Skip to main content

Example: Configure escalation

This example shows you how to configure escalation to occur 10 seconds after a request is issued if the original authorizer has not responded. The escorgchart.pss plug-in will use the OrgChart to escalate to the original authorizer’s direct manager. It then shows the effect of the configuration when submitting a request. Note that this is not a realistic time period; it is for demonstration only.

Requirements

This use case assumes:

  • Bravura Workforce Pattern is installed.

  • There is an Active Directory target system set up as a source of profiles.

  • The Active Directory target system is configured to create the OrgChart based on the manager attribute.

  • User CELESH is the manager of the IT-DB-READWRITE group.

  • The OrgChart looks something like this illustration , where user CELESH reports to LESLIP, who reports to CORDEH, who reports to HANKB, who reports to BRYANW.

Figure 1. Orgchart escalation example
Orgchart escalation example


Click below to view a demonstration:

Configure escalation

To configure Bravura Security Fabric to use escalation:

  1. Log in to the Bravura Security Fabric Front-end (PSF) as superuser .

  2. Click Manage the system > Workflow > Options > Escalation .

  3. Enter the following values:

    ESCALATION PLUGIN escorgchart.pss

    ESCALATION TIMEOUT 10

    lab-escalation-options

  4. Click Update.

You have now configured escalation.

Issue a request

As an end user, issue a request to join the IT-DB-READWRITE group, which must be approved by the group’s manager:

  1. Log in to the Front-end (PSF) as BILLIG.

  2. Click View and update profile in the MY PROFILE section.

  3. Click Change group membership near the bottom of the page.

  4. Search for and select the IT-DB-READWRITE group.

  5. Click Submit.

  6. View the request.

    The Requests app opens.

    lab-escalation-details

    Bravura Security Fabric has issued the request and is waiting on approval from CELESH.

  7. Wait 10 seconds.

  8. View request details and authorizers.

    After every 10 seconds the request will show CELESH’s authorization delegated further and further up the management chain in the order: LESLIP, CORDEH, HANKB, and BRYANW.

    Even after the request authorization is escalated up several levels of management, any one of the original authorizers or new authorization escalates can approve the request. In this case, CELESH, LESLIP, CORDEH, HANKB, and BRYANW all have the ability to approve/deny the request.

    lab-escalation-delegates

  9. Open the Mail folder in the <Program Files path>\Bravura Security\Bravura Security Fabric\Logs\<instance> directory.

    You should see e-mail messages sent to BILLIG and CELESH when the request was issued labeled with " Request submitted ..." and " Please approve ...", respectively. Additional messages are shown to have been sent in order to LESLIP, CORDEH, HANKB, and BRYANW with the subject line of " Escalation ..." when the request was escalated every ten seconds after.

Act as a delegate

Open a new tab and as CORDEH, approve the request on behalf of the group’s manager:

  1. Log in to the Front-end (PSF) as CORDEH

  2. Click the link: There are 1 request(s) awaiting your approval as a delegate.

  3. Select the request.

    lab-escalation-actas

  4. Click Approve.

    Confirm the action by clicking Approve again.

  5. Return to the browser tab where BILLIG is logged in.

  6. Click Refresh 2130.png to view the request details.

    You can now see that the request has been approved and processed.

    lab-escalation-approved
Update escalation timeout

Now that you have seen how escalation works, the escalation timeout will be adjusted to a more realistic value of one hour.

  1. Log in to the Bravura Security Fabric Front-end (PSF) as superuser.

  2. Click Manage the system > Workflow > Options > Escalation .

  3. Change the ESCALATION TIMEOUT to 3600.

  4. Click Update.

In this section: