Login
    Contents x
    Access Builder Settings
      • Print
      • PDF
      Contents

      Access Builder Settings

        • Print
        • PDF
        Article summary

        Important
        The Access Builder feature is enabled only on request. Please reach out to your customer success point of contact to enable this.

        Britive Access builder helps users request access to existing Britive profiles, reducing overhead on administrators who create and manage Britive profiles. This feature also lets users create their own profiles with available permissions. Administrators control which applications and permissions are available for users to request access to and which users/tags can request access to which applications. Approvals can be configured so that profile access requests are reviewed by various stakeholders before any profile access is granted to requesters. 

        There are two ways to request access: 

        • Users can request access to the existing profiles and associated policies. In this case, the profiles and policies are already created by an administrator. 
        • Users can create new profiles using existing roles and permissions in the target environment and then request access to those profiles.

        Access Builder Settings (Admin configuration)

        The administrator needs to make the following configuration so that users can request access to the profiles of a particular application. 

        1. Log in to Britive with administrator privileges.
        2. Click on Admin -> Application and Access Profile Management.
        3. Click on the application and select Access Builder Settings from the navigation menu.
        4. Check Allow Access Builder to enable the Access Builder feature. This can be enabled only if the Association Approvers and Notifications settings are completed.
        5. Manager Approval Settings: Select the Manager Approval if you want the requester's manager and/or approvers to approve/reject Access Builder requests. You can select one of the following:
          1. Manager OR Approvers: The manager or the approvers approve/reject the request.
          2. Manager AND Approvers: The manager and approvers must approve/reject the request.
          3. Manager Only: Only the requester's manager can approve/reject the request, and any Association Approvers assigned are not part of the approval flow.
        6. Association Approvers: This is a mandatory configuration. Define a combination of an association and an approver group.
          1. Click on Add Approver Group to add a group of approvers for profile requests generated under the app. The members of the approver group approve the profile request.
            1. Enter the Name of the approver group.
            2. Select the Approval Condition:
              1. All members: All members of the approver group must approve the request so that the user can check out the profile for access.
              2. Any member: Any member of the approver group can approve the request.
                1. Click Add Users to add individual users to the approver group.
                2. Click Add Tags to add tags to the approver group.
            3. Click Save.
            4. Edit, Delete, or View Members from the list of approvers group. An approver group can not be deleted if it is mapped to one or more associations.
          2. Click on Add Assignment to configure Associations. You must add at least one approver group to add an assignment.
            1. Enter the Name of the association. 
            2. Check the environments from the Associations section, which users can request access to. All the profiles associated with this environment are available for access requests.
            3. Click on Select Approver Group to select approver groups for this assignment.
          3. Approval Timeout: This is a mandatory configuration.  Specify the time for approval from the approver group. The access request is not valid if it is not approved within this timeout.
          4. Maximum allowed profile expiration timeout: This is a mandatory configuration. This is the maximum allowed value for the Expiration Timeout in value when creating a profile. 
        7. Notifications: This is a mandatory configuration. Configure to send the notification to the approvers when a profile access/creation request is submitted.
          1. Click on Add Notification to add a new notification medium.
            1. Select a notification medium from the dropdown list of notifications and click Add
        8. Requesters: This is an optional configuration. Configure which users can request access. All users can request access to profiles if this configuration is not specified.
          1. Click Add Users and/or Add Tags to configure the list of requesters.
          2. Select Include or Exclude to either include or exclude a particular user/tag from requesting access.
        Was this article helpful?
        What's Next

        © 2024 Britive Inc. All Rights Reserved.

        Change password!
        Changing your password will log you out immediately. Use the new password to log back in.
        Change profile
        Success!
        First name must have atleast 2 characters. Numbers and special characters are not allowed.
        Last name must have atleast 1 characters. Numbers and special characters are not allowed.
        Enter a valid email
        Enter a valid password
        Your profile has been successfully updated.
        Logout