Skip to content

Configuration

You can configure and manage the Access Request feature from the Configuration page. This page is available only to Hire2Retire Admins and Editors.

From this page, you can enable or disable access requests, link an Identity Provider (IdP), define approvers, and control which entitlements or applications are available for users to request.

Entitlement requests are automatically fulfilled by Hire2Retire once approved. Application requests are fulfilled only after an admin or approver approves them on the Review page.

Linking an Identity Platform

Before configuring access requests, you must link an Identity Platform.

Select Identity Platform

You will see a list of all configured IdP connections for your organization. You can select one IdP connection, which will be used to:

  • Fetch groups available for requesting
  • Identify group owners
  • Resolve approvers and user details

When no IdP is selected: - You will see the label Link Identity Platform

No IdP

You can select the connection of your choice across your organization.

The selected IdP is used across the Entitlement Request feature for catalog generation, approvals, and fulfillment.

RoboMQ follows strict security and privacy standards. See our Security and Privacy Policies to learn more about how RoboMQ handles your account access.

Access Request Configuration

After linking an Identity Platform, you can configure the following settings.

Entitlement Request

The Entitlement Request feature in Hire2Retire allows employees to request group memberships. These requests are automatically fulfilled after approval.

Configuration Page

Configure Approvers

You can define who is responsible for approving access requests.

Available reviewer options:

  • Group Owners – Owner(s) of the requested group as defined in the IdP
  • Recipient's Manager – Manager of the recipient if available
  • Individuals – One or more specific users selected by you

The selected reviewer strategy is applied to all access requests.

Group availability in access requests

Group Availability

You can control which groups are visible and available for requesting.

You can choose one of the following options:

  • Exclude Selected Groups: Selected groups are hidden from the access catalog

  • Only Selected Groups: Only selected groups are available for requesting

This allows you to restrict access requests to approved or commonly used entitlements.

Fulfillment of Entitlement Requests

Approved entitlement requests are automatically fulfilled by Hire2Retire. Access is retained until one of the following occurs:

  • Employment termination
  • Manual access removal
  • Time-bound expiration (if a time limit is defined)

Application Request

The Application Request feature enables employees to request access to applications listed in the application catalog. Unlike entitlement requests, application access may require manual fulfillment depending on how fulfillment is configured for the application.

Configuration Page

Configure Approvers

Admins can choose who will approve application requests. Available approver options include:

  • At least one Application Owner – Any application owner can approve the request
  • Recipient’s Manager – The manager of the request recipient can approve the request
  • Any one of the individuals – One approver from a defined list can approve

The selected approver strategy applies to all application requests by default. However, this can be overridden for individual applications within the application catalog.

Fulfillment options

Application requests can be fulfilled using one or more fulfillment mechanisms:

  • Email – Sends an email notification to the application owner
  • Service Desk – Creates a ticket in the configured service desk system (for example- Freshservice, Jira etc.)

Admins can select a default fulfillment method, which can be overridden for specific applications if needed.

Application Catalog

Admins can define which applications appear in the application catalog and are available for users to request. This ensures controlled and auditable access to business applications. You can also add more applications to this list using the Add Application button.

Application Catalog

Enable or Disable Access Requests

You can enable or disable the Access Request feature for your organization.

If you disable the Access Request feature, you won’t be able to create new requests. Approvers will not be able to approve or reject requests but can still view all existing requests.

Workflow Compatibility Check

When enabling or updating the Access Request configuration, Hire2Retire validates existing workflows for compatibility with approved access retention.

If one or more workflows are not compatible, you will see a warning message listing the affected workflows for that domain. You must redeploy these workflows to ensure approved access is retained correctly.

Workflow Compatibility Warning