Fallback Approver not wanted

Hey Everyone!

I am trying to use the escalation configuration via API for access requests set-access-request-config | SailPoint Developer Community. The escalation goes from the recipient’s manager to the second manager. If these two fail to answer the request, it falls to the fallback approver. What I need is that when both 1st and 2nd manager don’t answer, the request is denied.

If I get this to work what would happen if a request is made for an identity with no manager? Would it be immediately denied or would it go follow through the rest of the access request configuration for the specific role/access profile?

I see in the docs that the fallbackApprover field is nullable, but this doesn’t to work and get an error when trying to send the API request.

Thank you!

Best,
Pol

Hi @Pol1

During Access Request, if a request is made for an identity with no manager, it would behave as below:

image861×578 62.9 KB

During Escalation, if approver’s manager is not found then it will get assigned to fallback approver,

image876×287 37.2 KB

You can have a Workflow to do it. the fallback approver can be a ServiceAccount of your own.

Taht service account goes and receives the “ticket” a workflow checks it dayli and denied every approval it has.

Thats the best way to do it.