The efficient movement of work through IDN is critical for customer success. The configuration of access request approval routing, the availability of people assigned to the work, and organizational change can lead to approvals sitting in unresolved states for long periods of time - and sometimes indefinitely. Compounding the issue is the lack of administrative visibility to this work with meaningful meta-information presented side-by-side with powerful controls over the work. Today, when needing to hunt down and change the status of several pieces of work, administrators are having to do this through Search or directly through APIs and are commonly doing so one request at a time.
This means access requests sit for extended periods of time - which leads to stale or incorrect identities and a loss of productivity (especially in the case of Access Requests and Provisioning Task reassignment).
Sound Familiar?
If this is a problem that impacts your organization, use our Ideas Portal to cast your vote for this Idea. Here you can view currently submitted ideas, add comments for your specific use cases around this problem, and vote!. Idea: Access Request Administration / Access Request Tracking
Curious to know, will the new functionality allow Org Admins to search for or view all the access requests in system including open/active, pending, completed? Will they be able to reassign / escalate it or just close it out?
Configure reminders/escalation granularly instead of at global level, being able to include additional recipients in reminder/escalation email or dynamically provide fallback users.
Being able to prevent users from making duplicate request
When we tackle this, we’ll definitely include all access requests across the tenant (not just one status) and we’ll allow the ability to filter on those statuses. Org admins will be able to reassign, overwrite approval, cancel, or remind pending approvers.
Sunny - the ability to configure the global tenant settings under sailpoint.api.identitynow.com/v3/access-request-config is something we want to do long term, but it will not be a part of this effort most likely. In addition, preventing users from duplicates is likely out of scope here. I’d recommend looking for similar ideas in the idea portal.
Our focus here is exposing pending and completed access requests and allowing action on pending access requests for administrators, which has to be done via API only today.