides a selection between automatic approval, ServiceNow approval, and manual approval.

  • Automatic Approval: Requests for resources that are processed via this workflow are automatically approved. Automatic approvals provide the audit trail benefits of temporary access to particular resources without the need for manual intervention.
  • ServiceNow Approval: Requests are handled within your ServiceNow instance.
  • Manual Approval: Users or roles are chosen to function as approvers for requests that follow this workflow, and requests must be manually approved by those individuals.

Approvers

Manual approvals on a workflow require approvers to be selected.

The Approvers section is available if the Approval Step chosen for the workflow is Manual Approval. Here, you may select potential approvers for this workflow from the list of users in your organization. You may also select roles.

Approvers gain the ability to approve requests for this workflow and receive notifications of new requests. When you add a role to the approvers list, all users who are currently members of the role (or who are later added to the role) are able to approve requests that are made via this workflow. If an approver for a workflow is not an administrator of your StrongDM organization, they see requests from that workflow in the Request Access > Requests tab and can approve and deny them, but they are unable to edit the actual workflow.