Configuring policies
Overview
Indent uses Access Request Rules to manage which team members may approve access to Resources. You can configure Access Request Rules based Resource type, or by creating rules for individual resources. This gives you granular control over access to each Resource.
View existing Rules
- Sign in to your Indent Space.
- Navigate to your Apps in the sidebar.
- Click on your App and you'll be taken to the App Details Page.
Create a basic Rule
- From the App Details page, click the "Access Request Rules" section.
- Scroll down and click on the Add Rule button.
- Add settings to the rule:
- Under "Kinds of Resources," enter the Resource Kind you want to manage with this rule
- Under "Webhook Override," select an existing Change Webhook to use with this Rule
- Next, click "Add Requirement," to set up Reviewers and Messaging:
- Under Name, choose a memorable name for the group of people who can review access for this Rule.
- Under Approvers, type the names of users who should review requests for access to the Rule's resources.
- Under Recipients, include individual users or a Slack Channel where Access Request messages should be sent. Defaults to the Approvers you set previously.
- Under Advanced Settings, choose the minimum number of approvers, timeout, and whether or not requesters can approve their own access.
- Scroll to the top and click Save to save your new Rule configuration.
Create a group Rule
You can create a group rule to send access requests to multiple reviewers in Slack at once.
Configure a Slack Channel
- Create a new Slack Channel and add your reviewers to the channel.
- We recommend making this channel private so only your reviewers have access.
- Add the Indent Bot to the new channel.
- Pull resources from Slack into Indent:
- Navigate to your Indent Resources.
- Select the dropdown arrow next to New on the Resources Page and click "Pull Update."
- Click the sliders in the modal for "Slack User" and "Slack Conversation" and also select public and private conversations.
- Your Slack channels will be listed as Indent Resources.
Create the new Rule
- From the App Details page, click "Access Request Rule.s"
- Scroll down and click Add Rule.
- Complete the steps for adding a basic rule to your Space.
- When you choose "Recipients" for your Rule, type in your new Slack Channel as a recipient and it will appear as an option.
- Save the new Rule.
Great work! Now, whenever a user requests access to resources managed by the Rule, your Slack Channel will receive a message.
Advanced Rule configuration
Indent's Rule management allows you to narrowly define each Rule for control over specific Resources.
Configure Rule Resources
- Resource IDs (Optional): You may choose individual Resource IDs instead of one Resource Kind
- Need manager (Optional): Toggle whether access requests should first be routed to a user's manager before they are routed to the Resource reviewer
- Match Labels (Optional): Match Indent Resources that have a particular label like "okta/profileAttribute" or any other label
- Webhook Override (Optional): Choose a Change Webhook to use with this Rule. If the Resource Kind differs from the default Change Webhook for your App, select the Change Webhook that can update the Resources you want to manage with this Rule
Configure Rule Requirements
- Name (Required): Choose a memorable name for this Requirement
- Needs (Optional): Choose other rules that this rule depends on
- Approvers (Required): Choose who you want to review access requests for this Rule. You can choose multiple reviewers. If a reviewer doesn't respond to an access request, reviewers are notified in sequence until the request expires.
- Recipients (Optional): Choose recipients for Access Request messages. By default reviewers are notified in Direct Messages. You also choose individual Slack Channels to receive Access Request messages.
- Advanced settings: Advanced settings control the number of approvals, the timeout, and self approval
- Minimum required approvals: The number of approvals required before access is granted. Set this to at least 1 if you want reviewers to review access
- Approver Timeout: The amount of time before an Access Request expires
- Allow Self Approval: Choose whether requesters can approve their own access requests, usually you want this to be "No"