Access Requests
Access requests are the core break-glass workflow. They provide a consistent, auditable way to request emergency access to a credential.
Create a request
- Go to Requests.
- Click New Request.
- Select a credential.
- Enter a Reason.
- Optionally add an Incident Reference (for example,
INC-1234). - Click Submit Request.
A RequestCreated audit event is recorded.
Monitor active emergencies
The Requests page highlights Active Emergencies when there are approved requests that have not yet expired.
This gives responders and auditors a quick view of who currently has time-bounded emergency access, and when it expires.
Approve or deny a request
Only users with the Approver role (or Admin) can approve or deny.
- Open the request detail page.
- Choose an access duration:
- 1 hour
- 4 hours
- 24 hours
- Click Approve or Deny.
Approvals set an expiry time. After approval:
- The request appears as Active until the expiry time.
- After expiry, it appears as Expired.
Close a request
Only the requester (or an admin) can close an approved request.
- Open the request detail page.
- Fill in What did you do? (post-use notes).
- Optionally check Credential rotated after use.
- Click Close Request.
Closing a request writes a RequestClosed audit event.
Notifications
If SMTP is configured, AccessLedger can send:
- Request created notifications to approvers and admins
- Request approved/denied notifications to the requester (and admins)
- Request closed notifications to the approver (and admins)
- Expiry reminders based on the organization notification settings