8.4
Hi Everyone, I have a requirement where the roles and entitlements should follow the default approval process as it is set even when they are requested in bulk. Could anyone please let me know what I need to change in the ‘LCM Provisioning’ workflow to achieve this feat.
Hi @schaudhury,
Check the business process for Request access and Batch Request Access in Lifecycle Manager. Both should be same business process.
Regards,
Arun
@Arun-Kumar it tried this but it didnt go for approval
Is a separate Access Request being generated for each item within this Batch Request?
could you please provide the name of the workflow configured for these Batch Request?
I tried setting the Access Request workflow as you suggested but it didnt work so changed it to the default LCM Provisioning workflow now.
Verify the approvalScheme in LCM Provisioning. It should be “owner”. If it isn’t, then you likely have customized the OOTB workflow and should instead have cloned that workflow to a new workflow with a different name, and should be using that. Modifying the OOTB workflows, or even opening them in the Business Process editor, I don’t recommend, because then you can’t go back and compare the OOTB workflow to your custom one for troubleshooting.
In any case, if you want to see what your workflow is doing, set up workflow trace. You can do this in your log4j2.properties by setting up a logger with sailpoint.WorkflowTrace of trace. Then you can trace your workflow while it is doing a bulk load, and see if there’s a step that causes it to skip the approvals.
Hi @mercury, the approvalScheme in LCM Provisioning is set to none. And we have used cloned and used the LCM Provisioning with a different name where the approval scheme is set to ‘manager’. I tried setting that workflow too but it didnt work.
From what I understand: You have a workflow you are using for Requests and it has the manager approvalScheme. You found that batch requests were set to LCM Provisioning which has approvalScheme of none and have corrected that, setting it to your custom workflow. Can you confirm that you have done a rolling restart of the task servers and UI servers before testing? Remember that batch processes start on the UI servers.
@mercury before the changes it was done.
Btw the latest update is when I set the BatchRequestApproval in SystemConfig as true, it is going for approval but to the admin who is uploading the batch file but we need to generate it for each row item as per the default process
You need to select " generate access request " Option the batch request.
That is the solution for you problem.
Best!
@ipobeidi you mean Generate Identity Request? I have selected that option
Add the below script in Approve and Provision step under LCM Provisioning workflow.
<Arg name="approvalScheme" value="ref:approvalScheme">
<Script>
<Source>
if(source.equalsIgnoreCase("Batch")){
return "manager";
}
</Source>
</Script>
</Arg>
@Arun-Kumar thanks for the solution, the approval request is getting generated
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.