App access requests

You can use access policies to define when and how access should be granted to any of the managed apps in your catalog. This includes:

• Who should be allowed access to a particular app. You can set different levels of access based on teams, or grant the same level of access to everyone in your organization.
• How app accounts will be created when access is granted. Accounts can be created automatically via an integration with the app or your Identity Provider, or manually.
• The license and user role to be given to new app accounts.
• When access should be granted - either on request or as part of your employee onboarding process.
• Whether requests for access need to be approved before access can be granted.

Once you have set up access levels and policies, you can also use 1Password SaaS Manager to audit existing app accounts and ensure they have the right levels of access.

Configure time-based app access

You can define the duration of access team members can request for an app through a given policy. Then, as part of their access request, team members can pick one of the durations you make available to them.

To set requestable durations for app access:

1. Navigate to the application you want to set time-based access options for and go to the "Access levels" section.
2. Select the name of the access level you want to add durations for. 
3. If there's an existing access level policy for that role, select it or select Add access policy.
4. Make sure "Access rights" is set to Requestable.
5. Then, select timeframe options for accounts under Requestable durations.
6. Select Done.

Review access requests

Access requests are created when:

• A team member requests access to an app via the App catalog.
• An access plan is generated for a new starter as part of an onboarding workflow.
• The app owner, IT admin, or a SaaS Manager admin user (or anyone in a role with "Owner" permissions on the app) requests access for an individual from the app profile.

You can view all access requests for a particular app from the Access tab on the app profile. You can also view all access requests that have been opened for an individual from the Access tab on their person profile. 

Select a request to view more details, including whether the request originated from a workflow or from the App catalog. For apps that require approval and/or manual provisioning, you can also view and update the relevant tasks.

To view all apps with open access requests, open the App inventory and select the Access management view (also available from the Reports list).

Once an access request has been approved and the accounts has been provisioned, the account is listed in the Accounts tab on the app profile. To view all the apps for which a person has an account, open their profile from the People directory and select the Applications tab.