Reviewing Access Requests

Access Requests are made by users either as part of a JIT access workflow or when a Resource is locked due to a Usage-Based Auto Lock policy. The process for reviewing Access Requests is the same regardless of the request workflow.

Who can review and approve requests?

The following Admin roles may review and approve Access Requests for all Users and Resources:

• Admins
• DevOps
• Access Reviewer

Additionally, Resource Approvers may approve Access Requests for any User for any Resources they are assigned to.

Assigning Resource Approvers

Resource Approvers are one or more Groups that are assigned to a Resource. All members of assigned Group(s) will be able to review and approve Access Requests, only for the Resource(s) they are assigned to. This allows Admins to delegate access review to users without Admin access to Twingate who are responsible for the Resource. Resource Approvers do not have access to the Admin Console outside of the Access Requests page.

Assignment of Resource Approvers is from the Resource page in the Admin Console:

The set of Resource Approvers can be viewed and edited from the dialog that opens:

Resource Approvers will always receive an email notification that an Access Request is pending. Unlike for the Admin roles listed above, notifications cannot be configured for Resource Approvers. We recommend that you assign Groups as Resource Approvers that are tailored to your delegation use case.

Reviewing Access Requests

Accessing the Access Requests page

If there are open requests, Admins will see a red dot on the bell notification icon in the upper right-hand corner of the Admin Console page. Selecting any open request will open the Access Requests page, where Admins can see all open requests across all Resources. Resolved requests within the last 90 days will also be displayed.

Resource Approvers do not have Admin Console access. If a User is an assigned Resource Approver for any Resource, that user will be able to log in via the usual Admin Console access URL, eg. https://autoco.twingate.com, but they will only see the Access Requests page.

Normally, users will not need to access this page directly. The email notifications that they receive will contain a link to directly log in and review the open Access Request.

Reviewing from User and Resource pages

Admins can review open requests in the Admin Console on either the User or Resource pages. An example as seen from the User’s page is shown below. The Resource page will show all open requests for all Users.