Authorization

The strong identity validation feature for approvals in the Authorization tab enables you to provide an additional level of security for task approvals by requiring a passcode and authorization code for the user to proceed with the approval. The feature is disabled by default. You can enable it from the Application Settings.

Set strong identity validation for approvals

Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Enable the feature in Application Settings. Select Administration > Configuration > Application Settings. Under Enable strong identity validation, click On and then Save.

In the main menu, select Administration > Configuration > Studio.

Select Task as the record type from the drop-down box at the top of the screen and select the Authorization tab.

Select Enabled for all records to enable strong identity validation for all records.

Select Enabled for records matching conditions to enable strong identity validation for records matching the defined conditions. Click Add condition to add a condition box. Enter an Expression Language phrase specifying the required condition. For example, you can enter ${entity.ParentEntityType == 'Change'} to require strong identity validation for change records only.

Optionally, click Add condition again to add another condition. The conditions are independent. Strong identity validation applies to records matching any of the specified conditions.

Select Disabled for all records to disable strong identity validation for all records.

Click

Save to save your conditions.

Assign verification codes

When a user attempts to approve a task that requires strong identity validation, he is prompted for a verification code for his passcode the first time. If he does not have one, he can request one.

If you are a manager, and the user reports to you, you will receive an email with his request. Alternatively, if you are designated as a Verification code mail recipient, you will receive an email when any user requests a code.

Note To assign verification codes to users, you must either:

Have one of the following permissions:
- the Tenant Admin role
- the permission to generate verification codes in the System use definitions section of the User page
In this case, you can generate verification codes for any user.

Be a manager. In this case, you can generate verification codes for your employees only.

Additionally, in either case, your passcode must be verified.

To assign verification codes to users:

On the Profile page, click Manage passcode verifications.

In the dialog box, click in the text box and select the required users from the drop-down list.

Note Select only users who have requested a verification code.

Click Generate verification codes and then Yes.

Alternatively, in the Your employees section of the Profile page, click the Generate verification code button next to each required user.

The verification codes for each user are displayed. Pass the codes to the relevant users securely.

Caution Do not send a verification code by email.