This feature is used with Single-Sign-On (SSO) only.
The new users request will appear inside of the Authorization Request List and the administrator can Approve or Disapprove (aka Denied) the request and will remain in limbo until a role is assigned that allows them to do perform assigned tasks. The list of roles that are available for selection when the user is making the authorization request are pulled from roles that are defined within the Platform.
For a request from a new user, the follow options are available to the Admin that is reviewing the authorization request when they click on the menu icon in the Action column.
If the requested role is not appropriate for the User, the Admin can Disapprove the request completely (the status would show "Denied") or they can Disapprove and assign a more appropriate role (the status would show "Denied & Assigned a different role). When Disapproving a request, be sure to enter a comment so the User understand why they were denied the role they requested - this comment will be included in the notification back to the user.
If the requested role is appropriate for the User, the Admin will Approve the request. A notification will be sent to the user stating they have been approved.