Scope for Request Approvers and Token Distributors

Request Approvers can approve requests under the following conditions.

Type of Request

Approval Conditions


Unassigned authenticators are available within the approver’s scope.

Group Membership

Both the user and group are in the Approver’s scope.

Default Group

Approver has scope for the user, regardless of scope over the group.

Any Request

User must be in the Approver’s security domain.

For Request Approver workflow instructions, see Approve and Reject User Requests.

Token Distributors can only review and close requests in their security domain.

Related Concepts

Provisioning Overview