Setting Up Pre-Approvals

Background

Why pre-approvals? 

We believe that with birthright access, organizations still tend to overprovision licenses & permissions to new joiners. Here at Lumos, we think that JIT access is 🔑 to ensuring least privilege without sacrificing productivity. This is where pre-approvals come in! 

Imagine a vending machine experience - an Account Executive makes a request for a sales tool in Lumos, sales has already been pre-approved, so they immediately get access, right when they need it. No seat hogging or underutilization here 🙂

Steps

1. Go to the AppStore admin page

2. Find the app that you want to create a pre-approval rule for & click "Advanced Settings"

For this example we will set up a pre-approval rule for Zoom.

3. Click on the "Pre-approval rules" tab

4. Click on "Create a new rule" & configure your pre-approval rule!

• Today we will pull in:

  • PagerDuty (📄 Pagerduty Capabilities) or OpsGenie (📄 Opsgenie Capabilities) on-call schedules

  • Groups from Okta, Google, or Office365

  • Team, Title, or any Custom Attribute information (I.e. office location!)

*NOTE: if you set up a pre-approval rule with on-call schedules AND IdP-sourced groups, the logic for qualifying for the pre-approval rule requires the user to be in both an on-call schedule and IdP group.

• Select what types of users you want to have pre-approved as part of your rule.

• Then, select which permission(s) that those groups should be pre-approved for. 

• Finish it up with a business justification (which will show up in the Lumos Activity Log if a requester gets pre-approved for this #auditability) & click "Add"

5. Congrats! Kick your feet back and let your pre-approval rules automate away some of your tickets 😎