Short bug description:
The forwarderName attribute in GET /v2024/access-request-approvals/pending is displaying the wrong name.
Long bug description:
Have a role with manager as approval step for access request. Have 5 different identities (A,B,C,D,E) to be really clear on which values are being taken. Identity C must be the manager of identity B.
Log in as identity A and this role on behalf of identity B, whose manager is identity C.
Using the personal access token of identity D, fetch the data of GET /v2024/access-request-approvals/pending to get the id of the related pending approval, then call the API POST /v2024/access-request-approvals/:id/forward with the personal access token of identity D and forward the request to identity E, with comment TEST: reassigned from identity D.
Now look at GET /v2024/access-request-approvals/pending again and you will see the approval with the following attribute in forwardHistory:
The forwarderName attribute points to the original requester (identity A), but it should point to the identity who actually forwarded it (identity D), as can be seen by the documentation (and common sense): list-pending-approvals | SailPoint Developer Community
Tagging @jennifer_mitchell for awareness. I will submit a support ticket.
This looks like a similar issue as the bug below, but it occurs at a different location.
I’ve got to say I am surprised to see this bug exists, but also that it either hasn’t been detected before or fixed already.
Even I was surprised when I checked details. It shows the requestor as forwarder name. I forwarded request manually from approver A to B and the audit logs show forwarder name as requestor himself.
I checked and although the API now shows the right value, the emails send from ISC still blame it on the wrong identity. I hoped that solving the above was sufficient, but unfortunately SailPoint has this configured wrongly in different spaces and rather than checking and analysing this themselves, I have to report back to SailPoint Support again that ISC Access Request Approvals still blame the reassignment on the wrong identity in order for this to get truly fixed.
Looks like you’re treated as the bug hunter, and that SailPoint is only looking at the reported issue in a tactical fashion instead of the overall use case comprehensively.
Perhaps, but I am not a bug hunter. I just want to properly test the functionality I want to implement for my clients, and I am quite dumbfounded that so many of the issues I find are not caused by me making a mistake during implementation, but simply because I stumble on so many bugs within ISC. Bugs that I would have expected to be found internally by either SailPoint employees or externally hired testers prior to releasing to partners and customers.
I’m in the same boat. Not only issues, but quirks, OOTB limitations / lack of features / rigidness.
Or even anytime in the past 7 years. Like, ISC is also a moving target, I get that…but it sure has some ‘noob’ bugs / issues / inconsistencies that you don’t expect from a ‘supposedly’ class-leading IGA vendor.
Personally, I’m looking at / assessing ISC as a whole separate product, regardless of SailPoint’s reputation from their on-premises history. Not letting that reputation cloud my judgment (pun not intended).
