Skip to main content
Skip table of contents

Enabling Maker Checker

Maker checker control enables the administrator to enforce dual control for provisioning any new asset, user or account in the system. Once enforced, transactions for addition and update requires two or more people to enter and approve. This helps in reducing errors and misuse in critical production environments. Workflows are enforced to enable need-based access to passwords and direct access. It's essential to define the scope of what a user can view to request access. Limiting a scope can be defined by leveraging the Access Request Scope feature of the User Access Policy. For example, a vendor user who may need access to only windows servers should not be able to raise an access request for Unix or databases. See the sections below:


In case of conflicting Maker Checker workflow rules, the system applies the latest rule which was created 

Steps to enable maker-checker policy for creating and updating Users

  • Login to the system and select Platform Configuration from the product navigator.
  • Select "Configure" under the Workflow Management section.

  • Click on the "+ Add Workflow" button.

  • Rule name: Specify an appropriate name for the rule which will define your workflow. The name should be unique and instance-specific.

  • Description: Enter a unique descriptive title for your workflow rule.

  • Levels: Define the number of levels required for an approval workflow.

  • Request type: Selecting User Management is mandatory. Not selecting it will not let you save the workflow rule.

  • Schedule time: Select any if you would like a rule enforced any time of the day, or select the time window you want to enable.

  • Custom which lets you select the Approvers of this request or Direct Manager based on active directory configuration which selects the Approver as the manager of the AD.

  • Approvers: Add the list of Users that are to be assigned as approvers.
  • Status: By default, any workflow rule request is enabled as Active.

Steps to enable maker-checker policy for creating and updating accounts and/or assets

  • Login to the system and select PAM from the product navigator.
  • Navigate to the "Policies" option in the navigation bar.
  • Select "Configure" under Workflow Management from the sidebar.

  • Click on the "+ Add Workflow" button.

  • Rule name: Specify an appropriate name for the rule which will define your workflow. The name should be unique and instance-specific.

  • Description: Enter a unique descriptive title for your workflow rule.

  • Rule type: Select Maker Checker.

  • Levels: Define the number of levels required for an approval workflow.

  • Request type: Select Asset or Account Management or both.

  • Schedule time: Select any if you would like a rule enforced any time of the day, or select the time window you want to enable.

  • Workflow Type: It is the type of Approver you need to select as you configure the workflow. Custom which lets you select the Approvers of this request or Direct Manager based on active directory configuration which selects the manager of the AD as the approver of the workflow.

  • Approvers: Add the list of Users that are to be assigned as approvers.
  • Status: By default, any workflow rule request is enabled as Active.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.