• State Suggested Answer
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 96 subscribers
  • Views 200 views
  • Users 0 members are here
Options
Related

Creating an Approval Workflow in One Identity with Conditional Rechecks

davide_25667
1 month ago

In our One Identity implementation, we need to set up an approval workflow that includes a loop to recheck a specific condition. This ensures that business roles are assigned correctly and that any necessary adjustments by administrators are verified before final approval. Here’s how we can achieve this:

Workflow Overview:

  1. Request Submission: A business role request is initiated.
  2. Calculated Approval (CD): The system checks if the recipient meets a certain condition.
  3. Approval Process:
    • If CD is true, the business role is assigned automatically.
    • If CD is false, the request goes to the administrator for approval.
  4. Administrator Actions:
    • The administrator reviews and corrects the recipient's identity details.
    • The administrator approves the request in the IT Shop.
  5. Rechecking Condition (2):
    • The system rechecks the initial condition (CD).
    • If the condition is now true, the business role is assigned.
    • If the condition is still false, the request returns to the administrator for further review.

However, I am encountering an issue with implementing this "loop." Specifically, I am able to connect the "Positive" outcome of the Administration approval step (OR) back to the initial Calculated Approval (CD), but the system does not recalculate the condition.

Thank you in advance.

  • 0 1 month ago

    You must implement Step 5 as a separate CD Step using the same condition.

  • 0 30 days ago

    Hello everyone,
    we tried to implement the same logic required in this thread and we managed to create a loop.
    In order to make this loop functional we created two Approval Levels:
    1 - CD check which decides whether to approve or not the request based on a specific condition
    2 - OR procedure which consists of a manual approval by 1 member of a certain Application Role.
    If the Approval Level 1 fails the check, it proceeds to the Approval Level 2. At this point, if the member of the AERole approves at step 2 and, by connecting the Success Process Status of the second level to the first level, it makes One Identity perform the check once again thus creating a loop.
    In this way the loop is not completely automatic since it requires a person to manually approve a request step, but in this way you do not have to configure N levels without knowing how many times the checks may be required.

    Kind Regards