Authorization Workflow
The ID-Access® workflow engine normally uses e-mail to prompt authorizers for approval, to send reminders, to escalate authorization requests and even to send thank-you notes and welcome e-mails.
Note that requests and approvals are expressly not allowed in e-mails, since most mail systems are insecure: plaintext and unauthenticated. E-mail is used strictly to alert participants in the workflow process that their input is required and to provide a URL where they can be securely authenticated prior to providing that input over a secure channel.
The ID-Access workflow engine has built-in support for automatic reminders, escalation and delegation:
- Non-responsive authorizers that have been asked to review a change requests receive automatic reminders to respond to a change request. Reminder intervals are programmable.
- Authorizers who continue to be non-responsive are automatically replaced with alternate authorizers, identified using escalation business logic. Escalation normally involves external data access -- e.g., to a corporate directory to lookup the original authorizer's manager or peers.
- Authorizers may elect to delegate their authority, either temporarily (for a scheduled, finite period of time, such as a scheduled holiday) or permanently (for example, when an authorizer changes jobs). Delegation may require that the new authorizer respond and accept responsibility before it takes effect.
- A workflow manager can reassign requests to different authorizers at any time and can administratively set and clear delegation rules.