- Video: Making comments required in access requests and approvals
- Requiring comments for access requests
- Requiring comments for access approvals or denials
- How users see comment requirements
IdentityIQ 8.2 adds the ability make comments required on access requests and approvals/denials, so users can provide business justifications when submitting access requests, and when approving or rejecting requests. Comments can be applied at the overall request level, or individually at the item level.
You also have the option to use rule logic to choose which entitlements and roles require comments when they are requested.
Video: Making comments required in access requests and approvals
This brief video gives an overview and demo of how this feature works.
Requiring comments for access requests
The requirement for comments on access requests is configured as an IdentityIQ global setting.
- Click gear > Global Settings > IdentityIQ Configuration.
- Click the Miscellaneous tab.
- Scroll down to the Manage User Access Require Comments Settings section, and choose your settings for requiring comments:
- Check the Require comments for all access items option to require comments for all access requests.
- If you want to use a rule to refine how comment requirements work (for example, to require comments for only certain entitlements or roles), select one or more rules from the Configuration Rules list. Note that if you check the Require comments for all access items option, comments will be required for all items, and any selected rules will be ignored. Any rules in your IdentityIQ instance of type "CommentConfig" are included in this list.
- Save your changes.
Requiring comments for access approvals or denials
IdentityIQ uses a business process to control comment requirements for approvals or denials of access requests.
- Click Setup > Business Processes.
- Select the LCM Provisioning business process, or your organization's custom business process for provisioning if you use one.
- Click the Process Variables tab.
- Use the checkbox options Require comments for approval and Require comments for denial to set your comment preferences.
- Save your changes.
How users see comment requirements
In access requests, required comments are made at the Review and Submit stage of the access request. The comment icon is marked with a red asterisk when a comment is required. A comment at the overall request level, though the icon is not asterisked, will satisfy the comments requirement. Comments can also be made individually on each access item.
In approvals, the comments icon is green to indicate that there are comments from the requestor are present.
A pop-up dialog requesting comments opens when the reviewer clicks the option to approve or deny the request.
