Skip to main content

Access Request Decision

Event Context

The SailPoint Identity Security Cloud platform now includes event triggers within the access request approval workflow. The 'Access Request Decision' event trigger provides more proactive governance and ensures users can quickly obtain needed access.

Flow

When an access request is approved, some uses cases for this trigger include the following:

  • Notify the requester that the access request has been approved or denied.
  • Notify the administrator or system to take the appropriate provisioning actions for the requested access.
  • Notify a third party system to trigger another action (e.g. customer feedback survey, initiate another business process), or it can be used for auditing once an access request decision has been made.

The 'Access Request Decision' event trigger is a flexible way to extend the access request workflow after access is approved for the requester.

This is an example input from this trigger:

{
"accessRequestId": "2c91808b6ef1d43e016efba0ce470904",
"requestedFor": {
"type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90c1313",
"name": "William Wilson"
},
"requestedItemsStatus": [
{
"id": "2c91808b6ef1d43e016efba0ce470904",
"name": "Engineering Access",
"description": "Access to engineering database",
"type": "ACCESS_PROFILE",
"operation": "Add",
"comment": "William needs this access to do his job.",
"clientMetadata": {
"applicationName": "My application"
},
"approvalInfo": [
{
"approvalComment": "This access looks good. Approved.",
"approvalDecision": "APPROVED",
"approverName": "Stephen.Austin",
"approver": {
"type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90c1313",
"name": "William Wilson"
}
}
]
}
],
"requestedBy": {
"type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90c1313",
"name": "William Wilson"
}
}
info

clientMetadata is determined by the user that invoked create-access-request and can contain any value at runtime that was specified in the access request.