Save approver information per entitlement in SailPoint, but run approvals only in ServiceNow

Identity Security Cloud (ISC) ISC Discussion and Questions
,
1
  • What have you tried?
    We are using search APIs to get entitlements and roles relates data from SailPoint on nightly basis. We are using this data to create our Access Request Service Catalog in ServiceNow. We want to initiate approvals (per entitlement / role) in ServiceNow. But, it looks like there is no way to pull approver related data during our nightly feed. The APIs require to create a SailPoint request as well and then back and forth to get approval going. So, essentially we will be doing approval in both ServiceNow and SailPoint.
  • What errors did you face (share screenshots)?
    We are not able to get approver information from SailPoint without triggering approvals in SailPoint as well.
  • Share the details of your efforts (code / search query, workflow json etc.)?
    Our Flow is Simple:
  1. Get all roles / entitlements from SailPoint on nightly basis (we don’t want to do it real time)
  2. Show these options to user who wants to request access.
  3. After user submits the access to a requestbale object (entitlement or role), go through a approval process.
  4. Once approved provision access in SailPoint.
  • What is the result you are getting and what were you expecting?
    We are not getting approver infomation when we use search apis to pull requestable objects.
2

Hi @pankajsharma2000,

Welcome to the SailPoint Developer Community! Great question; your use case of externalizing access approvals to ServiceNow while keeping **SailPoint as the provisioning engine is becoming more common.

SailPoint ISC only resolves and returns approvers during the access request runtime. Also if approvers are configured in SailPoint, the approvals will run in SailPoint, before provisioning as it should.

If your access model is simple, where all entitlement / access profile / role owners are the approvers, you can technically still get the owner information from APIs over night and allows approvals only in ServiceNow but you have to removal approvals in SailPoint to skip duplication. But I am almost certain your access model is a bit complex than that.

Other way would be to keep the approvals configuration in SailPoint and let ServiceNow be a ticketing platform where end-user can see the status/progress of their request without any approvals(in ServiceNow I mean).

Good luck mate.