ACCESS MANAGEMENT SYSTEM
U.S. Department of Health & Human Services

How to Approve or Certify an Application Access Request

Note: As an Application Access approver or certifier, you will have privilege to view, approve, certify, or reject application requests submitted to you by requesters. All approvers and certifiers need to be predefined for each application access approval. Users identified as Application Administrators will need to complete the AMS Role Request Form for submission to IAMAMSPMO@hhs.gov for assignment. (NOTE: to view a PDF document, you must have Adobe Reader installed.)

Not all applications will have the same number of approvers or will include certifiers. This will be dynamic based on each application. Applications may have up to three approvers: Federal Manager, Application Owner, and Application Administrator, and one certifier: Personnel Security Administrator (PerSec Admin). This job-aid details the approval steps for the Federal Manager, Application Owner, and Application Administrator as well as the certification steps for PerSec Admin.

Authorizing application access tasks requires authentication with your HSPD-12 access card (PIV); if you logged into AMS by other login credential, you will be required to complete a second step of authentication before you can proceed with related activities.

  1. Log into AMS at http://ams.hhs.gov using your HSPD-12 access card. For quick and easy access to your applications, add this page to your browser favorites or create a desktop shortcut.

  2. From your AMS homepage, select the "Application Access Management" tab.

  3. Select the "Authorize Application Requests" sub-tab.

    Note: Pending requests requiring approval or certification are indicated by a parenthetical notation that indicates number of requests that require action by the approver or certifier. This number is displayed on the Application Access Management tab as well as the Authorize Access Requests sub-tab. If there are no requests requiring your approval, no number will be visible.

    Application access management page with highlighted authorize access requests tab

  4. Select "Pending" from the "Request Status" drop-down list and click "Search" button.

  5. To proceed, click "Agree" on the "Data Protection Policy Statement" pop-up notice.

    Data protection policy statement. This search is intended for authorized administrators who need to look up and review an AMS user's profile data, including the user's HHSID and application access. Note that the results will include information on HHS employees, contractors, and affiliates, as collected by their respective badging offices and on-boarding systems. By clicking Agree button, you are accepting the responsibility to protect the privacy of user data presented in the search results. If you agree and would like to proceed with the search, click Agree button.

  6. Select the Request ID for the request that you wish to review and act upon. A pop-up window will be displayed with the "Approve Request" and "Reject Request" buttons available for you to click.

    Note: The pop-up window displays an application approval trail showing which approver’s queue the request is in, and its current approval decision. It also shows all the remaining approvers in the approval process.

    Application access details for the selected Request ID.

  7. To approve the request, click the "Approve Request" button; to reject the request, click the "Reject Request" button.

  8. If you "Reject" an application request you will need to select a "Reason for rejection" from the pre-populated drop-down list.

    Note: The reason for rejection will vary depending on if the submitted request was for adding access versus removing access.

    Addition of Access Rejection:

    Application Access Rejected screen with Reason for Rejection drop down expanded showing possible reasons.

    Removal of Access Rejection:

    Application Access Rejected screen for Remove Application Access with Reason for Rejection drop down expanded showing possible reasons.

  9. Upon submission, a pop-up will appear confirming your action (approval or rejection) with a "Close" button.

    This request has been approved. Repeat the search to refresh the data and confirm the change was implemented.

    This request has been rejected. Repeat the search to refresh the data and confirm the change was implemented.

  10. An email notification will be sent to the next approver level as defined in the application if one exists. Otherwise an email notification will be sent to the "Requester", and "Other User" if the request was submitted on behalf of another user, and to the "Federal Manager" indicating approval or rejection after the LAST approver approves or rejects the request.

    Note: If manual account management (provisioning/deprovisioning) occurs, the application access request should be approved after the account has been created/removed in the application. This step occurs only after the LAST approver approves or rejects the request.

    If automated account management has been implemented, then approval will provision the application account. Request Status will change to "Provisioned". This step may occur after the submission of the request if no approver has been assigned to the application, or will occur after the LAST approver approves or rejects the request.

  1. Personnel Security Administrator Certification

    1. For users who are defined as a Personnel Security Administrator, the certification process is slightly different in that instead of seeing the "Approve Request" and "Reject Request" buttons, "Certify Request" and "Reject Request" buttons will be displayed in the pop-up window as noted in Step 6. This is the only deviation from the other approvers. All other steps used to log in and view the requests are the same as the other approvers.

      Application access details for the selected Request ID when viewed by a Personnel Security Administrator.

    2. If you "Reject" an application request you will need to select a "Reason for rejection" from the pre-populated drop-down list. The reasons for rejection, however, will differ from the reason for rejection for approvers.

      Application Access Rejected screen with Reason for Rejection drop down expanded showing possible reasons when viewed by a Personnel Security Administrator.

    3. Once "Certify Request" is selected, a pop-up will appear confirming your action (certification) with a "Close" button.

      Application Access Certified: This request has been certified. Repeat the search to refesh the data and confirm the change was implemented.

      Note: In the event that a user requests interim access to an application, the Personnel Security Administrator will be required to approve the request even if the Personnel Security Administrator was not originally defined as an approver for the application.