Definition
Defined sequence of approvers an access request must traverse before fulfillment — typically manager → role owner → security if high-risk. Parallel approval (multiple at once) or serial (one after another) patterns. Modern systems support conditional routes (skip security if request is for low-risk access).
- Application
- IGA platforms model approval routes per role/entitlement risk level. Configurable: automatic re-routing on approver unavailability, escalation on timeout, deputy substitution.
Related terms
-
Aggregation (Aggr)
Process of collecting account and entitlement data from target systems into the IGA platform. Foundation for reconciliat …
-
Approval Timeout
Maximum time an approver has to respond before request escalates or auto-decides. Typical settings: 3-5 business days fo …
-
Birthright (BR)
Baseline access granted automatically to every identity of a specific type — typically minimal access required to functi …
-
Delegated Administration (DA)
Permission model where administrators delegate specific management functions to other users within scoped boundaries — t …
-
Deprovisioning (Deprov)
Removal of an identity's access from a target system — typically triggered by termination (Leaver), role change (Mover), …
-
Entitlement Creep
Gradual accumulation of access rights beyond what's needed for current job, as users change roles without losing prior a …