Getting Started with the Federated Authorization FedAuth Community

The Federated Authorization (FedAuth) Community is Pitt's central portal for requesting and approving access to enterprise systems and data — but it is not a self-service catalog. FedAuth manages access to sensitive enterprise systems including PeopleSoft, Student Mart, GL Mart, Employee Mart, and RC Admin. The roles and permissions involved are complex: most users who submit independently request access they should not have, which delays approval and creates audit complications. Contact the appropriate approver for your data type before opening a request form.

✓ RECOMMENDED

Contact Your Approver First

Your approver knows which roles are appropriate for your responsibilities. They can guide the request, initiate it on your behalf, or confirm exactly what to select before you open a form. Reach out to the right group for your data type:

PeopleSoft & Student Mart	SIS Security Contacts →
GL Mart	Financial Data Approvers →
Employee Mart	RC HR Approvers →
RC Admin	RC Administrators →

ALREADY COORDINATED WITH YOUR APPROVER

Submit on Your Own

Only proceed independently if you have already confirmed with your approver exactly which roles and permissions to request. Selecting incorrect roles will require a full resubmission and can delay access by several business days.

Open FedAuth Community →

Systems You Can Request Access To

FedAuth handles access for the following enterprise systems. Click the corresponding tile after logging in to start a request.

System / Tile	What It Covers	Primary Approver Chain	Questions? Contact
PeopleSoft (SIS)	Student Information System — enrollment, student records, academic data	Security Contact → Data Steward* → Pitt Digital Security → Student Systems	SIS Security Contacts
Student Mart	Reporting mart derived from SIS data	Security Contact → Data Steward* → Privacy Officer* → Pitt Digital Analytics	SIS Security Contacts
GL Mart / GL Mart Groups	General Ledger financial data; also grants access to Fiscal Panther (Tableau) and Grants Forecasting (Oracle PBCS)	Supervisor → RC Financial Approver → Financial Data Steward → Pitt Digital Analytics*	Financial Data Approvers
Employee Mart	HR analytics data; highly restricted data requires additional approver stages	Supervisor → RC HR Approver → Pitt Digital Analytics (+ HR Data Steward / Privacy Officer for restricted data)	RC HR Approvers
RC Admin	Directory and mailbox administration for a Responsibility Center	RC Admin → Pitt Digital Security	RC Administrators list

* Optional stage — triggered only when the request includes a diamond/restricted role or approval component.

Submitting a Request

These steps apply to all requesters, including Security Contacts submitting on behalf of a user.

⚠ Stop — have you confirmed with your approver what to request?
FedAuth roles are system-specific and not self-explanatory. If you have not already spoken with your Security Contact, Financial Data Approver, RC HR Approver, or RC Administrator about which roles to request, do that before proceeding. An incorrect submission cannot be partially approved — it must be fully rejected and resubmitted.

Log in to the Federated Authorization Community.
Click the tile for the system you need: PeopleSoft, Student Mart, General Ledger (GL) Mart Users, General Ledger (GL) Mart Groups, Responsibility Center Administrator (RC Admin), or Employee Mart.
Fill in all required fields. If the form spans multiple pages, complete each page and click Next Page. Click Submit when finished.
Your request routes to the appropriate approver chain automatically. You will receive email updates at each approval stage and a final confirmation when access is granted or denied.
If a request is not approved, you may resubmit after addressing the reason(s) stated in the denial email.

⚠ Error: "5. Create Approval_Request__c — Issue with the requestee data. Please contact support."
This means the username entered is not a primary account. See the Troubleshooting & FAQ → Errors & Technical Issues accordion below for resolution steps.

ℹ Security Contacts submitting on behalf of others
Security Contacts must authorize all requests in their portion of the workflow — including requests they originated themselves. This is required for audit compliance and cannot be bypassed.

Checking Request Status

Your Role	How to Check Status
Requester	You will receive email notifications at each approval stage — no action needed. For a real-time update, contact your approver directly. If your approver cannot assist, contact the Technology Help Desk at 412-624-HELP (4357). Requesters do not have access to AR record search in FedAuth.
Approver RC HR · RC Admin · RC Financial · Security Contact	Log in to the FedAuth Community and click the Approval Requests tile to see all requests in your queue, with filters for status, type, and requester name.

🔍 Look Up Any Request by AR Number Approvers & Help Desk Only

This lookup is only available to approvers (Security Contacts, RC Financial Approvers, RC HR Approvers, RC Admins) and the Technology Help Desk. Standard requesters do not have access to AR record search in FedAuth — they should monitor their email notifications or contact their approver for a status update.

If you are an approver or Help Desk staff and have an AR-XXXXX number, the fastest way to open the record is through the FedAuth Community's top search bar — but the search button will give you the wrong result. Follow the steps below exactly.

Log in to the Federated Authorization Community and type the AR number into the top search bar.
Do not press the Search button or hit Enter. Doing so takes you to Salesforce's global search view, which returns no results for AR numbers.

If you land on this screen, press your browser's Back button and try again from the FedAuth home page.
As you type, a dropdown will appear below the search bar. Click the entry labeled Approval Request — not the broader "AR-XXXXX in Federated Authorization" hit above it.
The Approval Request record opens. In the Information section, the two most important fields for determining request status are:
- Approval Stage — where the request currently sits in the approver chain (for example, Pending Pitt IT Security Approval).
- Did the Requestee Accept the Terms? — whether the end user receiving access has agreed to the terms and conditions. The approver workflow does not begin until this is complete.

⚠ Approval Stage shows "Request Submitted" — what does that mean?
The requestee (the person who will receive access) has not yet accepted the terms and conditions. The approver chain does not start until they do. Follow up with the requestee directly and ask them to log in to FedAuth and complete the acceptance step.

ℹ Need to know who is in a specific approver group?
Refer to the approver listings in the Resources & Training → Approver Lists section of this article. The listings are also linked from the main FedAuth Community KB article.

For Approvers

These workflows apply to RC HR Approvers, RC Admins, RC Financial Approvers, and Security Contacts. Expand a task to see the steps.

📋 View Pending Approvals Approvers Only

Log in to the Federated Authorization Community.
Click the Approval Requests tile.
Your pending items appear in the top section, labeled My Pending Federated Authorization Requests. Click the Record link for any request to view and act on it.
The lower section shows adjustable list views for all requests of varying statuses and types — including items not currently pending your action (for example, All Open GL Mart Requests).

ℹ Searching by name or username
Use the Search field above the list to quickly narrow down to a specific requester.

🔍 Filter Approval Requests Approvers Only

Log in to the Federated Authorization Community and click the Approval Requests tile.
In the lower section, click the downward arrow (v) in any column header to apply a sort or filter to that column.
The Approval Stage column shows Approved for completed requests and Pending for those still awaiting action.
To view the full comment history for any request, open its record and review the Approval History list.

✅ Approve a Request Approvers Only

When you receive an approval notification email, click the link provided and log in to the Federated Authorization Community.
Click the Approval Requests tile, then click the Record link for the request.
Review the Items to Approve section. Click View All for full details. The right-hand column may include any of the following:
- Authorization Request
- Career / Campus / Academic Center
- Details of the Request
- Division and Department Information
- Requestor and Requestee Information
- Restricted Data Requested
Scroll to Approval History and click Approve. Add any comments, then confirm.
If the request requires additional approvals, it routes to the next approver automatically. The requestor receives an email once all approvals are complete and access is provisioned.

ℹ Adding notes
Use the Notes section to post freeform notes to the request — these are separate from the formal approval-history comments and visible to all approvers in the chain.

🚫 Deny a Request Approvers Only

⚠ Partial approvals are not supported.
For audit compliance, requests cannot be partially approved. If any portion of a request is inappropriate, reject the entire request and include comments explaining what must change so the requester can submit a corrected form.

When you receive an approval notification email, click the link and log in to the Federated Authorization Community.
Click the Approval Requests tile, then click the Record link for the request.
Review the Items to Approve section and all relevant details in the right-hand column.
Scroll to Approval History and click Reject. Type your reason, then confirm.
The requestor receives an email notification with the denial details. They may resubmit a corrected request addressing your stated reason(s).

Approval Routing Reference

The table below shows every approver stage for each system and scenario. All requests are ultimately implemented or finalized by Pitt Digital Security or Pitt Digital Analytics as indicated.

System	Scenario	Initiated By	Pre-Submission	1st Approver	2nd Approver	3rd Approver	4th / Final
PeopleSoft	Diamond / restricted role selected (same or different Data Stewards)	User or Security Contact	User Agreement (if Security Contact); Supervisor notification	Security Contact (RC of requestee)	Data Steward*	Pitt Digital Security	Student Systems
PeopleSoft	No diamond / restricted role selected	User or Security Contact	User Agreement (if Security Contact); Supervisor notification	Security Contact (RC of requestee)	(skipped)	Pitt Digital Security	Student Systems
GL Mart	User or Supervisor submits	User, Supervisor, or RC Financial Approver	—	Supervisor	RC Financial Approver	Financial Data Steward	Pitt Digital Analytics†
GL Mart Group	User submits	User, Supervisor, or RC Financial Approver	—	Supervisor	RC Financial Approver	Financial Data Steward	Pitt Digital Analytics†
Student Mart	—	User or Security Contact	User Agreement (if Security Contact); Supervisor notification	Security Contact (RC of requestee)	Data Steward*	Privacy Officer*	Pitt Digital Analytics
RC Admin	—	RC Admin	Supervisor notification	RC Admin	Pitt Digital Security	—	—
Employee Mart	No highly restricted data or additional RCs	User or Supervisor	User Agreement	Supervisor	RC HR Approver (requestee's RC)	Pitt Digital Analytics	—
Employee Mart	Restricted data selected	User or Supervisor	User Agreement	Supervisor	RC HR Approver (requestee's RC + any additional RCs)	HR Data Steward and/or Privacy Officer*	Pitt Digital Analytics

* Optional stage — triggered only when diamond/restricted roles or restricted data are included in the request.
† Implementation step, not an approval gate.

Troubleshooting & FAQ

Expand a topic below to jump to specific questions.

🔧 Errors & Technical Issues Common Blockers

I got the error: "5. Create Approval_Request__c — Issue with the requestee data. Please contact support." I'm trying to remove access from someone.
This means the requestee's username is not a primary account. Submit a Help Desk request to have the account removed manually outside of FedAuth.

I got the same error and I'm trying to grant access to someone.
The requestee's username is not a primary account. If the account was recently converted to a primary account, wait up to 48 hours for the change to propagate into FedAuth, then try again.

For sponsored or service accounts that are exemptions entitled to protected data: enter your own username as the requestee, then in the Request Details and Justification field, list the sponsored account name, the account owner, and any other information relevant to approvers.

I was granted access but cannot reach the data set.
Provisioning can lag the approval email by up to 24 hours on some systems. If access is still unavailable after 24 hours, reopen the original ticket and reference the approval notification.

My request has been pending longer than the expected timeline.
Check the ticket status in the Services Portal. If the ticket is awaiting Data Steward review, the Data Steward has already been notified automatically — a polite direct follow-up is appropriate once the stated timeline has elapsed.

🔀 Routing & Workflow

How are approvals handled when multiple people share an approver role at the same stage?
The request enters a shared queue. Any one member of that queue can approve or reject it — only a single action is needed per stage.

How will I be notified about requests pending my approval?
You will receive an automated email when a request enters your queue, plus reminder emails every Tuesday and Thursday containing direct links to all open approval requests awaiting your action.

Can I partially approve a request — approve some roles and reject others?
No. For audit compliance, requests cannot be partially processed. If any portion is inappropriate, you must reject the entire request and include comments explaining what to change so the requester can submit a corrected form.

If my request is denied at any stage, will I be notified and told why?
Yes. You will receive an email with the reason(s) for denial. You can then submit a new request that addresses those reasons.

As a Security Contact, do I need to authorize requests I submitted myself?
Yes. The workflow requires Security Contacts to authorize all requests in their portion — including ones they originated. This is a required audit control.

I need access to restricted data outside my Responsibility Center. How do I proceed?
Notify the RC Admin for your location; they should contact the appropriate RC approver in the area where the data resides. Data Steward approval is part of the standard workflow for any restricted data request.

Can I target a specific department rather than an entire school?
Yes. Include the relevant department name or row-level access specifications in the Request Details and Justification field when submitting.

I no longer need access I previously requested. What should I do?
Submit a Help Desk ticket to remove the access. Periodic access reviews will catch unused access eventually, but proactive removal reduces risk and is the expected practice.

👤 Accounts, Usernames & Cloning

How do I find a user's Pitt username?
Contact your RC Administrator or your department's IT Contact. You can also use Find Pitt to look up a user's email address — the username is the portion before the @ symbol, unless the person uses an alias.

Aliases are distinguishable from usernames: an alias will be longer than eight characters, or it will contain a period (.), dash (-), or underscore (_) and be longer than four characters.

Can I clone the access of an existing user?
All roles must be individually selected — they cannot be bulk-cloned. Restricted roles must each be individually justified for proper Data Steward routing. For PeopleSoft, only row-level access can be cloned; roles must be selected in the form or explicitly listed in the justification field. Requests to clone must include the requestee's username. See How to Check a User's PeopleSoft Role for role lookup (access to this feature is restricted to Security Contacts by default).

As an All-Temps employee, how is my FedAuth request routed?
All-Temps requests route through the sponsoring department's RC Financial Approver.

My request involves a cross-RC data set. Do I need to add documentation?
Yes. Both All-Temps requests and Financial Data requests outside your own RC require comments or notes explaining the cross-RC context and justification.

💰 GL Mart & Financial Systems

Does GL Mart access include Fiscal Panther and Grants Forecasting?
Yes. By default, GL Mart access also grants access to Fiscal Panther (Tableau) and Grants Forecasting (Oracle Planning & Budgeting Cloud Solution / PBCS). These are available for grants administrators, financial approvers, department administrators, and RC business managers.

Who are the Financial Data Stewards?
Peter L. DeNardis — pld7@pitt.edu. A full list is available in the Financial Data Stewards KB article.

🏛️ RC Administrators — What Can They Do?

Responsibility Center Administrators can perform the following tasks through the FedAuth RC Admin tile:

Add email aliases to individual accounts and groups
Create and modify Exchange resources (rooms, equipment, and services)
Restrict who can send email to a group, or require authentication to send to a group
Convert groups between mail-enabled and not mail-enabled
Show or hide groups in the Global Address List
Grant full access or send-as rights to Resource Account mailboxes
Set a custom out-of-office message for a user no longer with the University

For a full directory services reference, see the RC Admins KB article.

Resources & Training

📋 Approver Lists

Financial Data Approvers — GL Mart
Responsibility Center Administrators (RC Admin)
SIS Security Contacts — PeopleSoft & Student Mart
Financial Data Stewards
RC HR Approvers — Employee Mart
Process for Designating Security Contacts

🎓 PeopleSoft & Student Systems Resources

Training Videos

👥 Employee Mart Resources

🏛️ RC Admin Resources

📜 Governance & Policy

📝 Release Notes

Date	Change	Description
December 21, 2022	Employee Mart Added	Employee Mart is now available as a new access request type in FedAuth.
June 1, 2022	Updated Approval Requests Screen	Additional descriptive fields (record type, request type) now visible under Approval Requests. The screen is now split into a top Pending Requests section and the full Approval Request List Views below.
March 15, 2022	Approval Reminder Emails	Approvers now receive weekly reminder emails every Tuesday and Thursday with direct links to all open approval requests.
January 5, 2021	Two-Column Layout & My Pending Requests	Approval page redesigned with a two-column layout showing full comment history; new My Pending Requests feature lets approvers see all open requests without additional searching.

Key Contacts

Technology Help Desk 412-624-HELP (4357)
Ticket status, provisioning issues, escalation to Pitt Digital Security

SIS Security Contacts Find your Security Contact →
PeopleSoft & Student Mart access requests

Financial Data Approvers Find your approver →
GL Mart access questions & approvals

0 reviews

Print Article

Updating...