Using the SDK to handle Access Requests

In the past I would write my own module to handle the API calls in Powershell, but since the community was kind enough to develop one, I thought I would take advantage of it.

I am having a difficult time piecing my way through it, and if someone can show me the key to this, I will HAPPILY prepare documentation for Powershell for the community to use.

That little rant over, I am trying to write a script that sends the approver a reminder email each day for 4 days and if they do not approve or deny the access request, it will cancel the request with a comment of “canceled because the approver(s) did not respond to the request.”
I started with a call to Get-AccessRequestStatus and looped until I had all the requests, then I filtered those with a state="EXECUTING" I see there is a Get-PendingApprovals call that goes a bit faster, and return similar data, but serveral of the properties have different names. Which is the correct call to use? I can make either call work in my script.
Next, I want to cancel the request if it is too old. There is no cancel-accessrequest function, but I do see Suspend-AccessRequest. My issue with that is what ID do I use?
When I use Get-AccessRequestStatus, I have a property called accountActivityItemID, but when I use it in the Suspend-AccessRequest call it fails as a bad request.

$b = Initialize-CancelAccessRequest -AccountActivityId $request.accountActivityItemId -Comment "Request denied due to lack of response by the approver(s)."
Suspend-AccessRequest -CancelAccessRequest $b

Get Access Request Status will show the status of the entire request, whereas Get Pending Approvals will show the status of each approval step in an access request. If the goal is to write a program that can cancel an access request based on some criteria, use the get access request status endpoint to find the access request you are interested in. There are a number of query params that can help narrow it down, such as using regardingIdentity and the sorters query params to filter by a specific identity and by latest requests. Once you narrow down which request you are interested in cancelling, pull out the accessRequestId from the body, which you will use in cancel access request to cancel the request.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.