Policies
      Back to home
      1. Support Center
      2. Safous ZTNA
      3. Policies

      Creating Policy for Supervised Approval

      If you want some or several application to have an approval flow before the application itself can be access by the user, you can leverage Supervisor approval policy access that provided by Safous ZTNA service. For enabling that policy, you need to have admin user to create policy, please check these KB down below about Admin access:

       

      1. login to https://portal.safous.com
      2. Go to Settings tab> ZTNA
      3. In Policies, click on New Policy button
      4. Once clicked, it will expand all the option for policy that can be use for application authorization
      5. You need to input the policy name because it's mandatory and must be unique to other policy
      6. To enable the function for approval policy access, you need to to toggle the "Supervisor approval" access policy
      7. Then, you need to choose which user/s that will became the supervisor of that app/s, it includes the search function so you can easily to select the user/s
      8. As for the users groups, applications, categories, and configuration fill/choose with what you want to be mapped. Then click "Save"
      9. It will give you success notification when the policy has been added
      10. One additional information that differentiate the policy that has supervised policy access compared to the rest of policy is the labels shows "Supervised"

       

      To test the policy is successfully implemented or not, you need to ensure these things:

      • User that already created by admin, please refer to here
      • User already enrolled the MFA and can login properly, please refer to here
      • Your favorite web browser to open User Portal

      Login to user portal with the user who's not the supervisor, then you will shown all the application that your user could access

      Click on the application that already mapped with supervised approval access policy

      Then it will pop-up the confirmation reason for accessing the application, just need to choose between those 3 options. if you choose "Other", the you need to input detail note

      New tab will be open, and show you the information which it still waiting the approval process from the supervisor

      On supervisor side, he/she will get notification through 2 media

      • The first one is via SMS, which shows like this:
      • The second one is through user-portal, this is the notification on supervisor tab:

      If the supervisor choose to deny the approval, it will asked for confirmation

      Then on the user that requested approval to application will get this notification

      If the supervisor choose to approved the request either via user-portal or by clicking the link send by SMS, on requestor tab that shows waiting for approval will redirected to the application