CloudAccess provides the ability to approve or deny requests to the SaaS applications. During the configuration of the connector, you specified an application owner. The application owner approves or denies requests for access to the SaaS applications. The application owner knows who should have access to the SaaS applications, whereas the appliance administrator might not have this knowledge.
The Approval icon appears in the administration console only if you have mapped roles and selected the option to require approval for the account. When there are accounts waiting for approval, CloudAccess adds the Approval icon.
By default, CloudAccess automatically provisions users according to mapped authorizations. To enable approvals so that automatic provisioning does not occur, click the i (Configure Authorizations Policies) icon when you map the roles (groups) from the identity source to the SaaS applications authorizations on the Policy Mapping page. Now an application owner must grant approval before provisioning can occur.
Log in to the Admin page at https://appliance_dns_name/appliance/index.html as the application owner.
Click the Approvals tab.
Select the desired approval request.
Click Approve or Deny.
NOTE:Users who have been deleted from the identity source may still appear on the Approval page. If you know that certain users have been deleted, you can simply deny approval for those users. However, approving requests for users who have been deleted does not result in account provisioning for those users in the SaaS applications.
NetIQ recommends a maximum of 2,000 simultaneous approvals.