Dual approval [beta]
Use dual approval to add a layer of oversight to critical processes. Dual approval is a security and governance feature that requires two separate individuals to review and approve a critical action or data change before it's finalized. One person initiates the request and a second person reviews and approves it. This process helps to prevent errors and unauthorized changes and reduces fraud.
Dual approval is also known as the maker/checker model, where the maker (requester) initiates the change request, and the checker (approver) reviews and authorizes it.
[beta]
This feature is in beta, giving you early access to explore its capabilities and share feedback. Note that the functionality and API contracts might change before the production release. For more information or to join the beta program, contact your Pismo representative.
Your company must opt-in to use dual approval by requesting dual approval for each process where it’s required. Dual approval is available for these Control Center processes:
This guide introduces the principles of dual approval and shows you what actions to take.
- Ensure you have the correct permissions
- Understand notifications
- Become familiar with the status of requests
- Learn what you can do with requests:
- Refer to frequently asked questions for answers to the most common questions
Permissions
Your permissions determine the information that's available to you and the actions that you can perform for dual approval. Permissions are a collection of roles assigned to your user account, based on tasks you need to perform. If you have questions or need your permissions updated, contact your Control Center administrator.
- Send approval requests and view requests—The same permissions you use to make or view changes also apply to dual approval. For example, if you can change a program parameter, you can also request dual approval for that parameter. Similarly, if you can view account changes, you can view dual approval requests for those changes.
- Approve or reject requests—To approve or reject a request, you must have the specific approver role for that request type. Refer to the following table for details.
| Request type | Approver role |
|---|---|
| Edit a program parameter | Setup approver |
| Make a single adjustment to an account | Backoffice approver |
| Change an account status | Backoffice approver |
Notifications
Control Center sends notifications as requests move through the approval process. For example, if you're an approver, you receive notifications when requests require your approval. If you're a requester, you receive notifications when your requests have been approved or rejected.
You can find all your notifications from the notification icon (the bell) in the top-right corner of the header. Select the link in the notification to open a dual approval request, where you'll find more details and actions you can take. For more information about notifications, refer to Notifications.
Status
Control Center displays the current status of each requests and keeps a history of status changes. You can view statuses on the both the Dual approval screen and on the individual request details screens.
The request statuses are:
- Pending—Request was submitted and is awaiting approval
- Canceled—Requester withdrew the request
- Approved—Approver approved the request
- Rejected—Approver rejected the request
- Error—Request failed due to an error
View requests
There are several ways to view requests.
- For requests received through notifications—If your permissions allow, you’ll get a notification when a request’s status changes. Select the link in the notification to open the the request for more details.
- For all requests—To view all requests, from the main menu select Users & permissions > Dual approval > select the pending request.
- For account change requests—To view account change requests (such as single adjustments), from the main menu select Customer operations > Accounts > select the account > Requests & approvals tab > select pending request.
- For program parameter requests—To view program parameter requests, from the main menu select Configurations > Programs > select the program > Parameters tab > select pending parameter > select configuration request link on the modal.
Send requests for approval
When you make a change that requires dual approval, Control Center displays a message prompting you to send the request for approval. The change doesn't take effect until it's approved. Throughout the approval process, Control Center sends status notifications to keep everyone informed.
Following is an example of the message for a single-adjustment request. Other types of requests display similar messages, though not exactly like this example.
Program parameter updates temporarily blocked
To avoid conflicting changes, Pismo blocks updates to a program parameter while an approval request is under review. Once the request is approved or rejected, you can make other program parameter changes.
Cancel requests
You can cancel your own requests that are in Pending status. When you cancel a request, all potential approvers are notified and the request history is updated. To cancel requests:
- On the Dual approval screen, select the pending request you want to cancel.
- On the Request details screen, select Cancel request and confirm.
Approve or reject requests
To approve or reject requests:
- On the Dual approval screen, select the pending request.
- In the dialog, select Approve or Reject. If you reject a request, you'll be prompted to give a short reason.
Frequently asked questions
Question: What happens if the approver is not available to review the request?
Answer: The approver is an assigned role and not a specific person. You should assign multiple people to the approver role so that anyone with the role can review the request.
Question: Is there a report that tells me if there are old requests?
Answer: No, but you can filter the Dual approval page by status and date to view pending requests older than 7 or 30 days.
Question: What happens if there’s an API failure after I’ve sent a request for approval?
Answer: If an API failure occurs, your request is processed immediately without dual approval to keep workflows running. For example, your request for an account status change will take effect right away, without dual approval.
Question: What if my approval request reached the approver, but then the API fails?
Answer: In this case, the approval or rejection won’t go through. Both you and the approver will see an error notification and a report log. Once the API is restored, you'll need to resubmit your request.
Updated 5 days ago