@benjaminoriold You’ll be able to apply these globally for all access requests, or on the individual access item level, like for a specific access profile, etc. We don’t currently support setting the configs for all roles, or all access profiles, etc. It’s something we have thought about but decided to wait to hear if it’s something customers needed.
1 Like
- Consolidated approval assignment: A user assigned as an approver more than once for the same request/item (for example, as both manager and owner) will receive only a single approval request. Their decision will be applied and audited for the whole set required approvals from that user.
Can You confirm please the following points.
- If a manager makes a request for a direct report, does the manger immediately get an approval for that request (a second action required)? Or, with consolidated approvals, because the manager is making the request for a direct report, there is no need for the manager to approve the request again. If the manager makes a request for a DR, it is considered as approval automatically. Any approval steps after the manager will still be required e.g. Gov Group approval.
- If a member of an approval group (Gov Group) makes a request for anyone, does this request then need approval again at the governance group step? Any other approval steps (e.g. manager) would still be required.
As per my point 1 above, if the person making the request is an approver, it is not necessary for them to approve this again. Because they are making the request, it is automatically considered as approval at the appropriate approval step.
managers / Gov Group members would not make a request unless they are going to approve this later. So why not skip that step.
Audit trail of this action would still be required.
1 Like
Sorry, let me clarify my point in regard the Governance Group. If a member of a Gov Group makes a request for an item “they are the approver of”, this approval step should not be required again.
Yes - Once this enhancement completes, this behavior will be enforceable on all new access requests by setting a config in put-approvals-config | SailPoint Developer Community called autoApprove to a value of “indirect”.
Hi @jennifer_mitchell ,
I am trying to update the Access Request configuration by using below API. But i am getting 405 method not allowed error. Could you please help me?
Thanks,
Siva
SailPoint documentation for API v2026 is missing though. I get that we can just change the branch in the call but why is the current branch’s documentation missing?
Also, using v2026 for regular calls returns an error that the experimental header is missing.
Hello @jennifer_mitchell,
We also have this error when trying to use the endpoint. Do you have any update ?
@jennifer_mitchell , I have the same question.
“For the Governance Group Visability, it appears to be showing the Account Name of the Identity, is there a way to configure it to show the Display Name of the Identity instead?”
i am getting 405 method not allowed error
We have identified that the API doc inaccurately suggested the attributes should query parameters instead of path parameters. It looks like we have updated the documentation appropriately now.
Related: Be advised that if you had reminders/escalations configured in the access-request-config beforehand, because we are automatically copying your existing access-request-config reminder/escalation config over to the approvals service as a starting point, we are setting the config at the access request approval type level and you will need to update that one (id: access_request_approval, scope: approval_type), rather than the global one, to change the access request approval behaviors.
2 Likes
We have a code change in the pipeline to fix this for you.
1 Like
Important Update 
This enhancement is one that our team recognizes is a big-impact shift with a lot of moving pieces. It’s important that we get it right so your approvals continue to flow as expected. As such, we are carefully working through issues that some customers have observed and raised in their sandbox environment testing, to make sure we have addressed them with the necessary adjustments.
So that we can give those adjustments time to be fully vetted, we are going to slow down the production rollout. We anticipate a delay in the prod rollout of 1-2 weeks (meaning it will roll out in the first half of March). We’ll reassess and update the announcement, with another comment post here too, mid-week next week with a more precise date.
We greatly appreciate your involvement in putting this enhancement through its paces and are excited about the positive feedback we’ve received about the functional additions it is bringing!
We observed that new email templates were introduced in ISC regarding approval feature:
- Approval Completed Notification Email Template
- Approval Request Notification Email Template
We didn’t see any annoucement regarding those templates, notifications are sent with those templates and the former ones.
We also identifier the template Approval Request Reminder Email, which lead to some notifications sent on the week-end (saturday & sunday, multiple times a day).
Notifications started to be sent on February 14th.
Could you please clarify Sailpoint position regarding those notifications ?
It does look like this may have been resolved (I am seeing Display Names now in my sandbox/dev tenant)
Yes - the governance group member list is now showing identity display names. We are actively working through issues like this before we release this enhancement to production.
Incidentally, thank you to everyone for your active participation in exploring the improvements we are delivering to approvals!
Hi @bastienprulhiere -
Would you please open a support ticket for this so the team can engage with you? We have found an issue that we are working related to the first 2 messages you mentioned but we are unclear on what the issue is for the reminder email, so more information is needed. Thank you!
I will open a ticket to support.
Could you please share more details regarding Sailpoint strategy for those templates ?
Will they replace the old ones? If so, when?
Could you please share more details regarding Sailpoint strategy for those templates ?
The plan is that the new email templates will not replace the old ones in place for access requests because we know many customers have invested time and money in customizing those old templates. However, the old templates will be provided some new arguments that will allow you to customize the content further – for example, to make the message indicate when it’s a reminder vs. an escalation vs. an initial assignment of approval.
The issue you have seen is that both the access request service and the approvals service were inadvertently sending emails for the same events in the processing flow. We are adjusting that so you will only get the access request ones.
New Production Rollout Dates!
Again, I want to thank all of you who have been exploring our new functionality in your sandbox tenants. I am pleased to announce that we are now ready to roll this into production starting next week.
We are going to roll this out by regions across the next two weeks. All non-US tenants will be enabled during the week of March 2, and US tenants will be enabled starting March 9.
Hi @jennifer_mitchell
Does the requester receive an email notification when an access request is auto-expired?
If so, does the notification include the access request details and the approver’s information? For example, I would like the email to include the approver’s details so the requester can follow up directly after the request expires.
Additionally, I would like the notification to include the access request name and the date it was created.