Condition Access Approval

OpenOTP Features

Conditional Access Approval

Access approval is standard in PAM, but RCDevs extends it further. Integrated into Conditional Access policies, it applies to any application or integration. Routine logins work as configured, while unusual attempts require an authorized approval before access is granted.

Use Cases

Practical scenarios where Access Approval adds value to your security framework

geolocalization (1)

Geo-Specific Access

Logins from unexpected countries trigger approval. Once validated, future logins are allowed unless IP restrictions apply.
directory

Attribute-Based Access

Users missing required directory attributes (e.g. department code) require approval before access.
access-time

Time-Restricted Operations

After-hours logins trigger approval, while access during standard business hours proceeds as usual.
profile

High-Value Applications

Access to critical or sensitive systems requires an approval step, even if other conditions are met.
wifi

Trusted Devices & NAC

Compliant devices connect normally while suspicious or unknown ones are held for validation.
local-area

New Device Detection

Logins from previously unseen or unregistered devices will always prompt approval before granting access.

Zero Trust
Alignment

Access Approval supports a Zero Trust approach by ensuring that no login or connection is trusted by default. Every request is evaluated against defined policies, and any activity outside of the expected context requires explicit validation. This combination of continuous verification, policy enforcement and optional human approval extends Zero Trust principles beyond privileged accounts to all applications, integrations, and even network access through NAC.

Conditional Approval Workflow

Every login or connection is evaluated against defined rules. If a condition fails, approval is required before access.

Domain membership, Group membership
Network origin (trusted/untrusted), Country
Time of access (within or outside work hours)
Mandatory LDAP attributes or mobile badging status

User-Experience Nuance

Requests are only flagged when something appears out of the ordinary. Most everyday logins remain smooth and invisible to the user, while unusual activity automatically escalates for review.

Standard access continues without interruption
Suspicious activity escalates to an approval step
Clear messages guide both users and approvers

Approval Dynamics

Approvals are simple but tightly controlled.

Approvers defined as individual users
One approval is sufficient; one rejection blocks access
Defaults: 10-minute response window, 1-hour validity
Rejected requests include a retry delay to prevent abuse

Post-Approval Behavior

Approvals can persist for convenience but remain flexible.

Conditions already approved can stay valid for future logins
Option to tie approvals to the same IP only
Approvers always see which conditions failed

SEEING
IS BELIEVING

Whether you are buying a car or a security solution, you always want to test drive it before signing on the dotted line. We know this and you know this.

Contact us for your Free PoC or check it out for yourself.

EN