Is it feasible to implement three levels of approval for access requests?

Implementing three levels of approval for access requests is indeed feasible, and one effective way to accomplish this is by involving an access owner, a manager, and a group assigned to the request. This multi-tiered approval process enhances the security and governance posture of an organization by ensuring that access requests undergo thorough scrutiny from multiple stakeholders.

The access owner typically has in-depth knowledge of the resources being requested, while the manager can provide insights on the business needs and operational requirements. The additional layer of a group assigned ensures collective consideration and risk management, as it reflects a collaborative decision-making approach. This level of granularity in the approval process mitigates the risks of unauthorized access and aligns with best practices in identity governance.

While there are other options suggesting limitations to the approval levels, the design of many modern identity governance solutions, including SailPoint Identity Now, supports flexible configurations that can accommodate such multi-level approval processes to align with organizational policies and compliance requirements.