Request Access and Approval Flow
Use this page to understand how users request temporary access and how approvers grant time-limited access to targets.
Use this workflow when a target is approval-gated by policy and direct launch is not allowed.
Flow Overview
- User signs in to the SRA portal and discovers available targets.
- User requests access for a target that requires approval.
- Approver reviews request context and approves or rejects.
- If approved, the user receives a time-bounded access window.
- User starts the remote session within the approved window.
Prerequisites
Before testing this flow, confirm:
- The user can sign in to the SRA portal.
- The target is visible to the user but requires approval before launch.
- Approver assignment and notification routing are already configured for your environment.
- Session mode prerequisites are configured for the target type (for example, web, SSH, or RDP).
For portal access and target discovery, see Portal Login and Target Discovery.
Requester Steps (Portal User)
Use this sequence from the requester perspective:
- Sign in to the SRA portal.
- Open the relevant application area (for example, web, SSH, or desktop target list).
- Search and select the target.
- Choose the request action shown for approval-gated access.
- Enter required request details:
- Access justification
- Requested duration (if your workflow exposes this field)
- Any ticket or operational context required by policy
- Submit the request.
- Confirm request status changes to a pending state in the portal.
If the request does not appear, refresh the target view and verify you are in the correct target scope.
Request Creation
In the portal, users select a target and submit an access request when direct launch is not allowed by policy.
Request payload can include target context and operational justification, based on your policy and workflow design.
Minimum request content should be specific enough for approver risk assessment.
Recommended request text includes:
- Why access is needed now.
- Which target action is planned.
- How long access is expected to be used.
Approval Stage
Approvers receive request notifications through the configured organizational workflow.
Approval decisions should enforce least-privilege and expected session duration boundaries.
Approver Steps
Use this sequence from the approver perspective:
- Open the incoming request in your configured approval channel.
- Verify requester identity and target context.
- Validate business justification and requested duration.
- Approve only the minimum duration needed for the task.
- Reject requests that lack sufficient justification or violate policy.
- Add decision notes when your workflow supports audit comments.
After approval, confirm the requester can launch only within the approved window.
Time-Limited Access Grants
Approved access is expected to be temporary and bounded by policy controls.
After the grant window closes, users must submit a new request unless policy permits direct access.
Post-Approval User Steps
After approval is granted, requester workflow is:
- Return to the SRA portal target list.
- Confirm request status is approved.
- Launch the session before the approval window expires.
- Complete the required operation.
- End the session when work is complete.
If launch fails after approval, verify that:
- Approval has not expired.
- The selected target still matches the approved request context.
- Required runtime endpoints are healthy for that session mode.
Operational Validation
During rollout, validate:
- Request visibility in the portal.
- Approver notification routing.
- Grant duration behavior.
- Session launch behavior after approval.
Add these validation checks for production readiness:
- Rejected requests remain blocked and cannot be launched.
- Expired approvals cannot be reused for new launches.
- New requests are required after grant expiry where policy requires bounded access.
- Approval and launch events are visible in your audit and session monitoring surfaces.
For session monitoring after approval, see Session Management.