Configure reviewers
Learn how to configure required reviewers for access requests.
All resources and groups in Opal can be requestable with configurable approval options and reviewers. Use this guide to learn how admins can configure the reviewers of access requests.
Owners
Owners are users who can be:
- Reviewers: Users who can review and approve access requests
- Admins: Users who can manage the full configuration of policies for resources and groups
You can manage owners from the Inventory > Owners tab. There, you can find the following settings for reviewers:
- Reviewer Escalation Policy:
- Notify everyone: As the default option, Opal notifies all required reviewers at once. Opal requires just one approval from all required reviewers to complete the request.
- Reviewer escalation policy: Once configured, Opal creates an explicit escalation order. In this example, Opal notifies the first reviewer. After the escalation time has passed, Opal notifies the next reviewer, and so on.
-
Linked reviewer Slack channel: Opal creates a channel that receives a message for every access request.
-
Source group: Opal keeps the user list for this owner synchronized with a group of your choice. You can still edit the escalation path in the Users tab, but you can't add or remove users from this owner directly.

Approval workflows
For resources and groups, the Request Configuration section gives admins an overview of the approval logic. You can create multiple request configurations if you want to apply different approval logic for different requesting users, groups, or roles.

Custom notification text
To send users notifications when they are approved for resources or groups, check the Include custom notification text with approvals checkbox in the request configuration or template, then specify a custom message.
Approval flow
In the Approval Flow section, admins can:
- Set approval logic to Auto-Approve. When this setting is enabled, access requests are automatically approved.

- Configure an Approval Workflow.
-
There can be up to three stages of approvals.
-
Within each stage, approvers can be the resource's Manager or Owner.
-
If multiple approvers are selected, admins can choose to require All or Any reviewers.
- All: All reviewers must approve the access request to proceed to the next stage. This is AND logic.
- Any: Any reviewers can approve before the access request proceeds to the next stage. This is OR logic.
Updated 13 days ago