Triggering access requests via joiner workflow

Which IIQ version are you inquiring about?

Version 8.2

Share all details related to your problem, including any error messages you may have received.

Hello,

Am looking for some inputs on this topic.
Need to submit an access request for business role at the end of the joiner workflow so that it would trigger manager and role owner approval.
Can you please advise APIs and methods to request a business role.
We already have required things in place for manager approval and role owner approval to provision access via direct or through servicedesk integration.

Thanks in advance!

It’s very simple. Create provisionin plan to grant the role you need, create another step to which you pass the plan and call LCM Provisioning as subworkflow. You can configure approvalScheme attribute to manager, owner to achieve what you need.

If you already have the provisioning plan ready you can just use this step to start LCM Provisioning with proper settings

<Step icon="Default" name="Launch LCM Provisioning" posX="98" posY="10">    
<Arg name="identityEmailTemplate" value="ref:identityEmailTemplate"/>  
<Arg name="enableRetryRequest" value="ref:enableRetryRequest"/>    
<Arg name="securityOfficerElectronicSignature" value="ref:securityOfficerElectronicSignature"/>    
<Arg name="fallbackApprover" value="ref:fallbackApprover"/>    
<Arg name="endOnManualWorkItems" value="ref:endOnManualWorkItems"/>    
<Arg name="userEmailTemplate" value="ref:userEmailTemplate"/>   
<Arg name="policiesToCheck" value="ref:policiesToCheck"/>   
<Arg name="project" value="ref:project"/>   
<Arg name="workItemComments" value="ref:workItemComments"/>    
<Arg name="identityRequestId" value="ref:identityRequestId"/>    
<Arg name="approvalSplitPoint" value="ref:approvalSplitPoint"/>  
<Arg name="source" value="ref:source"/>  
<Arg name="identityDisplayName" value="ref:identityDisplayName"/> 
<Arg name="foregroundProvisioning" value="ref:foregroundProvisioning"/>  
<Arg name="ownerElectronicSignature" value="ref:ownerElectronicSignature"/> 
<Arg name="batchRequestItemId" value="ref:batchRequestItemId"/>   
<Arg name="splitPlans" value="ref:splitPlans"/> 
<Arg name="doRefresh" value="ref:doRefresh"/>  
<Arg name="plan" value="ref:plan"/>  
<Arg name="flow" value="ref:flow"/>    
<Arg name="identityElectronicSignature" value="ref:identityElectronicSignature"/>    
<Arg name="identityName" value="ref:identityName"/>   
<Arg name="approvalSet" value="ref:approvalSet"/>    
<Arg name="violationReviewDecision" value="ref:violationReviewDecision"/>   
<Arg name="filterRejects" value="ref:filterRejects"/>   
<Arg name="splitProjects" value="ref:splitProjects"/>  
<Arg name="requesterEmailTemplate" value="ref:requesterEmailTemplate"/>   
<Arg name="approvalEmailTemplate" value="ref:approvalEmailTemplate"/>    
<Arg name="ticketManagementApplication" value="ref:ticketManagementApplication"/> 
<Arg name="securityOfficerName" value="rule:UPR Set LCM Provisioning SecOff"/> 
<Arg name="approvingIdentities" value="ref:approvingIdentities"/>    
<Arg name="managerEmailTemplate" value="ref:managerEmailTemplate"/>    
<Arg name="ticketId" value="ref:ticketId"/>    
<Arg name="allowRequestsWithViolations" value="ref:allowRequestsWithViolations"/>    <Arg name="workItemPriority" value="ref:workItemPriority"/>    
<Arg name="approvalScheme" value="manager,owner"/>    
<Arg name="managerElectronicSignature" value="ref:managerElectronicSignature"/>    <Arg name="requireViolationReviewComments" value="ref:requireViolationReviewComments"/>    
<Arg name="splitApprovalSet" value="ref:splitApprovalSet"/>   
<Arg name="approvalMode" value="ref:approvalMode"/>    
<Arg name="trace" value="ref:trace"/>  
<Arg name="endOnProvisioningForms" value="ref:endOnProvisioningForms"/>    
<Arg name="splitWorkItemComments" value="ref:splitWorkItemComments"/>    
<Arg name="policyViolations" value="ref:policyViolations"/>   
<Arg name="policyScheme" value="ref:policyScheme"/>   
<Arg name="setPreviousApprovalDecisions" value="ref:setPreviousAp provalDecisions"/>    
<Arg name="optimisticProvisioning" value="ref:optimisticProvisioning"/>   
<Arg name="securityOfficerEmailTemplate" value="ref:securityOfficerEmailTemplate"/> 
<WorkflowRef>      
<Reference class="sailpoint.object.Workflow" name="LCM Provisioning with pre Notification"/>   
</WorkflowRef>   
<Transition to="Stop"/>  
</Step>

Thanks, Kamil!
Will try this out and keep you posted.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.