Offline Approvals

Approval workflows usually require a workstation to be online to send out the approval request and then receive an approval for an application to continue to run or execute. If a workstation is offline, an end user needs a way to also request an approval for an application to continue to execute, for such a situation an Offline Approval process has been implemented.

During an offline approval process a prompt is triggered for a 6-digit numeric pin also called request code. The end user then calls the help desk and provides system information to the help desk representative. The help desk representative generates and provides a 12-character alphanumeric response code for the deployed policy residing on the offline workstation. Once the end user enters the response code the application execution continues and other actions can be performed, for example adding administrative rights.

The message actions used in the Offline Approval policy are OS specific. Use the action:

Windows:

windows

macOS:

macOS

Notifications for approvals can also be issued to mobile devices. Refer to Mobile App section - Configure the Notification Settings

Creating an Offline Approval Policy

For offline approvals to work, a message action supporting offline fallback needs to be configured. This example uses the macOS based message action.

  1. Create an Offline Approval Policy, by specifying the specific message action:

    1. Navigate to Actions and click Edit.
    2. Search for and Add the action Application Approval Request (with Offline Fallback) Message Action.
    3. Click Update.

  2. Click Save Changes.

    Policy

Workstation Offline Approval

When the policy created above applies, the system first attempts an online approval request and if the server is unavailable it uses the request and response codes to verify authorization.

  1. When trying to install an application that is not explicitly white-listed via policy while offline, the following Application Notice opens:

    Application Notice Request Reason

  2. When the system is offline, the following notice opens:

    Offline notice

  3. Follow the instructions to contact your help desk and only click Generate when prompted.

  4. You will then see:

    Response Code

    Provide the information to the help desk, they will need the 6-digit code, in this example 191279, to create a response code.

  5. Once your help desk contact verifies the authenticity of the request, you will be provided a 12-digit Response Code that needs to be entered in the text field.

  6. Click Continue after entering the Response Code.

At this point the application installation should be able to continue.

Privilege Manager Offline Approval

The following procedures provides detailed steps about the offline approval process in the Privilege Manager UI.

  1. Navigate to Admin | Tools | Offline Approval.

  2. Click Select… and search to access the list of Computers with open offline approval requests.

    Offline Approval

  3. Verify the customer's name is in the list.

  4. Select the customer's computer from the list and click the Select button.

    Generate Request Code

  5. Enter the Request Code provided by the customer and click Generate Response Code.

  6. Read the Response Code back to the customer to enter at the endpoint.