Skip to main content

Update Access Request Configuration

PUT 
/access-request-config

This endpoint replaces the current access-request configuration. A token with ORG_ADMIN authority is required to call this API.

Request

Body

required

    approvalsMustBeExternal boolean

    If this is true, approvals must be processed by an external system. Also, if this is true, it blocks Request Center access requests and returns an error for any user who isn't an org admin.

    autoApprovalEnabled boolean

    If this is true and the requester and reviewer are the same, the request is automatically approved.

    requestOnBehalfOfConfig

    object

    Request On Behalf Of configuration.

    allowRequestOnBehalfOfAnyoneByAnyone boolean

    If this is true, anyone can request access for anyone.

    allowRequestOnBehalfOfEmployeeByManager boolean

    If this is true, a manager can request access for his or her direct reports.

    approvalReminderAndEscalationConfig

    object

    Approval reminder and escalation configuration.

    daysUntilEscalation int32nullable

    Number of days to wait before the first reminder. If no reminders are configured, then this is the number of days to wait before escalation.

    daysBetweenReminders int32nullable

    Number of days to wait between reminder notifications.

    maxReminders int32nullable

    Possible values: >= 1

    Maximum number of reminder notification to send to the reviewer before approval escalation.

    fallbackApproverRef

    object

    nullable

    type string

    The type can only be IDENTITY. This is read-only.

    id string

    Identity ID.

    name string

    Identity's human-readable display name. This is read-only.

    email string

    Identity's email address. This is read-only.

    entitlementRequestConfig

    object

    Entitlement request configuration.

    allowEntitlementRequest boolean

    If this is true, entitlement requests are allowed.

    requestCommentsRequired boolean

    If this is true, comments are required to submit entitlement requests.

    deniedCommentsRequired boolean

    If this is true, comments are required to reject entitlement requests.

    grantRequestApprovalSchemes stringnullable

    Default value: sourceOwner

    Approval schemes for granting entitlement request. This can be empty if no approval is needed. Multiple schemes must be comma-separated. The valid schemes are "entitlementOwner", "sourceOwner", "manager" and "workgroup:{id}". You can use multiple governance groups (workgroups).

Responses

Access Request Configuration Details.

Schema

    approvalsMustBeExternal boolean

    If this is true, approvals must be processed by an external system. Also, if this is true, it blocks Request Center access requests and returns an error for any user who isn't an org admin.

    autoApprovalEnabled boolean

    If this is true and the requester and reviewer are the same, the request is automatically approved.

    requestOnBehalfOfConfig

    object

    Request On Behalf Of configuration.

    allowRequestOnBehalfOfAnyoneByAnyone boolean

    If this is true, anyone can request access for anyone.

    allowRequestOnBehalfOfEmployeeByManager boolean

    If this is true, a manager can request access for his or her direct reports.

    approvalReminderAndEscalationConfig

    object

    Approval reminder and escalation configuration.

    daysUntilEscalation int32nullable

    Number of days to wait before the first reminder. If no reminders are configured, then this is the number of days to wait before escalation.

    daysBetweenReminders int32nullable

    Number of days to wait between reminder notifications.

    maxReminders int32nullable

    Possible values: >= 1

    Maximum number of reminder notification to send to the reviewer before approval escalation.

    fallbackApproverRef

    object

    nullable

    type string

    The type can only be IDENTITY. This is read-only.

    id string

    Identity ID.

    name string

    Identity's human-readable display name. This is read-only.

    email string

    Identity's email address. This is read-only.

    entitlementRequestConfig

    object

    Entitlement request configuration.

    allowEntitlementRequest boolean

    If this is true, entitlement requests are allowed.

    requestCommentsRequired boolean

    If this is true, comments are required to submit entitlement requests.

    deniedCommentsRequired boolean

    If this is true, comments are required to reject entitlement requests.

    grantRequestApprovalSchemes stringnullable

    Default value: sourceOwner

    Approval schemes for granting entitlement request. This can be empty if no approval is needed. Multiple schemes must be comma-separated. The valid schemes are "entitlementOwner", "sourceOwner", "manager" and "workgroup:{id}". You can use multiple governance groups (workgroups).

Loading...