Authorization

The strong identity validation feature for approvals in the Authorization tab enables you to provide an additional level of security for task approvals by requiring a passcode and authorization code for the user to proceed with the approval. The feature is disabled by default. You can enable it from the Application Settings.

Set strong identity validation for approvals

  1. Enable the feature in Application Settings. Select Administration > ConfigurationApplication Settings. Under Enable strong identity validation, click On and then Save.

  2. In the main menu, select Administration > ConfigurationStudio.
  3. Select Task as the record type from the drop-down box at the top of the screen and select the Authorization tab.

  4. Select Enabled for all records to enable strong identity validation for all records.

    Select Enabled for records matching conditions to enable strong identity validation for records matching the defined conditions. Click Add condition to add a condition box. Enter an Expression Language phrase specifying the required condition. For example, you can enter ${entity.ParentEntityType == 'Change'} to require strong identity validation for change records only.

    Optionally, click Add condition again to add another condition. The conditions are independent. Strong identity validation applies to records matching any of the specified conditions.

    Select Disabled for all records to disable strong identity validation for all records.

  5. Click Save to save your conditions.

Assign verification codes

When a user attempts to approve a task that requires strong identity validation, he is prompted for a verification code for his passcode the first time. If he does not have one, he can request one.

If you are a manager, and the user reports to you, you will receive an email with his request. Alternatively, if you are designated as a Verification code mail recipient, you will receive an email when any user requests a code.

Note To assign verification codes to users, you must either:

  • Have one of the following permissions:

    • the Tenant Admin role
    • the permission to generate verification codes in the System use definitions section of the User page

    In this case, you can generate verification codes for any user.

  • Be a manager. In this case, you can generate verification codes for your employees only.

Additionally, in either case, your passcode must be verified.

To assign verification codes to users:

  1. On the Profile page, click Manage passcode verifications.
  2. In the dialog box, click in the text box and select the required users from the drop-down list.

    Note Select only users who have requested a verification code.

  3. Click Generate verification codes and then Yes.
  4. Alternatively, in the Your employees section of the Profile page, click the Generate verification code button next to each required user.
  5. The verification codes for each user are displayed. Pass the codes to the relevant users securely.

    Caution Do not send a verification code by email.

Related topics