We have the target Identity = gio.verdi
This Identity has Manager = me (that is f.falcitelli)
As manager of this user I request the static role StaticRole_Test1 to the user gio.verdi.
The request is now blocked to the approver g.mega:
Why ??
In the approval step is written: Awaiting approval by manager, g.mega
g.mega is NOT the manager of gio.verdi
g.mega is NOT my manager
g.mega is an Admin of Sailpoint
What is the behavior of Sailpoint ? If the manager is requesting a role that have approver step of Manager this is redirect to a random admin of Sailpoint ? Why is written Awaiting approval by manager, g.mega and not Awaiting approval by Sailpoint random admin, g.mega ??
How can I disable this behavior ?
If g.mega is in vacation (and is not present a delegate) I need to force the approve via API ? But how can I be notified by this strange situation ?
This sounds like a case of preventing self-approval. See the link below for more info.
If you place a request for yourself or someone else where you’re the approval, SailPoint will reassign it to your manager by default. If you don’t have a manager, it will reassign it to a SailPoint admin. I’m assuming in your case, you may not have a manager or they have redirected approals elsewere
You can change the default behaviour as mentioned in the article using the following API: set-access-request-config | SailPoint Developer Community . Alternatively, an access request administrator can reassign requests in the Dashboard → Access Request Administration interface.
I think what’s happening is that you are the requestor, so you can’t be the approver. Therefore, the approval gets reassigned to someone else. In this case, I’m assuming g.mega is the role owner. Otherwise, yes, it does go simply to another ISC administrator.
If you want managers’ requests to be implicitly approved, then you will need to make sure that only managers can request for others, only allow managers to see the requestable role.
