How to create approvals in a custom workflow

PJain · May 7, 2025, 1:25am

Which IIQ version are you inquiring about?

8.4

Share all details about your problem, including any error messages you may have received.

*I have a custom quicklink that is associated to a custom workflow. Custom quicklink displays a custom form to the end user to fill out information to “create AD group”. Once the form is submitting my custom workflow creates the provisioning plan to create group in AD and processes it. My workflow is able to create AD group as desired.

Now, I want to introduce a one-step approval based on the identity type field selected in the form.

I am not able to find the right documentation on how to setup approvals in my custom workflow. Do I need to subprocesses from LCM Provisioning to setup approvals? Do I add another “approval” type step in my workflow and then create new approvalset and then return it?

Sivakrishna1993 · May 7, 2025, 2:29am

You can add an approval step directly in your custom workflow by inserting an “approval” step before the provisioning logic. There’s no need to use LCM subprocesses if you’re handling the process entirely within a custom workflow. However, you will need to define the approval logic manually and manage the ApprovalSet yourself.
Insert an “approval” step in your workflow before the provisioning logic
{
“name”: “ApprovalStep”,
“type”: “approval”,
“approverRef”: {
“type”: “identityAttribute”,
“name”: “manager” // or your logic here
},
“reason”: “Approve creation of AD group for identity type ${form.identityType}”,
“approvalSet”: {
“type”: “default”
},
“next”: “ProvisionStep”
}
2. Determine the Approver Based on Form Input

If the approver should vary depending on the identityType selected in the form, you can use a script step to evaluate the form value and set the appropriate approver dynamically.

This script can store the result in a workflow variable, which you’ll then reference in the approverRef field of the approval step.

Example: Script Step to Set a Workflow Variable

json
{
“name”: “DetermineApprover”,
“type”: “script”,
“script”: {
“type”: “beanshell”,
“source”: “String identityType = workflow.form.get("identityType"); Identity approver = null; if ("Contractor".equals(identityType)) { approver = context.getObjectByName(Identity.class, "contractorApprover"); } else { approver = identity.getManager(); } workflow.setVariable("dynamicApprover", approver);”
},
“next”: “ApprovalStep”
}

Then, in your approval step:

json
“approverRef”: {
“type”: “identity”,
“id”: “${workflow.dynamicApprover.id}”
}

kalyan_dev32 · May 7, 2025, 2:31am

If you guys are using the Services Standard Framework (SSF) in your environment, you can make use of the Approval Framework that comes with it. It supports custom approval flows, and you can even plug in your own logic for things like approvers, escalation rules, and notifications.

If not, you can still implement approvals manually. Sample approval step:

  <Step icon="Approval" name="Approval" posX="158" posY="22">
    <Approval mode="serial" owner="script: return identityModel.get(&quot;approvers&quot;);" renderer="lcmWorkItemRenderer.xhtml" return="identityModel,reviwerComments,userAction" send="identityModel">
      <Arg name="launcher" value="$(launcher)"/>
      <Arg name="workItemDescription" value="script:return &quot;Approval: &quot; + $(identityModel.roleDisplayName);"/>
      <Arg name="workItemForm" value="Approval Form Name"/>
      <Arg name="workItemType" value="Approval"/>
      <Arg name="workItemFormBasePath" value="identityModel"/>
      <Arg name="workItemEscalationRule" value="Escalation Rule"/>
      <Arg name="workItemEscalationTemplate" value="Email Template"/>
      <Arg name="workItemHoursTillEscalation" value="336"/>
      <Arg name="workItemNotificationTemplate" value="Email Template"/>
      <Arg name="approvalMode" value="serial"/>
      <Arg name="workItemRequester" value="$(launcher)"/>
    </Approval>
    <Transition to="L2 Send"/>
  </Step>

You can tweak this depending on your use case like using parallel mode, different approval logic, or custom forms/templates.

PJain · May 7, 2025, 3:46am

Thanks for your response.

It looks like this sample code might be for IDN

PJain · May 7, 2025, 3:48am

Thanks for your response.

I will try this sample code. I am assuming I need to write code in the script for “owner” correct?

If yes, do I need to create approvalSets or can I simply find identity using context and return it?

PJain · May 8, 2025, 2:47am

I was able to get the approvals using this code. But I removed workItemForm to make it work.

Do you have any sample workitem form that I can use to show my custom fields from the Form?

kalyan_dev32 · May 8, 2025, 3:15am

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Form PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Form created="1746674065060" id="c0a8014d96a116a78196ade31ea317b2" name="Approval Form" type="Workflow">
  <Attributes>
    <Map>
      <entry key="formBasePath" value="identityModel"/>
      <entry key="labelAlign" value="top"/>
      <entry key="pageTitle" value="Approval Form"/>
      <entry key="title" value="Approval Form"/>
    </Map>
  </Attributes>
  <Section>
    <Field displayName="Display Name" dynamic="true" name="roleDisplayName" readOnly="true" type="string"/>
    <Field displayName="Entitlements" dynamic="true" multi="true" name="entitlements" readOnly="true" type="ManagedAttribute">
      <Script>
        <Source>
          return identityModel.get("entitlements");

        </Source>
      </Script>
    </Field>
    <Field displayName="Comments" displayType="textarea" name="comments" type="string">
      <Attributes>
        <Map>
          <entry key="height" value="100"/>
        </Map>
      </Attributes>
    </Field>
  </Section>
  <Button action="next" label="Approve" parameter="userAction" value="next"/>
  <Button action="back" label="Reject" parameter="userAction" value="back"/>
  <Button action="cancel" label="Cancel" parameter="userAction" value="cancel"/>
</Form>

PJain · May 8, 2025, 3:30am

Thanks for sharing this sample form.

In my case, I am getting a form populated to “create AD group” before the “approval”. I am not using identity attributes in my “create AD group” so I cant use identityModel

So how do I pass fields from my “create AD group” form to this “approval form”?

Do I need to build a custom formModel?

This e-mail message and any files transmitted with it may be confidential and are intended solely for the use of the individual or entity to whom they are addressed. The contents thereof may also be privileged or otherwise protected by work product immunity or other legal rules. If you have received this e-mail message in error, please notify the sender and delete the message. Any views or opinions presented in this e-mail message are solely those of the author and do not necessarily represent those of Paylocity. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission.

kalyan_dev32 · May 8, 2025, 3:45am

Yes, you can formModel to pass it