Identity Security Cloud users typically request access through the Identity Security Cloud UI. Access requests can also be initiated from external systems using the access request REST APIs, which allow approvals to flow from the external system into Identity Security Cloud for provisioning without requiring additional approval.
Blockquote
And include the following in the body of the request:
{ “approvalsMustBeExternal”: true, },
You cant just have that one line, as other attributes are mandatory
A better approach would be for documentation to say GET beta/access-request-config then change approvalsMustBeExternal to true.
One thing to note is that result is bad user experience. End users can still access Request Center, still add roles etc, and only once they click ‘submit request’, only then does the error pop up
“Access requests can not be submitted from this interface because they have been configured in an external tool, and access restrictions are in place.”
This is bad user experience that will lead to lots of service desk calls.
A far nicer user experience is that if approvalsMustBeExternal = true, then dont show Request Center tab at all, or, as soon as a user clicks on it, show the error message. Dont wait for the user to go to all the effort of searching roles and selecting them and adding comment and adding expiration date only to then display error at very end of process.
