How to disable approval escalation in Sailpoint?

s_tartaglione · April 9, 2025, 7:59am

Hello everyone, I noticed that in Sailpoint there is the approval escalation in the sense that if I try to request an access item for the user X and the approver is not responding, the approval is going to the manager of the approver X, if the manager is not responding, the approval will go to the manager of the manager. In my case , I want disable this kind of escalation, i don’t want that the request , if not approved in time, is escalated. Anyone that is experienced in this can give me some advices or solutions? Thanks

Mahesh_Mukku · April 9, 2025, 9:13am

Hello @s_tartaglione ,
Greetings of the Day!

please check the below link regarding Approval Escalations.

Let me know for any queries .
Thank You
Mahesh M

vkashat · April 10, 2025, 8:43pm

This is good information, but the API endpoint referenced is deprecated, you’ll need to use this one:

set-access-request-config | SailPoint Developer Community

margocbain · April 10, 2025, 8:54pm

Hi Salvatore,

You can use the following curl commands…

curl --location 'https://tenantname.api.identitynow.com/v2024/access-request-config'

It will return a body like

{
    ...
    "approvalReminderAndEscalationConfig": {
        "daysUntilEscalation": 1,
        "daysBetweenReminders": 2,
        "maxReminders": 2,
        "fallbackApproverRef": {
            "email": "emailname",
            "type": "IDENTITY",
            "id": "id",
            "name": "name"
        }
    },
    ...
}

Update the body to have the following

"approvalReminderAndEscalationConfig": {
        "daysUntilEscalation": null,
        "daysBetweenReminders": null,
        "maxReminders": null,
        "fallbackApproverRef": null
    }

Copy the whole body, including the other tags for entitlementRequestConfig, etc. and use the following API to update it

curl --location --request PUT 'https://tenantname.api.identitynow.com/v2024/access-request-config' \
--header 'Content-Type: application/json' \
--header 'Content-Type: application/json' \
--data-raw '<insert your body here'

Be sure to test in sandbox before doing this in PROD

s_tartaglione · April 11, 2025, 7:52am

Thanks for your response, this disable all the escalation? so the request is not escalated also to the manager of the first level? And how it works? The access request will be always in pending waiting an approval?

margocbain · April 11, 2025, 5:02pm

Hi Salvatore,

This will disable all escalations for all access requests. The request will remain pending until it is cancelled or approved/rejected.

Most organizations do want some sort of escalation, so check that you truly want it disabled. You can extend the time until it is escalated instead of disabling as well, let’s say, providing 7 days until it is escalated. If the concern is that there are VIPs (e.g., CEO) who is getting access requests escalated to them, then you can just set up a work reassignment on people who should never have to approve a request by going to the ‘Work Reassignment’ tab on the Identity.