A request portal is a user interface where requesters can sign in and fill in request forms that pertain to identity data or security entitlements. All identity and access requests have at least one recipient -- who may be the same as the recipient (i.e., a self-service request) or someone else (i.e., a delegated request).
Examples of requests that may be entered into a request portal may include:
In practice, identity and access request portals may incorporate quite complex business logic, for example to control what recipients are visible to a given requester, what kinds of requests are available for a given requester/recipient combination, what identity attributes of a given recipient are visible to and/or editable by a given requester, to validate some and calculate other form inputs, to send requests to appropriate people to approve or reject and more.
Hitachi ID Identity Manager includes a request portal, intended for users to accomplish a variety of functions:
This portal is completely policy driven. For example, what options a user gets, what other users he can find or make requests on behalf of and what identity information one user can see of another is determined by rules. Rules may be simple roles ("all users with attribute X and membership in group Y can perform action Z"). More powerful rules are based on relationships ("user A can request operation B in relation to user C if user A is in group G and users A and B are in the same department.")
Requests submitted through this portal are subject to validation logic (e.g., rules such as "is the city in the user's address consistent with the state or province?") and to approvals. Requested are routed to zero or more authorizers, where approval by some or all of the authorizers is required. The choice of authorizers is normally dynamic -- driven by policy rules and data accessed at run-time.