CloudAccess provides the ability to approve or deny requests to the SaaS applications. During the configuration of the connector, you specified an application owner. The application owner approves or denies requests for access to the SaaS applications. The application owner knows who should have access to the SaaS applications, whereas the appliance administrator might not have this knowledge.
The Approval icon appears in the administration console only if you have mapped roles and selected the option to require approval for the account. When there are accounts waiting for approval, CloudAccess adds the Approval icon.
By default, CloudAccess automatically provisions users according to mapped authorizations. To enable approvals so that automatic provisioning does not occur, click the i (Configure Authorizations Policies) icon when you map the roles (groups) from the identity source to the SaaS applications authorizations on the Policy Mapping page. Now an application owner must grant approval before provisioning can occur.
You can use filters in the search field at the bottom of the Approval window to filter approval requests.
NOTE:If you use wildcards such as an asterisk (*) or question mark (?) in the search filter field, CloudAccess does not correctly filter results. Filters must be full regular expressions. If you want to use wildcards, they must be regular expression wildcards. If the filter does not start with '^' and '.*', then '.*' is added to the filter. If the filter does not end with '$' and '.*', then '.*' is added to the filter. Thus, a filter for "test" would end up as the regular expression ".*test.*".
To grant or deny approval:
Log in to the administration console at https://appliance_dns_name/appliance/index.html as the application owner.
Click the Approval tab.
Select the desired approval request.
Click Approve or Deny.
NOTE:Users who have been deleted from the identity source might still appear on the Approval page. If you know that certain users have been deleted, you can simply deny approval for those users. However, approving requests for users who have been deleted does not result in account provisioning for those users in the SaaS applications.
NetIQ recommends a maximum of 2,000 simultaneous approvals.