Creating Policy for Supervised Approval

If you want some or several application to have an approval flow before the application itself can be access by the user, you can leverage Supervisor approval policy access that provided by Safous ZTNA service. For enabling that policy, you need to have admin user to create policy, please check these KB down below about Admin access:

 

  1. login to https://portal.safous.com
  2. Go to Settings tab> ZTNA
  3. In Policies, click on New Policy button
  4. Once clicked, it will expand all the option for policy that can be use for application authorization
  5. You need to input the policy name because it's mandatory and must be unique to other policy
  6. To enable the function for approval policy access, you need to to toggle the "Supervisor approval" access policy
  7. Then, you need to choose which user/s that will became the supervisor of that app/s, it includes the search function so you can easily to select the user/s
  8. As for the users groups, applications, categories, and configuration fill/choose with what you want to be mapped. Then click "Save"
  9. It will give you success notification when the policy has been added
  10. One additional information that differentiate the policy that has supervised policy access compared to the rest of policy is the labels shows "Supervised"

 

To test the policy is successfully implemented or not, you need to ensure these things:

  • User that already created by admin, please refer to here
  • User already enrolled the MFA and can login properly, please refer to here
  • Your favorite web browser to open User Portal

Login to user portal with the user who's not the supervisor, then you will shown all the application that your user could access

Click on the application that already mapped with supervised approval access policy

Then it will pop-up the confirmation reason for accessing the application, just need to choose between those 3 options. if you choose "Other", the you need to input detail note

New tab will be open, and show you the information which it still waiting the approval process from the supervisor

On supervisor side, he/she will get notification through 2 media

  • The first one is via SMS, which shows like this:
  • The second one is through user-portal, this is the notification on supervisor tab:

If the supervisor choose to deny the approval, it will asked for confirmation

Then on the user that requested approval to application will get this notification

If the supervisor choose to approved the request either via user-portal or by clicking the link send by SMS, on requestor tab that shows waiting for approval will redirected to the application