Platform

Customers

Resources

Platform

Customers

Resources

Introducing Conditional Approvals

Product

0

1

Today, we’re announcing the launch of conditional approvals – now available on V1.0.477

Customer Context

Opal enables security teams to enforce powerful access policies that are easy to implement and scale across the organization. For example, companies can mandate that sensitive applications require multi-stage approvals, 2FA, and maximum request durations.

However, applying universal policies on resources does not take the requester's context into consideration. Enterprises need additional flexibility and want to set different approval policies depending on the requester's team or role. Ultimately, this enables companies to be more productive and secure. Administrators can implement more dynamic policies – streamlining or elevating security configurations based on additional context.

Here are use cases that we have heard from our customers:

  • If an engineer wanted to get access to Cluster Admin role for a Kubernetes cluster, this request might go to the InfoSec team and Platform Engineering for review. However, if a platform engineer requested access, then the request would just require manager approval only since the platform team manages Kubernetes.

  • If employees at Acme Corp request access to Zoom, then this request will go to the IT team for approval as they will need to weigh the cost-benefit analysis. However, if customer-facing teams at Acme Corp request access to Zoom, then this request will be auto-approved since it is likely that they will need the paid subscription for Zoom.

Product Deep Dive

1. Opal admins can navigate to Resources and click on Edit to manage Request Configurations. All resources will start with the default condition – policies that will apply to all users in your organization.

2. By clicking on add a new configuration, Opal admins can select the group that they want the configuration to apply to. Opal ingests a wide variety of group providers, such as Okta, AzureAD, LDAP, Google Groups, and more.

3. If there are multiple conditions, Opal admins can also configure the order of the conditional approvals in which they are applied. Employees are subject to the first matching configuration if they are part of multiple groups. For example, if an employee is part of both DevOps Group and Engineering, they will be subject to the policies applied on the DevOps Group since it is the first in the configuration order.

About Opal

Opal is the unified identity platform for modern enterprises. Opal aggregates identity and access data to provide visibility and defense-in-depth infrastructure for mission-critical systems. Enterprises can discover anomalous identity risks with the product and remediate them in minutes. The world's best companies trust Opal to govern and adapt sensitive access.

Want to see it yourself? Contact sales@opal.dev or book a meeting here for a personalized demo.

AI that makes continuous access decisions, with you on the dial.

AI that makes continuous access decisions, with you on the dial.

AI that makes continuous access decisions, with you on the dial.

Everything you need to know about Opal

What is Opal Security and what does it do?

What systems does Opal integrate with?

How is Opal different from traditional IGA and IAM tools?

Can Opal govern AI agents and non-human identities?

Does Opal replace my existing identity stack?

How fast can Opal be deployed?

Who is Opal's leadership?

0

FAQ

Everything you need to know about Opal

What is Opal Security and what does it do?

What systems does Opal integrate with?

How is Opal different from traditional IGA and IAM tools?

Can Opal govern AI agents and non-human identities?

Does Opal replace my existing identity stack?

How fast can Opal be deployed?

Who is Opal's leadership?

0

FAQ

Everything you need to know about Opal

What is Opal Security and what does it do?

What systems does Opal integrate with?

How is Opal different from traditional IGA and IAM tools?

Can Opal govern AI agents and non-human identities?

Does Opal replace my existing identity stack?

How fast can Opal be deployed?

Who is Opal's leadership?

0

FAQ

See. Encode.

Enforce.

© 2026

See. Encode.

Enforce.

© 2026

See.

Enforce.

Encode.

© 2026