we are looking into creating our own “Request Center” in our IT portal, so we do not have to redirect users for one specific IT service (access requests) to a different portal.
We have established the functionality and it is working quite well.
The only issue we are facing currently, is that we would like to submit the Access Requests by the user who actually orders the access from our IT Service Portal.
As we are using an integration account to handle the authentication, it all looks like the Integration account requested it.
Is there any way how to pass on the “requester” or “impersonate” the requester and submit the access request on their behalf ?
We can see in the “access-request-status” API the “requester” is part of the data you get. Is there a way to patch this ?
We know there is a ServiceNow plugin for IAM, however we do not like the UI and some of the pre-requisites, hence we would like to build it ourselves.
What is the use case for needing to see who actually submitted the request? Is it for visibility on the approver side (assuming approvals are happening in ISC)?
You could also prepend the name of the requestor in the comment - e.g. “Requested by Tom Smith - “ + comment
It would be to show the “right” requester to the Approver.
Also for workflows where Requester = Manager or Access profile owner, that it skips the approval step as is the standard functionality in IAM.
It is not the most critical thing, as we append the ServiceNow request number and the Requester in the comments, but it would be nice and “clean” to have that meta data right on the IAM request.
It sounds like moving your approvals to the ServiceNow side would allow you to accommodate that need. I’m personally a fan of keeping the approvals on the ServiceNow side because
Users are already familiar with handling approvals from ServiceNow
You can build in A LOT more flexibility in how approvals are handled
I recognize that would require more development as opposed to an OOB approval workflow in ISC, but I prefer using ServiceNow to do the orchestration and ISC to just do the provisioning.
I’d prefer that as well, also just for the sake of being more flexible with things like “email templates/branding” etc. But considering the cost implications, I think we are not ready yet to utilize ServiceNow approvals (at least yet), as the Workflows in IAM are “for free”.