Defining approvals in a generic way based on a custom object. The custom object contains the type of provisioning request, application details and the approvers details.
The approval assignment rule is written to trigger the approvals based on the approvers in the custom object.
The approval assignment rule is written to trigger the approvals based on the approvers in the custom object.
Requirement:
If the user request for Entitlement to be added, for Active Directory the approvals has to go 3 approvers in serial manner.1. Manager
2. Security Admin (Work group)
3. IT Team (Work group)
For Oracle ERP application, the approval has to go only to manager (single approver). And approvals are not required for removal of Entitlements.
For Account Request and Role Request, the approval has to go to manager.
For Account Request and Role Request, the approval has to go to manager.
Process:
Step 1: Import the below custom object into SailPoint. The custom object file contains the Provisioning request type, application details and the corresponding approvers.
Step 2: Import the Approval assignment rule into SailPoint. The Approval assignment rule contains the actual logic to trigger the approvals with the details from the custom object.
Step 3: Edit the LCM Provisioning Workflow and provide the name of imported assignment rule in argument approvalAssignmentRule for the sub processes Split provisioning and Approve and Provision.
step 4: Make sure approval mode = serial and approvalScheme = Identity.
Request for Entitlements and the approvals are triggered as defined in the custom object mappings.
Comment below if you find this post helpful.
No comments:
Post a Comment