Request Approvers can approve requests under the following conditions.
Type of Request
Unassigned authenticators are available within the approver’s scope.
Both the user and group are in the Approver’s scope.
Approver has scope for the user, regardless of scope over the group.
User must be in the Approver’s security domain.
For Request Approver workflow instructions, see Approve and Reject User Requests.
Token Distributors can only review and close requests in their security domain.