Back in the day, privileged account access control processes were almost completely manual, time-consuming and often involved a fire call desk staffed by techs that only knew how to use a workflow app. Today, these processes are automated and highly efficient.
But when is that not enough? When should a human be required to evaluate the requester, the system/account requested, and/or the purpose of the request?