Skip to main content

Use Cases for Auth Manager

Real-World Scenarios

Use Case 1: Presales Person Function

Scenario

A new presales employee needs access to multiple systems and applications. Instead of manually assigning permissions in each system, create a "Presales Person" template that bundles all required groups and roles.

Solution

  1. Create Template: "Presales Person"

    • CRM Application: Group sales-team with role presales
    • Product Catalog: Group product-access with role viewer
    • Regional Access: Group regional-west with role member
    • Demo Environment: Group demo-environment with role tester
    • Collaboration Tools: Group sales-collab with role contributor
    • Approval: PARALLEL_ONE (sales manager can approve)
    • Requestors: HR team (group filter)

  2. Request Access: HR creates request for new employee

    • Target: New employee user ID
    • Valid From: Start date
    • Reason: "New presales employee onboarding"

  3. Approval: Sales manager approves request

  4. Automatic: All 5 groups with their roles are assigned simultaneously

Benefits

  • One request grants access to 5 different systems
  • No manual configuration in each application
  • Consistent access for all presales employees
  • Fast onboarding - access ready on first day

Use Case 2: Project Manager Function

Scenario

A project manager needs access to multiple systems: project management tools, financial systems, collaboration platforms, and reporting dashboards. Create a template that bundles all required access.

Solution

  1. Create Template: "Project Manager"

    • Project Management: Group pm-tools with role manager
    • Financial System: Group finance-access with role viewer
    • Collaboration: Group team-collab with role admin
    • Reporting: Group reports-dashboard with role analyst
    • Documentation: Group doc-repository with role editor
    • Approval: SEQUENTIAL_ALL (Department Head → IT Security)
    • Requestors: HR or Department Heads

  2. Request Access: Department Head creates request

    • Target: Employee user ID
    • Valid From: Role start date
    • Reason: "Promotion to Project Manager role"

  3. Approval Flow: Department Head approves → IT Security approves

  4. Automatic: All 5 systems get access configured simultaneously

Benefits

  • Complete access profile in one request
  • Multi-system access without manual setup
  • Consistent permissions across all project managers
  • Audit trail for compliance

Use Case 3: Regional Sales Lead Function

Scenario

A regional sales lead needs access to multiple systems: CRM, regional databases, location access systems, and regional reporting tools. Bundle all regional permissions into one template.

Solution

  1. Create Template: "Regional Sales Lead - West"

    • CRM System: Group sales-crm with role regional-lead
    • Regional Database: Group west-region-db with role admin
    • Location Access: Group west-offices with role access-granted
    • Reporting Tools: Group regional-reports with role viewer
    • Customer Portal: Group customer-portal-west with role manager
    • Approval: SEQUENTIAL_ALL (Regional Director → Sales VP)
    • Designated Users: Only users in west-region group

  2. Request Access: Regional Director creates request

    • Target: Employee user ID
    • Valid From: Role start date
    • Reason: "Promotion to Regional Sales Lead - West"

  3. Approval Flow: Regional Director approves → Sales VP approves

  4. Automatic: All 5 systems configured with appropriate access levels

Benefits

  • Location-based bundling of all regional permissions
  • Multi-system access in one approval
  • Consistent access for all regional leads
  • Geographic restrictions enforced via designated users

Use Case 4: Temporary Contractor Function

Scenario

A contractor needs temporary access to multiple systems for a 3-month project: development environment, project management tools, documentation system, and collaboration platform. Bundle all project access into one time-limited template.

Solution

  1. Create Template: "Contractor - Development Project"

    • Dev Environment: Group dev-project-alpha with role developer
    • Project Management: Group pm-project-alpha with role contributor
    • Documentation: Group docs-project-alpha with role viewer
    • Collaboration: Group collab-project-alpha with role member
    • Code Repository: Group repo-project-alpha with role contributor
    • Approval: PARALLEL_ONE (project manager can approve)
    • Valid Until: Project end date (3 months)

  2. Request Access: Project manager creates request

    • Target: Contractor user ID
    • Valid From: Project start date
    • Valid Until: Project end date
    • Reason: "3-month development project - Project Alpha"

  3. Approval: Project manager approves

  4. Automatic: All 5 systems get access, automatically revoked after 3 months

Benefits

  • Complete project access in one request
  • Automatic expiration prevents orphaned access
  • Multi-system setup without manual configuration
  • Time-bound access for temporary workers

Use Case 5: Compliance Access Reviews

Scenario

Company needs quarterly access reviews. Managers review and approve/revoke access for their team members.

Solution

  1. Create Template: "Quarterly Access Review"

    • Groups: Various department groups
    • Approval: PARALLEL_ALL (all managers must approve)
    • Valid Until: End of quarter

  2. Bulk Requests: System creates requests for all team members

  3. Review: Managers review and approve/reject

  4. Automatic: Approved access expires at quarter end, requires renewal

Benefits

  • Regular access reviews for compliance
  • Automated expiration forces re-approval
  • Complete audit trail for auditors

Use Case 6: Onboarding New Employees

Scenario

New employee joins company. HR creates access request, and multiple departments need to approve before employee gets access.

