Self-Service Access Request System

Built for employees who need access to internal BI dashboards, the team leads responsible for approving that access, and IT staff who had been manually managing Active Directory group membership in response to ad hoc requests — with no workflow, no audit trail, and no visibility for anyone waiting on an answer.

A self-service web portal where employees browse available dashboards, submit access requests with a business justification, and get automatically routed to the appropriate approver. Approvers can approve or deny directly from a notification email or through the app. Approvals automatically provision the user into the corresponding Entra AD group via Microsoft Graph API; revocations remove them.

The system includes a full request history and audit log, a dashboard catalog that managers can maintain, and an admin view for IT to monitor and override group membership when needed.

Built in early 2026 as access request volume grew beyond what manual ticket handling could reliably support. The trigger was a recurring pattern: delayed access, forgotten requests, and no clear owner for follow-up once a ticket was filed.

Self-hosted on an internal Linux server using Docker Compose. Accessible to all employees on the company network through a standard web browser — no software installation required. Authenticates against the organization's Active Directory via LDAP for single sign-on, and writes back to Entra AD groups through the Microsoft Graph API.

AD group membership for dashboard access was managed entirely by hand — someone had to file a ticket, someone else had to remember to act on it, and there was no record of who had access to what or why. Approvals happened through email threads with no structured follow-up.

This system replaced that process with an automated approval loop, automatic provisioning on approval, and a persistent audit log — turning a manual, error-prone workflow into something consistent and accountable.