Overview

Using Console, teams can define repeatable policies that run automatically when employees request access or their status changes.

How app access works in Console

• Access to apps is typically managed through Groups or identity-backed permissions

• Employees can request access through Slack or Teams

• Admin can decide if requests require approval before any changes 

• Once approved, Console executes the access change through your configured integrations

Granting app access

When an employee requests access to an application, Console can:

• Collect required information through a structured request flow

• Route the request to the correct approver (app owner, manager, or IT)

• Automatically grant access once approval is received 

• Record the action for future visibility and auditing purposes

App access in Console is managed through Access Policies which define approvals and allowed actions.

Removing app access

Console also supports removing access when it is no longer needed. Removal workflows follow the same patterns as grants:

• Triggered by a request or lifecycle event (e.g. departure from the company)

• Optionally gated by approvals

• Executed automatically via integrations

This helps ensure access is removed consistently and on-time, without relying on manual follow-ups.

Approvals and policy enforcement

To maintain security and compliance, Console allows teams to apply different approval rules per application or group, require approvals before access is changed, and enforce standardized access policy across the organization.

Approval logic is predefined directly through Access Policies and applied automatically to every qualifying request.