Register Sign in Need help? FAQ SailPoint directory
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Requiring comments for access requests and approvals in IdentityIQ 8.2

Requiring comments for access requests and approvals in IdentityIQ 8.2

 

IdentityIQ 8.2 adds the ability make comments required on access requests and approvals/denials, so users can provide business justifications when submitting access requests, and when approving or rejecting requests. Comments can be applied at the overall request level, or individually at the item level.

You also have the option to use rule logic to choose which entitlements and roles require comments when they are requested.

Video: Making comments required in access requests and approvals

This brief video gives an overview and demo of how this feature works.

 

Requiring comments for access requests

The requirement for comments on access requests is configured as an IdentityIQ global setting.

  1. Click gear > Global Settings > IdentityIQ Configuration.
  2. Click the Miscellaneous tab.
  3. Scroll down to the Manage User Access Require Comments Settings section, and choose your settings for requiring comments:
    • Check the Require comments for all access items option to require comments for all access requests.
    • If you want to use a rule to refine how comment requirements work (for example, to require comments for only certain entitlements or roles), select one or more rules from the Configuration Rules list. Note that if you check the Require comments for all access items option, comments will be required for all items, and any selected rules will be ignored. Any rules in your IdentityIQ instance of type "CommentConfig" are included in this list.

      RequireCommentsOnRequests.png
  4. Save your changes.

 

Requiring comments for access approvals or denials

IdentityIQ uses a business process to control comment requirements for approvals or denials of access requests.

  1. Click Setup > Business Processes.
  2. Select the LCM Provisioning business process, or your organization's custom business process for provisioning if you use one.
  3. Click the Process Variables tab.
  4. Use the checkbox options Require comments for approval and Require comments for denial to set your comment preferences.

    RequireCommentsApprovals.png
  5. Save your changes.

 

How users see comment requirements

In access requests, required comments are made at the Review and Submit stage of the access request. The comment icon is marked with a red asterisk when a comment is required. A comment at the overall request level, though the icon is not asterisked, will satisfy the comments requirement. Comments can also be made individually on each access item.

RequestNeedsComment.png

In approvals, the comments icon is green to indicate that there are comments from the requestor are present.

ApprovalComments1.png

A pop-up dialog requesting comments opens when the reviewer clicks the option to approve or deny the request.

ApprovalComments2.png

 

Labels (2)
Comments
victor_dimare
‎Jul 02, 2021 03:44 PM
‎Jul 02, 2021 03:44 PM

Does the 8.2 deployment come with an example comment config rule? Just wondering if this is a new object type.  Thanks

matt_crooke
‎Sep 21, 2021 12:18 AM
‎Sep 21, 2021 12:18 AM

@victor_dimare the 'Example Comment Config Rule' within the WEB-INF\config\examplerules.xml file provides a good starting point.

Matt

subhra_sarkar01
‎Dec 02, 2021 06:22 AM
‎Dec 02, 2021 06:22 AM

Cancel request one option is coming up for each each request, until request status is completed (if request is in waiting, provisioning then also cancel option is available ). I am working in 8.2. Can anyone help me out?

Harshavardhanreddy
‎Apr 19, 2022 11:21 PM
‎Apr 19, 2022 11:21 PM
 

When user raise a request the requester has to give comment mandatory. In Access Request the requester comment is displayed. But what ever the comment given by manager and Owner the comment is not displayed in the access request.

 

Chandu_1269
‎Jun 20, 2022 01:22 PM
‎Jun 20, 2022 01:22 PM

Hi All,

 

Is it possible to hide global Comments on overall request level,

we need only individual comments at the item level. 

 

Kind Regards,

Chandra 

btaggart
‎Feb 16, 2023 03:29 PM
‎Feb 16, 2023 03:29 PM

I realize this is for Identity IQ... but, is this planned for any upcoming release of IdentityNow?

Thanks in adance!

uzaifa_siddiqui
‎Feb 13, 2024 03:59 AM
‎Feb 13, 2024 03:59 AM

Hi @Chandu_1269 

Were you able to find, how We can hide the global comment on overall Request level, or where it is configured to be able to customize it at least ?

 

Thanks in Advance, 

Uzaifa

Frank_Marin
‎Mar 05, 2024 11:49 AM
‎Mar 05, 2024 11:49 AM

Good Morning All, 

I'm trying to see if there is a way that I could somehow validate that certain words are used in a required comment. Where would I attempt to configure that? I read in the developer forum that there's a way to edit the default text in a comment box from the properties file, but that doesn't validate anything. Wondering if anyone knows or has heard anything about something like this? maybe a pre-approval rule in the workflow...i don't know. 

 

any suggestions?

ankit1
‎Mar 19, 2024 07:38 AM
‎Mar 19, 2024 07:38 AM

Hi @uzaifa_siddiqui , @Chandu_1269 ,

Were you able to hide the global comment or individual item comment on access request page? Currently I am working in 8.2p4 version.

Thanks in advance.

 

 

 
uzaifa_siddiqui
‎Mar 19, 2024 12:31 PM
‎Mar 19, 2024 12:31 PM
Hi, We have not yet been able to hide/remove that option. If you are able to find this out. Please let me know too

Thanks and Regards,
Uzaifa Siddiqui


________________________________

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security, AI-powered support capabilities, and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy.
______________________________________________________________________________________

www.accenture.com
Version history
Revision #:
6 of 6
Last update:
‎Mar 08, 2023 10:55 AM
Updated by:
Community Administrator
 
View Article History