Share all details about your problem, including any error messages you may have received.
We have a requirement for an event-based employee transfer certification.
The process should allow the employee to perform self-certification before manager.
If the employee rejects an access, it should be automatically removed without any manager review. If the employee approves the access, it should then be routed to the manager for a second-level review.
Currently, a pre-delegation rule is configured so that all access reviews are initially delegated to the employee. However, regardless of whether the employee approves or rejects the access, the items are being routed to the manager for review. I need to adjust this behavior so that manager review only occurs when the employee has approved the access.
Any guidance or best practices on how to configure this flow would be appreciated
Make the employee the actual reviewer (reassignment, not delegation
In your Pre-Delegation rule, set reassign = true and set the recipient to the certifiee (employee).
That makes the employee the owner of the review decisions.
Add a Sign-Off Approver Rule that routes to the manager only if anything was approved
If the employee revoked everything (or there are no approved items), return null → no manager step.
Then remediation runs based on the employee’s revoke decisions.
Sign-Off Approver Rule logic (simple):
if any item is Approved → return employee’s manager
else → return null
That gives you:
Employee rejects → goes straight to remediation (no manager review)
Employee approves → manager gets a second-level sign-off (review of the certification decisions)
If you also need the manager to re-review each approved line item (not just sign-off), that’s a different requirement and typically means two separate certifications (employee campaign first, then manager campaign filtered to approved items) or a custom workflow.
@Swetha_kaipa By default user’s can’t certify their own access. Buttons will be greyed out. However in your case, where you want o users to certify themselves and then move the items to Manager review., you need to make following changes (I have done it in Target Certification):
In the Advanced Options under Choose Certifier section, set Allow self certification for to “All Certifiers”. Doing this user’s can approve/revoke their own access.
Write a certifier rule, where you need to return the entity target id as the certifier. Sample Code:
Then you need to write a sign off rule to move the items to the certifier’s manager. Sample Code:
log.error(“certification::”+certification.toXml());
List history = certification.getSignOffHistory();
log.error(“history::”+history);
if (history == null || history.isEmpty()){
return null;
}
else if (history.size()==1){
String userName = certifier.getName();
log.error(“certifier name::”+userName);
Identity identity = context.getObjectByName(Identity.class, userName).getManager();
log.error(“identity::”+identity);
if (identity != null) {
log.error("identity name::"+identity.getName());
Map results = new HashMap();
results.put("identity", identity);
log.error("results::"+results);
return results;
} else {
return null;
}
}
return null;
Please review these samples and add additional conditions based on your usecase, like only approve items should go to the next reviewer. You already have certiication object available in the rule, using which you can validate if decision is approved or revoked.
Note: Found a fix? Help the community by marking the comment as solution. Feel free to react(, , etc.) with an emoji to show your appreciation or message me directly if your problem requires a deeper dive.
, 
, etc.) with an emoji to show your appreciation or message me directly if your problem requires a deeper dive.