Solution

  1. Create Template: "New Employee Onboarding"

    • Groups: employees, department-specific
    • Roles: Based on job function
    • Approval: SEQUENTIAL_ALL (IT → Security → Department Head)
    • Requestors: HR team (group filter)

  2. Request: HR creates request for new employee

  3. Approval Chain:

    • IT approves system access
    • Security approves security clearance
    • Department Head approves role-specific access

  4. Access: Employee gets all permissions on start date

Benefits

  • Streamlined onboarding process
  • All approvals in one workflow
  • Access ready on first day

Use Case 7: Vendor Access Management

Scenario

External vendor needs temporary access to specific systems. Vendor manager requests, and internal security team approves.

Solution

  1. Create Template: "Vendor Access"

    • Groups: vendor-access, Roles: external-user
    • Approval: SEQUENTIAL_ALL (Vendor Manager → Security)
    • Valid Until: Vendor contract end date
    • Designated Users: Vendor user group only

  2. Request: Vendor manager creates request

  3. Approval: Security team reviews and approves

  4. Expiration: Access automatically expires when contract ends

Benefits

  • Controlled vendor access
  • Automatic expiration prevents security risks
  • Clear approval process

B2B Use Cases

Use Case 8: Partner Portal Access

Scenario: A business partner needs access to your partner portal with multiple capabilities: order management, product catalog, support tickets, and marketing resources.

Solution:

  1. Create Template: "Partner - Gold Tier"

    • Order Management: Group partner-orders with role gold-tier
    • Product Catalog: Group partner-catalog with role viewer
    • Support Portal: Group partner-support with role standard
    • Marketing Resources: Group partner-marketing with role downloader
    • Analytics Dashboard: Group partner-analytics with role viewer
    • Approval: PARALLEL_ONE (Partner Manager can approve)
    • Designated Users: Only users in partner organization groups

  2. Request Access: Partner Manager creates request for partner employee

    • Target: Partner employee user ID
    • Valid From: Partnership start date
    • Reason: "New partner employee - Gold tier access"

  3. Approval: Partner Manager approves

  4. Automatic: All 5 partner portal systems get access configured

Benefits:

  • Complete partner access in one request
  • Tier-based permissions (Gold, Silver, Bronze)
  • Multi-system setup for partner ecosystem
  • Controlled access via designated users

Use Case 9: Supplier Procurement Access

Scenario: A supplier needs access to your procurement system, inventory management, and order tracking. Different suppliers need different access levels.

Solution:

  1. Create Template: "Supplier - Standard Access"

    • Procurement System: Group supplier-procurement with role supplier
    • Inventory Portal: Group inventory-view with role viewer
    • Order Tracking: Group order-tracking with role tracker
    • Invoice System: Group invoice-portal with role submitter
    • Approval: PARALLEL_ONE (Procurement Manager → Finance)
    • Valid Until: Supplier contract end date

  2. Request Access: Procurement Manager creates request

    • Target: Supplier user ID
    • Valid From: Contract start date
    • Valid Until: Contract end date
    • Reason: "New supplier onboarding - Standard access"

  3. Approval Flow: Procurement Manager approves → Finance approves

  4. Automatic: All procurement systems configured, access expires with contract

Benefits:

  • Supplier ecosystem access bundled together
  • Contract-based expiration prevents orphaned access
  • Multi-department approval for security
  • Automated access management

Use Case 10: Integration Partner Access

Scenario: An integration partner needs API access, developer portal, documentation, and sandbox environment for testing integrations.

Solution:

  1. Create Template: "Integration Partner - Developer"

    • API Access: Group api-partners with role developer
    • Developer Portal: Group dev-portal with role member
    • Documentation: Group api-docs with role viewer
    • Sandbox Environment: Group sandbox-env with role tester
    • Support Channel: Group partner-support with role priority
    • Approval: SEQUENTIAL_ALL (Partner Manager → Technical Lead)
    • Requestors: Partner managers (group filter)

  2. Request Access: Partner Manager creates request

    • Target: Developer user ID
    • Valid From: Integration project start
    • Valid Until: Project completion date
    • Reason: "Integration development - API access required"

  3. Approval Flow: Partner Manager approves → Technical Lead approves

  4. Automatic: All developer tools and environments configured

Benefits:

  • Complete developer access for integration partners
  • Time-bound access for project duration
  • Multi-tool setup in one approval
  • Secure partner ecosystem

B2C Use Cases

Use Case 11: Family Account Management

Scenario: Parents want to manage their children's access to streaming services, gaming platforms, and educational apps. Children can request access, and parents approve.

