In our access request configuration, we have enabled auto approval. So if the requestor and reviewer are the same, then it is auto-approved.
In the same way, if one member of the governance group makes the request, the approval is auto-approved and it goes to another member of the governance group for approval. Can we stop that?
If the governance group is part of the reviewer in the access profile/role, then if one member of the governance group submits the request, it should be auto approved and should not go to another member of the governance group.
Hi @Manju22, I hope all is well! This is working as anticipated and there is not currently a way to bypass due to best practice access request security.
Under this section of the linked documentation, it talks about the audit events generated when an access request occurs for someone who is also the reviewer: Managing Requests for Access Profiles - SailPoint Identity Services
If someone requests access to an app and they’re also a reviewer, the following features help keep your access secure: The request is delegated to the requester’s manager. If the requester is part of a governance group that’s listed as a reviewer for the request, they aren’t included in the review. If they’re the only member of that governance group, the request is delegated to their manager.* If the requester doesn’t have a manager, the request is delegated to an IdentityNow administrator.* An audit event is created for any configured auto-approval as soon as the request has been submitted. For example, if there are 3 approvals in the approval chain and the second approver is also the requester, the auto-approval audit event of the second approval will be logged before the first approver’s decision. So even if the first approver denies the request, the second approval will still be shown as auto-approved in audit events.