Today, we’re announcing the launch of conditional approvals – now available on V1.0.477
Opal enables security teams to enforce powerful access policies that are easy to implement and scale across the organization. For example, companies can mandate that sensitive applications require multi-stage approvals, 2FA, and maximum request durations.
However, applying universal policies on resources does not take the requester's context into consideration. Enterprises need additional flexibility and want to set different approval policies depending on the requester's team or role. Ultimately, this enables companies to be more productive and secure. Administrators can implement more dynamic policies – streamlining or elevating security configurations based on additional context.
Here are use cases that we have heard from our customers:
1. Opal admins can navigate to Resources and click on Edit to manage Request Configurations. All resources will start with the default condition – policies that will apply to all users in your organization.
2. By clicking on add a new configuration, Opal admins can select the group that they want the configuration to apply to. Opal ingests a wide variety of group providers, such as Okta, AzureAD, LDAP, Google Groups, and more.
3. If there are multiple conditions, Opal admins can also configure the order of the conditional approvals in which they are applied. Employees are subject to the first matching configuration if they are part of multiple groups. For example, if an employee is part of both DevOps Group and Engineering, they will be subject to the policies applied on the DevOps Group since it is the first in the configuration order.
Opal is the unified identity platform for modern enterprises. Opal aggregates identity and access data to provide visibility and defense-in-depth infrastructure for mission-critical systems. Enterprises can discover anomalous identity risks with the product and remediate them in minutes. The world's best companies trust Opal to govern and adapt sensitive access.
Want to see it yourself? Contact firstname.lastname@example.org or book a meeting here for a personalized demo.