The Manager Attribute in Access Flows

How to use the IdP Manager attribute for manager approval Access Flows


Some access policies, especially around sensitive access, customer data, production access or high environments and strong permissions, require manager approval for the user requesting access.

Apono supports this use case out-of-the-box, by automatically syncing the manager attribute from your IdP.

Then, all you have to do is set the Access Flow approver to Manager, and that's it! Apono continuously refreshes it's IdP data, so when managers change in the organization, so does Apono's Access Flows.

How It Works

In the Apono Admin Portal

  1. Integrate your IdP with Apono. Read more here.
  2. Create a new Access Flow or edit an existing one.
  3. Replace "Automatic" approval with "Manager" approval:

  1. That's it! Managers will now be required to approve access requests before access is granted to the user.

When requesting access

  1. End users who need access to resources can create an access request in Slack, Teams, or CLI.
  2. Once the request is submitted, if the Access Flow is set for Manager approval, the user's manager will get a notification to approve the access:
  1. The manager can review the request and decide whether to approve or reject it.
  2. If the manager approves the access request, the requester will receive another message with the access details and instructions on how to log in to the requested resource.