LCM Create and Update Identity (Changing Approvers excluding Manger, NewManager)

IdentityIQ (IIQ) IIQ Discussion and Questions
, , ,
1

Which IIQ version are you inquiring about?

Version 8.4

Share all details related to your problem, including any error messages you may have received.

Is there any sample workflow on what needs to be changed for customised approvers? The requirement is dependent on the identity attributes submitted by the user in the form. I created an extra step in Identity Request Approve Identity Changes before Approval to process the approvals, however it is not passing anything to it. Under the approvalScheme for LCM Create and Update I cant seem to edit it and it always goes back to the manager.

Appreciate if anyone has inputs on this.

Thank you.

2

It seems like Manager and newManager (or none) is only available options in LCM Create And Update. The easiest way would be to write your own workflow in which in first step you build approval and assign it to whomever you want and after this step is approved you can launch LCM Create and Update as subworkflow with none approval scheme.

That should solve your requirement and actually you won’t need to customize OoTB workflow.

3

Is there any sample workflow that I can write to do this to pass to the LCM Create and Update workflow? If I indicate none in the ootb LCM Create and Update, it seems to indicate that the approvals is disabled.

4

This would be sample workflow to start LCM Create and Update as subworkflow

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Workflow PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Workflow explicitTransitions="true"  name="Sample WF" >
  <Variable initializer="none" name="approvalScheme"/>
  <Variable name="plan"/>
  <Step icon="Start" name="Start" posX="28" posY="10">
    <Transition to="Build and Approve"/>
  </Step>
  <Step icon="Stop" name="Stop" posX="382" posY="10"/>
  <Step icon="Default" name="Call LCM Create and Update" posX="256" posY="10">
    <Arg name="approvalScheme" value="ref:approvalScheme"/>
    <Arg name="plan" value="ref:plan"/>
    <WorkflowRef>
      <Reference class="sailpoint.object.Workflow" name="LCM Create and Update"/>
    </WorkflowRef>
    <Transition to="Stop"/>
  </Step>
  <Step icon="Default" name="Build and Approve" posX="98" posY="10">
    <Transition to="Call LCM Create and Update" when="ref:approved"/>
    <Transition to="Stop" when="!ref:approved"/>
  </Step>
</Workflow>

The only thing you have to do is to implement in Build and Approve step approval depending on your requirements.

5

This would be sample workflow to start LCM Create and Update as subworkflow

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Workflow PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Workflow explicitTransitions="true"  name="Sample WF" >
  <Variable initializer="none" name="approvalScheme"/>
  <Variable name="plan"/>
  <Step icon="Start" name="Start" posX="28" posY="10">
    <Transition to="Build and Approve"/>
  </Step>
  <Step icon="Stop" name="Stop" posX="382" posY="10"/>
  <Step icon="Default" name="Call LCM Create and Update" posX="256" posY="10">
    <Arg name="approvalScheme" value="ref:approvalScheme"/>
    <Arg name="plan" value="ref:plan"/>
    <WorkflowRef>
      <Reference class="sailpoint.object.Workflow" name="LCM Create and Update"/>
    </WorkflowRef>
    <Transition to="Stop"/>
  </Step>
  <Step icon="Default" name="Build and Approve" posX="98" posY="10">
    <Transition to="Call LCM Create and Update" when="ref:approved"/>
    <Transition to="Stop" when="!ref:approved"/>
  </Step>
</Workflow>

The only thing you have to do is to implement in Build and Approve step approval depending on your requirements.

6

I tried to do this, but I am not able to get the approvalSet variable to retrieve the identity attributes that was set in the form. Am I doing this wrong? and what should I be returning for this build and approve step would it be something like this? approvalIdentity = iag.buildApprovalsFromMap(approvalMap, apprType);

and return approvalIdentity.

Thank you.

7

In LCM Create and Update - first step executes rule LCM Build Identity ApprovalSet this rule is returning approval set - you can just make a copy of this rule and build approval set how you need.

1 Like
8

Hi Kamil,

Thanks for the advice. I’m fairly new to this. I’ve managed to get the approval set and gotten the variable for me to build the approval. I have checked the xml of my build approval and noted that the owner is stored inside that shows:
Approval description="xxxxx - Account Changes for User: xxxxx owner=“xxxxx”
I returned the approvalIdentity after creating approvalIdentity = iag.buildApprovalsFromMap(approvalMap, apprType);

When I tried to submit the identity request, it shows created in the UI but the identity request is not created anywhere. Appreciate if you can advise if I am missing anything to pass over. what does ref:approved mean? How do I trigger LCM Create and Update for this step?

9

Hi @infamous,

If your requirement is just to have custom approver based on some condition then you may use owner script in the “Approval Step” in workflow Identity Request Approve Identity Changes and it just need identity name or list of identities.

Let us know if I am not getting the use-case or you need further help.

Sample Script:

<OwnerScript>
        <Source>
                Identity identity=context.getObject(Identity.class,"customIdentityName");
      		System.out.println("Calculating owner of the approval ");  
return identity;
        </Source>
      </OwnerScript>

Thanks

10

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.