Dual approval [beta]

Use dual approval to add a layer of oversight to critical processes. Dual approval is a security and governance feature that requires two separate individuals to review and approve a critical action or data change before it's finalized. One person initiates the request and a second person reviews and approves it. This process helps to prevent errors and unauthorized changes and reduce fraud.

Dual approval is also known as the maker/checker model, where the maker (requester) initiates the change request, and the checker (approver) reviews and authorizes it.

👍

[beta]

This feature is in beta, giving you early access to explore its capabilities and share feedback. Note that the functionality and API contracts might change before the production release. For more information or to join the beta program, contact your Pismo representative.

Your company must opt-in to use dual approval. It's available for these Control Center processes:

Your access profile determines what information is visible to you and what actions you can perform using the dual approval feature. The profile is a collection of roles assigned to your user account, which are based on tasks you need to perform.

  • A requester is anyone with permissions to make the functional change, such as editing a parameter.
  • An approver must have the approver role for the specific type of change.
  • A viewer can view request details, but they can't make changes, submit requests, or provide approval. They also don't get notifications when the request changes status.

The roles needed to use dual approval are:

Request typeRequester rolesApprover rolesViewer roles
Make a single adjustment to an account
  • Accounts operator
  • Backoffice operator
Backoffice approver
  • Accounts viewer
  • Backoffice viewer
  • Collections analyst
Edit a program parameter
  • Setup operator
  • Admin
Setup approver
  • Setup viewer
  • Auditor

From Control Center, depending on your role, you can do the following:

For answers to the most common questions, refer to Frequently asked questions.

Send a request for approval

When you make a change that requires dual approval, Control Center displays a message prompting you to send the request for approval. The change doesn't take effect until it's approved. Throughout the approval process, Control Center sends status notifications to keep everyone informed. For more information, refer to View requests.

Following is an example of the message for a single-adjustment request. Other types of requests display similar messages, though not exactly like this example.

Message prompting you to send a request for approval

📘

Program parameter updates temporarily blocked

To avoid conflicting changes, Pismo blocks updates to a program parameter while an approval request is under review. Once the request is approved or rejected, you can make other program parameter changes.

Cancel a request

You can cancel your own requests that are in Pending status. When you cancel a request, all potential approvers are notified and the request history is updated.

To cancel a request:

  1. From the main menu, select Users & permissions > Dual approval.
  2. On the Dual approval screen, select the pending request you want to cancel.
  3. On the Request details screen, select Cancel request and confirm.

Approve or reject a request

When someone submits a request for your approval, you can open the request in several ways. Use the following dialog to either approve or reject it.

Dialog box for approving and rejecting requests

Notifications

From the Notification menu (the bell icon on the home page header), you get a message that a request needs your approval.

  1. In the notification, select the link to open the request.
  2. In the Request overview dialog, select Approve or Reject.

Dual approval menu

Find all pending requests from the dual approval menu by doing the following:

  1. From the main menu, select Users & permissions > Dual approval.
  2. On the Dual approval screen, select the pending request.
  3. In the Request overview dialog, select Approve or Reject.

Single adjustment requests

For single adjustment requests only, do the following:

  1. From the main menu, select Customer operations > Accounts.
  2. Search for the user that submitted the request and select their account.
  3. Select the Requests & approvals tab, and then select the pending request.
  4. In the Request overview dialog, select Approve or Reject.

View requests

Control Center sends status notifications as requests move through the approval process. We also maintain detailed history for your reference.

The request statuses are as follows:

  • Pending—Request was submitted and is awaiting approval
  • Canceled—Requester withdrew the request
  • Approved—Approver approved the request
  • Rejected—Approver rejected the request
  • Error—Request failed due to an error

You can view requests and their status in several ways, as described in the following sections.

Notifications

Depending on your role, from the Notification menu (the bell icon on the home page header), you get a message when a request changes status. Select the link to open the the request for more details.

Dual approval menu

Find all requests from the dual approval menu by doing the following:

  1. From the main menu, select Users & permissions > Dual approval.
  2. On the Dual approval screen, select the pending request. The status of the request displays at the top of the screen, and the history is at the bottom.

Single adjustment requests

To view single adjustment requests, select Customer operations > Accounts > select account > Requests & approvals tab > select pending request.

Program parameter requests

To view program parameter requests, select Configurations > Programs > select program > Parameters tab > select pending parameter > select configuration request link on the modal.

Frequently asked questions

Question: What happens if the approver is not available to review the request?

Answer: The approver is an assigned role and not a specific person. You should assign multiple people to the approver role so that anyone with the role can review the request.


Question: Is there a report that tells me if there are old requests?

Answer: No, but you can filter the Dual approval page by status and date to view pending requests older than 7 or 30 days.