title: Requesting Access category: Access Catalog tags: access-request, workflow, approval, tracking priority: Normal
Requesting Access
This guide walks end users through the process of requesting access to resources through the IdentityCenter Access Catalog. The catalog provides a self-service portal where you can browse available resources, submit requests with justification, and track the status of your requests through the approval process.
Prerequisites
Before requesting access, ensure that:
- You have an active IdentityCenter account (authenticated via your organization's identity provider)
- Your identity has been synced from Active Directory
- The resource you need is published in the Access Catalog
Step 1: Browse or Search for a Resource
Using the Search Bar
- Navigate to /catalog
- Type the name of the resource, application, or group you need in the search bar
- Results update as you type, showing matching resources across all categories
Browsing by Category
- From the catalog home page, select a category tile (e.g., IT Infrastructure, Applications, Security)
- Browse the resources within that category
- Use the filters on the left sidebar to narrow results:
| Filter | Options |
|---|---|
| Risk Level | Low, Medium, High |
| Resource Type | AD Group, Business Role, Application |
| Availability | Resources you do not already have |
Tip: Use the "Availability" filter to hide resources you already have access to. This keeps the catalog focused on what you can actually request.
Step 2: View Resource Details
Click on any resource to open its detail page. Review the following information before requesting:
| Field | Description |
|---|---|
| Name | The resource name |
| Description | What access this resource provides and who typically needs it |
| Category | The organizational category (IT, Finance, Security, etc.) |
| Risk Level | Low, Medium, or High -- indicates the sensitivity of the access |
| Approval Requirements | How many approvers and what type (manager, security, etc.) |
| Current Members | How many people already have this access |
| Estimated Approval Time | Typical turnaround based on SLA configuration |
| Owner | The designated resource or application owner |
Understanding Risk Levels
| Risk Level | What It Means for You |
|---|---|
| Low | Standard access -- typically approved by your manager within 1-2 business days |
| Medium | Elevated access -- may require manager and resource owner approval |
| High | Privileged or sensitive access -- requires multi-level approval including security review; detailed justification is required |
Step 3: Submit an Access Request
- From the resource detail page, click Request Access
- Fill in the request form:
| Field | Required | Description |
|---|---|---|
| Justification | Yes | Explain why you need this access and how it relates to your job responsibilities |
| Duration | Depends | Some resources allow permanent access; others require a time-limited request |
| Start Date | No | Optionally schedule access to begin on a future date |
| Additional Notes | No | Any context that may help approvers make a decision |
Writing an Effective Justification
A well-written justification speeds up the approval process. Include:
- What you need the access for -- Describe the specific task, project, or responsibility
- Why you need it now -- Explain the business context or deadline
- How long you will need it -- If temporary, state the expected duration
Good example:
I need access to the Azure DevOps Admin group to manage build pipelines for the Q1 2026 infrastructure migration project. This project runs through March 2026. My manager Bob Jones has confirmed this requirement.
Poor example:
I need this access for my job.
- Click Submit Request
- A confirmation message appears with your request tracking number
Step 4: What Happens Next
After submission, your request enters the approval workflow assigned to that resource.
Approval Flow
[You Submit Request]
|
v
[Workflow Triggered]
|
v
[Approver 1 Notified] --> Approve --> [Approver 2 Notified] --> Approve --> [Provisioned]
| |
v v
Deny --> [You Are Notified] Deny --> [You Are Notified]
What Approvers See
Approvers receive an email notification with:
- Your name and department
- The resource you requested
- Your justification
- The resource risk level
- A link to approve or deny the request
Approvers may also add comments explaining their decision, which are visible to you on the MyRequests page.
Step 5: Track Your Request
MyRequests Page
Navigate to /catalog/my-requests to see all of your access requests.
Request Statuses
| Status | Icon | Description |
|---|---|---|
| Pending Approval | Clock | Waiting for one or more approvers to respond |
| Approved | Checkmark | All approvals received; provisioning in progress |
| Provisioned | Green shield | Access has been granted -- you can now use the resource |
| Denied | Red X | One or more approvers denied the request |
| Cancelled | Grey circle | You or an admin cancelled the request |
| Expired | Orange clock | The request timed out before all approvals were received |
Request Detail View
Click on any request to see:
- Current Step -- Which approver is currently reviewing
- Approval History -- Decisions made by each approver with timestamps
- Comments -- Approver comments and notes
- Timeline -- Visual timeline showing the request's journey through the workflow
- SLA Status -- Whether the request is within or approaching its SLA deadline
What to Do if Your Request is Denied
If an approver denies your request:
- Read the denial reason -- Open the request detail to see the approver's comment
- Address the concern -- If the denial was based on insufficient justification, prepare a stronger one
- Resubmit -- Click Resubmit on the denied request to create a new request with updated information
- Contact your manager -- If you believe the denial was in error, discuss with your manager before resubmitting
- Request an alternative -- If the specific resource was denied, check if a lower-privilege alternative exists in the catalog
Common Denial Reasons
| Reason | What to Do |
|---|---|
| Insufficient justification | Resubmit with a detailed explanation of the business need |
| Access not appropriate for role | Verify with your manager that this access is needed; have them confirm in the justification |
| Duplicate access | Check if you already have equivalent access through another group or role |
| Temporary access required | Resubmit with a specified duration instead of permanent access |
| Higher approval needed | The approver may have delegated upward; wait for the next approver |
Request Expiration and Renewal
Time-Limited Access
Some resources are configured for time-limited access. When your access is approaching its expiration:
- You receive a notification 7 days before expiration
- Navigate to MyRequests and find the expiring access
- Click Renew to submit a renewal request
- Provide updated justification for continued access
- The renewal goes through the same approval workflow
Renewal vs. New Request
| Scenario | Action |
|---|---|
| Access expiring, still needed | Click Renew on the existing request |
| Access expired, need it again | Submit a new request from the catalog |
| Need to upgrade access level | Submit a new request for the higher level |
| Access no longer needed | Let it expire or click Relinquish to remove it early |
Requesting on Behalf of Others
Managers can submit requests on behalf of their direct reports:
- Navigate to the catalog
- Select the resource
- Click Request for Another User
- Select the team member from your direct reports
- Provide justification
- Submit the request
The approval workflow proceeds as normal, with the manager noted as the requester on behalf of the end user.
Best Practices
- Search before requesting -- Verify you do not already have the access through an existing group or role
- Write detailed justifications -- Reduce back-and-forth and denial rates with clear explanations
- Request only what you need -- Follow the principle of least privilege
- Monitor your requests -- Check MyRequests regularly for updates or required actions
- Renew proactively -- Do not wait until the last day to renew expiring access
- Relinquish unused access -- If you no longer need access, remove it before the next review
Next Steps
- Access Catalog Overview -- Understand the full catalog system
- Business Roles -- Learn about bundled role-based access
- Workflow Designer -- How approval workflows are built
- Escalation & SLA Tracking -- What happens if approvers are slow
- Access Reviews Overview -- Periodic review of your granted access