Now that we have Interactive Trigger for workflows, and interactive forms, is it possible to customize forms for access request / revocation purposes? Including the following:
Customize UX flow with additional filters / meta data.
Dynamic / condition show / hide fields / form sections.
Dynamic / conditional full / partial data value masking.
Customized multi-level approval flows / schemes.
Customized approval forms depending on the approval level.
Create custom audit entries and / or identity event entries based on request and approval input and interactions.
IIRC, it wasn’t possible to launch workflow / forms on-demand until the recent addition of the Privileged Task Automation feature was released…but I could be wrong here. A PAG is likely not required here…the expectation / hope is that access request experience can be customized / for a subset of specific users / use cases / access types, all within the tenant with no external scripts.
Hi @David_Norris, Yes this can be done,
First create form with required metadata
Then create a workflow with trigger with “form submit”
Let me know if you need any further information
You can implement a condition loop “Compare Strings” here based on the data received from the form. For example, based on the requester, populate the identity data, such as the “department” field, within the workflow.
If the department matches “HR,” trigger (if needed create a sub workflow) an approval workflow directed to the HR or Governance Group 1. If not, move to the next condition loop. Similarly, if the department is “IT,” follow the same process. For each negative condition, continue to the next condition loop “Compare Strings”, and for all positive conditions, trigger the respective approval workflows.
Yes you can.
Create a form with all data either entered by end user or auto populated
Workflow trigger should be " Form Summit"
To direct the workflow to an identity or governance group you can use HTTP action in the workflow and use " https://sailpoint.api.identitynow.com/v2024/access-request-approvals/:approvalId/forward"
this api to send the approval to the required users. Its not just straight forward. you need to add few action or apis in between to get the approval-ID, submit approvals etc. But i am sure this works