Docs / Console / Approvals

Use approvals to slow high-risk changes down on purpose.

The approvals surface is where operators turn sensitive changes into an auditable review workflow. The goal is not speed; it is controlled decisions with clear ownership.

Console Usage Approvals and change control Policy workflow guide

Who this is for

Approvers, tenant admins, and release leads responsible for risky actions or breakglass flows.

When to use it

Use this when a policy change, identity change, or live execution requires review before it can proceed.

Required setup

Required setup: active admin session for the tenant. Approval work should always be tenant-scoped so reviewers know exactly which environment and evidence set they are approving.

How to use

1. Open approval queue

Go to /admin/approvals?tenant_id=<tenant> from an active tenant admin session.

2. Review the request context

Read the change reason, linked evidence, and impact summary before you focus on the final approve or deny control.

3. Inspect related diffs and evidence

Check the associated policy diff, export, or evidence references so the approval is grounded in actual state.

4. Approve, deny, or escalate

Use approval only when the request, scope, and supporting evidence are coherent. Escalate or deny when prerequisites are missing.

5. Confirm the receipt exists

Every approval action should leave a timeline entry or receipt that can be used later in exports and audits.

What success looks like

The approver can explain what is being approved and why

Supporting evidence is attached or referenced

The action leaves a durable approval record

Related console surfaces

/admin/approvals?tenant_id=<tenant> - approval queue

/docs/approvals/ - change control reference

Open Console Surface