Four-Eyes Approvals

What are Four-Eyes Approvals?

Four-eyes approval is a safety measure used to ensure important changes are checked by two people before they are carried out. This feature helps prevent mistakes and unauthorized changes by requiring four-eyes approval from two authorized users. By having two people review and approve decisions, organizations can improve security, reduce risks, and ensure that rules and guidelines are being followed.

In the Atlar dashboard the organization can opt to enable four-eyes approvals on sensitive organizational settings, such as user management and changes to payment approval chains. However, note that the actual approval of a payment is not approved using ‘Four-eyes approvals’. Four-eyes approvals are applied to all types of changes to sensitive organizational settings, including creating, updating and deleting.

How to set up Four-Eyes Approval

1. Navigate to Settings -> Organization
2. Under Organization security, select what you want to enable four-eyes approval for. Note: changing the four-eyes approval settings will also require four-eyes approval, unless it’s the first time you enable it for your organization.
   1. Enable Organization four-eyes approval: this will enable four-eyes approvals for organization security settings, such as enabling/disabling four-eyes approval.
   2. Enable User Management four-eyes approval: this will enable four-eyes approvals for roles and users.
   3. Enable Approval Chains four-eyes approvals: this will enable four-eyes approvals when adding, editing and deleting approval chains.
   4. Enable Counterparties four-eyes approvals: this will enable four-eyes approvals when adding, editing and deleting counterparties and their external accounts.
3. Under Four-eyes bypass, enable Programmatic access users if you want to delegate four-eyes approval to a separate system integrated with Atlar. For example, if you already have an approval process for managing counterparties in your ERP, this setting disables four-eyes approval in Atlar when the change originates from your ERP, while still requiring four-eyes approval in Atlar in case the change originates from a normal user logged into Atlar.

Best practices

• Atlar will require that at least two users approve changes if the four-eyes approval is enabled, but it's beneficial to have additional approvers to ensure coverage in case approvers are unavailable or leaves the company.
• To ensure your organization is fully protected, it is recommended to enable four-eyes approval for all the features used within the organization.
• It’s recommended to only invite each person once with a personal email address in order to reduce risks related to a person acting as multiple users.
• Only give the necessary permissions for each role (the Principle of Least privilege).