Solution:

  1. Create Template: "Family - Child Access"

    • Streaming Service: Group family-streaming with role child-viewer
    • Gaming Platform: Group family-gaming with role limited-player
    • Educational Apps: Group family-education with role learner
    • Parental Controls: Group parental-controls with role monitored
    • Approval: PARALLEL_ONE (First parent to approve)
    • Requestors: Children's user IDs (actorSubs)
    • Approvers: Parents' user IDs (actorSubs)
    • Valid Until: End of day (temporary access)

  2. Request: Child requests access

    • Target: Child's own user ID
    • Valid Until: End of day
    • Reason: "Watch movie XYZ"

  3. Approval: Parent receives notification and approves

  4. Automatic: Access granted until end of day, then automatically revoked

Benefits:

  • Parental oversight without constant monitoring
  • Time-bound access prevents overuse
  • Self-service reduces parent workload
  • Multi-service access in one approval

Use Case 12: Subscription Service Tiers

Scenario: A consumer subscribes to a premium service tier that includes access to multiple features: premium content, advanced analytics, priority support, and exclusive features.

Solution:

  1. Create Template: "Premium Subscription Tier"

    • Premium Content: Group premium-content with role subscriber
    • Advanced Analytics: Group analytics-premium with role viewer
    • Priority Support: Group support-priority with role member
    • Exclusive Features: Group exclusive-features with role access
    • Mobile App Premium: Group mobile-premium with role user
    • Approval: PARALLEL_ONE (Payment system auto-approves)
    • Requestors: Self-request enabled (self: true)

  2. Request Access: User upgrades subscription

    • Target: User's own ID
    • Valid From: Subscription start date
    • Valid Until: Subscription end date
    • Reason: "Premium subscription upgrade"

  3. Auto-Approval: Payment confirmation triggers automatic approval

  4. Automatic: All premium features activated, access expires when subscription ends

Benefits:

  • Complete premium access in one request
  • Automatic activation upon payment
  • Subscription-based expiration
  • Multi-feature access bundled together

Use Case 13: Personal Account Sharing

Scenario: A user wants to share access to their account with a family member for specific services: photo storage, music library, and calendar sharing.

Solution:

  1. Create Template: "Family Sharing - Limited Access"

    • Photo Storage: Group photo-sharing with role viewer
    • Music Library: Group music-sharing with role listener
    • Calendar: Group calendar-sharing with role viewer
    • Approval: PARALLEL_ONE (Account owner approves)
    • Requestors: Account owners (group filter)
    • Valid Until: Sharing period end date

  2. Request Access: Account owner creates request

    • Target: Family member user ID
    • Valid From: Sharing start date
    • Valid Until: Sharing end date
    • Reason: "Family sharing - Limited access"

  3. Approval: Account owner approves

  4. Automatic: All shared services configured, access expires when period ends

Benefits:

  • Controlled account sharing
  • Time-limited sharing for security
  • Multi-service sharing in one request
  • Easy revocation via expiration

Use Case 14: Service Provider Access (Streaming/Gaming)

Scenario: A user subscribes to a streaming service that includes access to multiple platforms: video streaming, music streaming, gaming, and cloud storage.

Solution:

  1. Create Template: "All-Access Subscription"

    • Video Streaming: Group video-streaming with role premium
    • Music Streaming: Group music-streaming with role premium
    • Gaming Platform: Group gaming-access with role member
    • Cloud Storage: Group cloud-storage with role subscriber
    • Mobile Apps: Group mobile-apps with role premium-user
    • Approval: Auto-approve on payment confirmation
    • Requestors: Self-request enabled

  2. Request Access: User subscribes to all-access plan

    • Target: User's own ID
    • Valid From: Subscription start
    • Valid Until: Subscription end
    • Reason: "All-access subscription"

  3. Auto-Approval: Payment system confirms and approves

  4. Automatic: All platforms activated simultaneously

Benefits:

  • Complete service bundle in one subscription
  • Multi-platform access activated together
  • Automatic setup upon payment
  • Unified access management

Common Patterns

Pattern 1: Function-Based Templates

  • Bundle multiple groups/roles representing job functions
  • Examples: "Presales Person", "Project Manager", "Regional Lead"
  • Single template grants access across multiple applications
  • Use for: Standard enterprise positions

Pattern 2: Multi-Application Access

  • Template includes groups from different applications/systems
  • CRM, ERP, collaboration tools, reporting dashboards
  • Single request configures all systems
  • Use for: Cross-system access requirements

Pattern 3: Location-Based Bundling

  • Bundle location-specific permissions together
  • Office access, regional systems, location-based applications
  • Use designatedUsers to restrict by location
  • Use for: Regional or location-specific roles

Pattern 4: Time-Bound Functions

  • Set validUntil for temporary access profiles
  • Bundle all project/contractor permissions
  • Automatic expiration when period ends
  • Use for: Projects, contractors, temporary assignments

Pattern 5: Role Transitions

  • Create templates for new positions
  • Request new function when employee changes roles
  • Old permissions can be revoked, new ones granted
  • Use for: Promotions, role changes, department transfers

← Back to Auth Manager