HomeHome
Guides
HomeHomeLog In
Guides
Start typing to search…

Assigning Approvers and Supervisors [draft]

Assigning a Supervisor at the User Level

In addition to designating global supervisors, supervisors can be assigned at the user level. Setting a supervisor at the user level forces the user to require supervisor permission to access the Application Portal. Note that assigning a supervisor at the user level only applies to the user login.

  • Navigate to the Identities > Users page.
  • Click Edit on the user to be assigned a supervisor.
  • In the Supervisor field, select the user you want to assign as the supervisor for this user.

Assigning an Approver or Supervisor at the Application and Category Level

In addition to setting supervision at the global and user levels, the portal admin can assign supervision at the application level. When creating an application, the Supervision and Auditing Roles section is set to Same as defined in Roles by default. This can be changed to a user or user group.

  • In the Supervision and Auditing Roles section, when creating applications, disable the Same as defined in Roles checkboxes under the Approver, Active Supervisor, Observer Supervisor, or Auditor tabs.

  • Click the search box and select the user group or user to be the supervisor for the application.

    • Approver - This application can only be accessed after the approver selected here approves the request.



📘

Note

See details below for assigning multiple Approvers and defining a sequence of Approvers.


  • Active Supervisor - This supervisor will be able to interact with the session while the application is being used. To be able to interact with the session, the Supervisors can join the application's active sessions option must be enabled in the action profiles on the Policies > Actions page.

  • Observer Supervisor - Unlike Active Supervisor, the observer supervisor can-not interact with the ongoing session. This supervisor can only be a silent spectator to observe and monitor the session.

  • Auditor - The auditor has access to playback recordings of application sessions.

Multiple Approvers and Approval Sequences

In addition to assigning an individual Approver, you can define multiple Approvers, define the number of Approvals required, and/or a sequence of multiple Approvers.

Approver Sequences may include up to 5 levels. Each Approver must approve access before Cyolo sends the Approval request to the next Approver. Access is enabled only when the sequence is successfully completed.

To define multiple Approvers, follow the same procedure detailed above (Assigning an Approver or Supervisor at the Application and Category Level) and then:

  1. Select and assign identities as Approvers. In the example below, 3 identities are assigned to the Approval entry.
  1. Enter the number of Required Approvals.

This can be any number from 1 to the total number of assigned Identities.

  • In the example shown above, a value of 3 means that all of the 3 identities must Approve.
  • A value of 1 would mean that any 1 of the 3 must approve.

Sequential Approval

To create a sequence of Approvers, click + under Approver in the Supervision Roles section and add Approvers.

Cyolo sends the request to the first Approver, then continues through the sequence only after the previous Approver has approved.

The example below shows 3 identities assigned, in order, as Approvers.


Example

  • In the example shown below, the sequence has 3 entries and all 3 must approve before access is granted.
  • The first Approver entry has 3 associated identities, and since the Number of Required Approvals is set to 3, all 3 must approve before Cyolo sends the request to the next identity.

Change Order

To change the order of the Approval sequence, right-click any row and then select Move up, Move down, etc.


Updated about 2 months ago