We have a specific requirement regarding Roles. Our client has requested that an approval process be established for any changes to Roles. For instance, if someone wants to add or remove a specific Role, it should go through an approval process. Once all approvers have given their consent, the request should then be forwarded to the Role Owner or an individual with Role Admin permissions. I’m curious about how this can be implemented in SailPoint IdentityNow. Does anyone have any suggestions?
ISC provides an approval process to define for Roles, Access Profile and Entitlements. You can manage the approval upto 3 levels or so. To setup the configuration you can edit the respective access items.
To the best of my knowledge, I dont believe this is possible in ISC.
The only way to restrict who is able to modify the roles is by carefully choosing who has access to the elavated Sailpoint permissions such as Admins and Role Admins as you say.
Hi @PrashantMishra, what you sent me is about configuring setting approvals for access/removal request for people. What I am looking for is adding approval process when adding/removing entitlements to Roles/Access Profiles.
Approval process for adding and removal of entitlements to access items are not achievable in ISC at the moment. But to restrict the exposure to assign/remove entitlements we can use the available permissions in ISC such as Admins, Role/Sub Role admins as per @Mccarney .