Lifecycle Management (Fulfillment Setting) in the Cloud Administration Console
The RSA Cloud Access Service Lifecycle Management feature enables users to discover, request, and gain access to applications directly from My Page. This feature streamlines access management by aligning approval workflows with the sensitivity of each application, reducing reliance on help desks and enhancing the overall user experience.
With the Lifecycle Management feature, organizations can deliver a user-friendly, self-service model for application access, while administrators maintain control through configurable policies and automated approval.
Overview
Use the Lifecycle Management feature in the following scenarios:
Enable self-service access requests for different applications.
Support approval workflows based on application sensitivity (for example, auto-approval, manager approval, application owner approval, or both).
Reduce the workload on IT and help desk teams.
Improve user visibility into available applications and access levels.
Prerequisites
Before enabling the Lifecycle Management feature, administrators need to do the following:
Obtain LDAP Identity Sources, SCIM Endpoint, or Entra ID configuration details from the service provider to grant default access to the requested application.
Configure Cloud Access Service - Planning Access Policies to control which users are granted access to an application by default, and which users are allowed to request access.
In the Cloud Administration Console, ensure user attributes and roles are accurately defined and mapped. For more information, see Add, Delete, and Test the Connection for an Identity Source in Cloud Access Service.
Configure the application in the Cloud Administration Console with an application owner. For more information, see My Page applications (for example, Add an OIDC Application).
Optional Lifecycle Management Features
The following are optional features for Lifecycle Management:
You can enable Application Roles to define roles and set conditions, providing users with attribute-based access to the application.
Note: If a user does not match any configured roles, they can still request access to the application. In such cases, they will receive the default access level specified in the fulfillment configuration.
You can allow approvers to add users to roles or groups.
You can allow approvers to assign/ unassign users to specific roles or groups via My Page during active requests. For more information, see Manage My Applications
How Lifecycle Management Works
When users log in to My Page, they can request access to an application in the App Catalog that they do not already have access to. Based on the application's Fulfillment configuration, the request is either:
Auto-approved
Sent for manager approval
Sent for application owner approval
Requires both manager and application owner approvals
Once the request is approved, users can access the application according to their assigned access level.
Related Articles
How to manage RSA Authentication Manager console and virtual host certificates with keytool Number of Views RSA Governance & Lifecycle 8.0 Patch 07 HF01 Release Notes Number of Views RADIUS server not found and/or RADIUS server cannot be managed after upgrade to Authentication Manager 8.6 or 8.7 Number of Views How to configure the Intel Remote Management Module 4 (RMM) and the Baseboard Management Controller (BMC) for the RSA Auth… Number of Views RSA Authentication Manager 8.8 upgrade fails with ERROR: auth_manager.rest_service.old_access_key is not found Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.9 Release Notes (January 2026) An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide
