Resources

Time-gated approval conditions

Time-gated approval conditions let you restrict when access requests can be approved based on the time the request is made. Use these conditions to enforce time-based controls in your access policies.

What are time-gated conditions

Time-gated conditions are a type of access logic predicate that evaluates the Time of request when someone requests access to a resource. You can configure time windows during which requests are eligible for approval, or restrict approvals outside of certain hours.

For example, you might require that access requests for a sensitive application can only be approved during business hours, or only on weekdays.

Where to configure time-gated conditions

Time-gated conditions are configured in the Access Logic section of an access policy.

  1. Navigate to the resource you want to configure

  2. Open the Access Policy settings

  3. In the Access Logic section, add a condition

  4. Select Time of request as the condition type

  5. Define your time window criteria

How time conditions work

When a user requests access, Ploy evaluates the time condition against the request timestamp:

  • If the request falls within the configured time window, the condition passes and the request proceeds according to your other access logic and approval stages

  • If the request falls outside the time window, the condition fails — the request may be blocked or routed according to your fallback actions

Combining with other conditions

Time-gated conditions can be combined with other access logic using AND/OR operators. This lets you build complex policies like:

  • Allow access requests only during business hours AND for users in specific groups

  • Allow requests outside business hours OR with elevated approval requirements

Add the appropriate action below each condition to define what happens when that condition is met.

Approval stages and time gates

Time-gated conditions control whether a request is eligible to enter the approval workflow. They do not control when approvals themselves can be processed. Once a request passes the time gate, it proceeds through any configured approval stages.

For more on configuring multiple approval stages, see Access Policy.

Provisioning after approval

Once a request is approved, Ploy attempts to automatically provision access. If direct provisioning isn't available (no integration or SCIM support), a Manual Task is created as a fallback. Configure assignment settings to route manual tasks to the right team.

You need the Managed Access module to configure access policies. See What is Managed Access? for more details.

Was this helpful?