Identifying the approval level in Access Request Reviewer email template

Identity Security Cloud (ISC) ISC Discussion and Questions
1

We have a use case where we need to have different email content based on the approval level. Is there a possible way to identify the approval level within the access request reviewer email template to achieve this

2

Hello,

I don’t think you can identify approval level within the out-of-the-box email template unfortunately as that information isn’t available in the engine (you can only use the variables passed into the notification event (request ID, requester, item, reviewer, etc.))

You can however, configure a workflow that:

  1. Trigger on Access Request Pending Approval
  2. Inspect the approval step / level in the workflow context
  3. Send different emails depending on the level

Not sure about the JSONPath expression for approvalLevel but it would be something like: approval.type - this might not even be viable however, so another idea below:

If your goal is “different email content depending on which approval step we’re on”, the closest reliable proxy available in the approval payload is how many reviewers have already acted.

Proxy “approval level” = (# previous reviewers) + 1

From the PendingApproval schema:

  • Previous reviewers’ comments array
    JSONPath: $.previousReviewersComments

    • Count its elements and add 1 → current “step number” (approximation).

  • Each previous reviewer comment (history detail)
    JSONPath: $.previousReviewersComments[*]

Other useful fields you can branch on (often better than “level”):

  • Current approver (owner of this approval work item)
    JSONPath: $.owner.id / $.owner.name

  • Approval name (sometimes indicates the policy / approver type depending on config)
    JSONPath: $.name

  • Requested object (what is being requested)
    JSONPath: $.requestedObject.type / $.requestedObject.id / $.requestedObject.name

  • Request type (grant vs revoke)
    JSONPath: $.requestType

3

Hi @Swegmann,

I was unable to find the Access Request Pending Approval trigger. Do you mean to use access request submitted trigger with approval policy action?

4

Hey @gvscdeep1 ,

If I understand your requirement clearly, you can use access request submitted trigger —> approval policy include level 1 —> send email —> approval policy 2–> send an email.

I hope this helps your case.