OpenOTP Features

Access Approval Condition

Access approval is standard in PAM, but RCDevs extends it further. Integrated into Conditional Access policies, it applies to any application or integration. Routine logins work as configured, while unusual attempts require an authorized approval before access is granted.

Free PoC

Learn more

Policy-Driven Control

Trigger approvals based on context such as location, device, time, or directory attributes

Learn more

Human Validation when Needed

Add an approval step only when conditions fall outside policy, keeping normal access uninterrupted

Learn more

Zero Trust Aligned

Enforce validation for unusual or high-risk access attempts, never assuming trust

Learn more

Approvals Beyond PAM

Extend approval workflows to all applications, integrations, and even the network

Learn more

Audit & Compliance

Every approval is logged with full visibility of who approved who and when

Learn more

Approvals with RCDevs NAC

Extend approvals to network access, blocking untrusted devices until approved

Learn more

Use Cases

Practical scenarios where Access Approval adds value to your security framework

Geo-Specific Access

Logins from unexpected countries trigger approval. Once validated, future logins are allowed unless IP restrictions apply.

Attribute-Based Access

Users missing required directory attributes (e.g. department code) require approval before access.

Time-Restricted Operations

After-hours logins trigger approval, while access during standard business hours proceeds as usual.

High-Value Applications

Access to critical or sensitive systems requires an approval step, even if other conditions are met.

Trusted Devices & NAC

Compliant devices connect normally while suspicious or unknown ones are held for validation.

New Device Detection

Logins from previously unseen or unregistered devices will always prompt approval before granting access.

Zero Trust
Alignment

Access Approval supports a Zero Trust approach by ensuring that no login or connection is trusted by default. Every request is evaluated against defined policies, and any activity outside of the expected context requires explicit validation. This combination of continuous verification, policy enforcement and optional human approval extends Zero Trust principles beyond privileged accounts to all applications, integrations, and even network access through NAC.

Conditional Approval Workflow

Every login or connection is evaluated against defined rules. If a condition fails, approval is required before access.

Domain membership, Group membership

Network origin (trusted/untrusted), Country

Time of access (within or outside work hours)

Mandatory LDAP attributes or mobile badging status

User-Experience Nuance

Requests are only flagged when something appears out of the ordinary. Most everyday logins remain smooth and invisible to the user, while unusual activity automatically escalates for review.

Standard access continues without interruption

Suspicious activity escalates to an approval step

Clear messages guide both users and approvers

Approval Dynamics

Approvals are simple but tightly controlled.

Approvers defined as individual users

One approval is sufficient; one rejection blocks access

Defaults: 10-minute response window, 1-hour validity

Rejected requests include a retry delay to prevent abuse

Post-Approval Behavior

Approvals can persist for convenience but remain flexible.

Conditions already approved can stay valid for future logins

Option to tie approvals to the same IP only

Approvers always see which conditions failed

SEEING
IS BELIEVING

Whether you are buying a car or a security solution, you always want to test drive it before signing on the dotted line. We know this and you know this.

Free PoC

Try Us

WORKFORCE ACCESS & ZERO TRUST

ADVANCED NAC

PRIVILEGED ACCESS

OpenID Connect & SAML2

IAM & FEDERATION

Conditional Access

Secure Transactions

Time-Clock System

MSSP & Multi-Tenant

NIS2 Compliance

Cloud / On-Prem

OpenOTP Security Suite

Spankey / SSH-PAM

Authenticators