Some credentials are sensitive enough to require authorization whenever they are used, whether to access a server/computer or even a website. In this article, see how to configure the approval workflow to enhance the security of access to a password/credential.

Note: If you are using the old table, click the button next to ADD CREDENTIAL to update to the new table.

Access the “Credentials/Passwords” menu and click on the credential name to access the settings screen. If you haven’t registered the credential in VaultOne, click ADD CREDENTIAL in the top right corner.

Within the credential editing area, click on the WORKFLOW tab, as shown in the example below:

In this tab, you can enable and configure your entire approval flow. To start, click “Add.”

Search for and select all the people you want to designate as APPROVERS for this new approval flow. This means that when a user needs to access or view this credential/password, one or all of these people will need to approve the access.

After selecting all the people, click “OK.” You will see a screen similar to this:

Note: To remove a user from the list of approvers, hover your mouse over the user to be removed. You will notice a button with an “X” appear on the right. Click this button, and the user will be removed from the list of approvers.

You have now added all the users or the user who will be responsible for approving and granting access to this credential, both for use in a connection and for viewing it, if the user has permission to do so.

To finish, you need to configure the rules for your approval flow. Below, you will understand how these settings work.

After selecting the desired settings, click on “SAVE” in the top right corner to save your configurations.

Your approval flow has been successfully created for this credential. Whenever a user tries to use this credential for a connection or to view it (if they have permission), they will go through the approval flow, as shown in the example below:

To request access using this credential, the user must click “Click to request a new approval” and fill in the access window they want to use, specifying the dates, start time, and end time of the remote session. To finalize the request, simply click “Request Approval”.

All approvers involved in this approval flow will receive a notification that there is a new approval request for that credential, following the sequential settings configured.

Approval request notifications are sent via email. It is also possible to create flows through the API to send these notifications through other channels.

In addition to sending the notification, both the requester and the approver can track approval requests directly in the VaultOne DASHBOARD.

If you are a requester and wish to cancel the approval request, go to your DASHBOARD, find the table below, hover over your request, and click REVOKE REQUEST.

If you are an approver and want to approve, deny, or edit this request, simply click on the user’s name. A pop-up will appear with a summary of the request, as shown in the example below.

You can approve, deny, or edit an approval request.

The “EDIT” option allows you to change the requested access window of date and time, enabling you to modify the start date, end date, start time, and end time.

Now you can approve or deny this request.

If you have any questions about how to use VaultOne’s approval flow (workflow), contact us at [email protected].