We’ve been testing with the Workflow tools that is currently in beta. We will 2nd & 3rd level approval to be based on the user’s location attribute. 2nd and 3rd level approval will be sent to multiple approvers based on the user’s location attribute.
Our concern is if a workflow this complex is feasible with the current workflow tool.
Hi Viola,
I haven’t delved too deep into our access request feature. I know there is an API to forward an approval and an event trigger to add an additional identity or governance group to the approval process for an access request. I believe you can set up a workflow today that will add a 2nd approver based on location, but I’m not sure about a 3rd approver.
Do all requestable objects need to have approvers based on the identity’s location, or just a few requestable objects? Have you looked into using segments to group requestable objects based on a user’s location?
This approval process is not necessary for all requestable objects. It will be specific to a few applications. I’ve originally thought of governance groups but it looks like you can only have one governance group per application. In this case it would be 2 governance groups per application. As for a second and 3rd approval for theses specific apps it is a requirement.
Currently, there are a limited number of options you have when assigning approvers to a role or access profile. In the case of access profile, you have this list of people you can assign as an approver. I’m trying to understand if we have a fundamental limitation in the product that won’t allow you to solve this, even with APIs. What identities will you assign as 2nd and 3rd approvers based on location? Is manager always a first level approver, regardless of location? What’s different about the 2nd and 3rd level approvers between locations? Some sample scenarios (with names redacted), would be helpful.
