Share all details about your problem, including any error messages you may have received.
Hi there, we’re looking to utilize the access request feature in SailPoint IdentityIQ. Our goal is to start with allowing managers to request certain entitlements for their employees. Most AD security groups already have an established “Owner” that it will send an email to for approval/rejection.
However, there are certain ones that should bypass approval. Entitlements without an owner, when requested, will just send to the default Administrator. Is there a way to get these to instead auto-approve?
For example; Mobile Email in the screenshot. Since the owner is “The Administrator” can this request just automatically approve? If so, can I get some guidance on where to make this edit? Thank you!
By default, newly created or changed roles go through an approval process managed through an approval workflow that routes the new or modified role to the role owner for approval. If the person who created or changed the role is also the role owner, this approval step is bypassed. The default workflow can be customized to add or alter approval steps to meet each organization’s business requirements.
You can customize the workflow for the modifying approvers according to your organization needs
Sounds like we’ll need to modify and customize this. Where exactly is it in IIQ to make changes to the workflow to modify approvers? This area is a bit new to me. Thank you!
Are you referring to the use case: manager to submit access request (AD entitlements) for users and if there is no owner then request should be auto approved?
If yes, it depends on the approval workflow that is defined for the requests. E.g., LCM provisioning - Manager and Owner approval. You may want to customize it as per your requirement.
Exactly this! Since we’re starting with just managers being able to request through the portal (if there is no Owner attached to the entitlement) – then request should auto-approve. In a nutshell, that just leaves foundational access requests that should just go through and provision since the audience would be managers submitting basic level requests for their employees.
itzsam91, please check LCM Provisioning workflow in the debug page and update that one based on your requirements. Do remember that this will impact all the provisionings so update the workflow based on what is best for your org.
