I wanted to set up 3 level approvers (Manager, owner, Workgroup) for specific application's entitlement in Access Request. How to do that? Can you pls share the code

Hi, I wanted to set up 3 level approvers (Manager, owner, Workgroup) for specific application’s entitlement in Access Request. How to do that? Can you pls share the code

The way we handled this type of a requirement was by setting up extended attribute on the entitlement, this attribute would define the approval schema. Using this you can create a custom approval based on entitlements. You can take a look at this old Compass link - https://community.sailpoint.com/t5/IdentityIQ-Forum/Dynamic-approval-flow/m-p/161126

4 Likes

hi @ArunSundar

If you have deployed SSF in your enviroment you can follow up the Approval section as is described in the following user guide

Services Standard Frameworks User Guide - SSF - Compass (sailpoint.com)

Otherway if you are no using SSF, you can create a custom rule as is described in the following topic

1 Like

Hi @ArunSundar ,

The recommended way of managing multiple Approval is Approval assignment rule. Please check below link if know more about the same:

https://community.sailpoint.com/t5/IdentityIQ-Forum/Two-step-approval-using-Approval-Assignment-Rule/m-p/33733

I could see that you are using Approval Assignment Rule.

We manage approvals based on Approval scheme which is manager, owner which you already aware of.

We have one more approval scheme which is identity which is used for handling approval from any specific user or a workgroup.

If your approval scheme contains identity then it will check for approvingIdentities argument in your LCM Provisioning workflow.

So, I would ask you to add these 2 changes and test it. It will work.

Thanks
Krish

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.