Using "Access Request Submitted" Event Trigger

Hi Folks–

I have some questions about the “Access Request Submitted” event trigger. I understand that this requires a response but I have a number of questions about that response.

  • If the requested item doesn’t require any approvals, what kind of response should be sent?
  • Can you explain the different kind of Response Types (Async, Sync, Specified by Integration) and how to use each one of them? My assumption is that Async means that the response can be sent not necessarily as the Event Trigger API/response itself, but separately. If that is the case, what API call would I make back to approve/deny the request (even if there are no approvals required on the request)?

Thanks in advance!

I found this helpful and am currently testing with this in mind!

https://developer.sailpoint.com/triggers/Trigger_Invocations.html#custom-application-response

Hey @justinrhaines thanks for posting this.

I see you have already found https://developer.sailpoint.com/triggers/getting_started.html. Take a look there and let us know if you have any additional question or hurdles that you need help overcoming. There are also some other resources still in Compass that be be helpful to review as well. for instance, SaaS Solutions - Compass has some helpful information and links.

Both websites were very helpful, but although I am getting the request and sending the response expected, my requests (with no approval required) are being denied. I have tried ASYNC with a response 200 and 202 as well as Specified by Integration with a response 200 and 202.


Request (webhook.site):

  "_metadata": {
    "callbackURL": "https://partner004.api.identitynow.com/beta/trigger-invocations/e493e495-c300-4c8e-ab54-f787a30e6687/complete",
    "responseMode": "dynamic",
    "secret": "a399b39d-cd70-4b54-893c-a1e2c328b497",
    "triggerId": "idn:access-request-pre-approval",
    "triggerType": "requestResponse"
  },...

Reponse Body (Content-type application/json):
{}



POST (via Postman):
https://partner004.api.identitynow.com/beta/trigger-invocations/e493e495-c300-4c8e-ab54-f787a30e6687/complete

BODY:

  "secret": "a399b39d-cd70-4b54-893c-a1e2c328b497",
  "output": {
    "approved": true
}
}

Response: 204 No Content


Can anyone provide me any pointers on what I might be missing here?

Try updating the request body like this while completing the invocation:

{
    "secret": "a399b39d-cd70-4b54-893c-a1e2c328b497",
    "output": {
        "approved": true,
        "approver": "MyExternalIntegration",
        "comment": "Approved by MyExternalIntegration"
    }
}
1 Like

Perfect, that was the trick.

The documentation (Initiate a Trigger Test Invocation | Sailpoint API References) should be updated to include that!

1 Like

Well, that documentation is generic and contains some example triggers. The output may vary depending on the schema of the trigger that is being used.

@justinrhaines,

The correct request body to send back to the Access Request Submitted trigger can be found here: https://developer.sailpoint.com/triggers/early-access-event-triggers/Access_Request_Preapproval.html#async. As @raine.ahmed pointed out, the link you shared is generic, while this one is specific to Access Request Submitted.

1 Like