I’m deploying the authorisation workflows for the usual functions in a few environments. We already have a robust role-based access methodology where only privileged accounts have access to the system and a different account (higher privileged) has master rights, no low-level accounts have access to the system.
The issue I can see is that the authorisation workflow sends an email to the privileged users in the groups that I choose to be the authoriser, but none of these users have valid email accounts so won’t get an email notification that there is a request to approve.
Apart from having eyes-on-glass on Command Centre to approve requests what have people done in a similar situation?
All users are authenticated via SAML using AzureAD for MFA so email addresses get synced from there. Perhaps we could have a local account with a Distribution list for all approvers but then the local account would have to be added to the “users who can authenticate” list which would allow a generic account to approve requests which is not desirable.
Would love to hear how this could be accomplished.