cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Requiring comments for access requests and approvals in IdentityIQ 8.2

Requiring comments for access requests and approvals in IdentityIQ 8.2

 

IdentityIQ 8.2 adds the ability make comments required on access requests and approvals/denials, so users can provide business justifications when submitting access requests, and when approving or rejecting requests. Comments can be applied at the overall request level, or individually at the item level.

You also have the option to use rule logic to choose which entitlements and roles require comments when they are requested.

Video: Making comments required in access requests and approvals

This brief video gives an overview and demo of how this feature works.

 

Requiring comments for access requests

The requirement for comments on access requests is configured as an IdentityIQ global setting.

  1. Click gear > Global Settings > IdentityIQ Configuration.
  2. Click the Miscellaneous tab.
  3. Scroll down to the Manage User Access Require Comments Settings section, and choose your settings for requiring comments:
    • Check the Require comments for all access items option to require comments for all access requests.
    • If you want to use a rule to refine how comment requirements work (for example, to require comments for only certain entitlements or roles), select one or more rules from the Configuration Rules list. Note that if you check the Require comments for all access items option, comments will be required for all items, and any selected rules will be ignored. Any rules in your IdentityIQ instance of type "CommentConfig" are included in this list.

      RequireCommentsOnRequests.png
  4. Save your changes.

 

Requiring comments for access approvals or denials

IdentityIQ uses a business process to control comment requirements for approvals or denials of access requests.

  1. Click Setup > Business Processes.
  2. Select the LCM Provisioning business process, or your organization's custom business process for provisioning if you use one.
  3. Click the Process Variables tab.
  4. Use the checkbox options Require comments for approval and Require comments for denial to set your comment preferences.

    RequireCommentsApprovals.png
  5. Save your changes.

 

How users see comment requirements

In access requests, required comments are made at the Review and Submit stage of the access request. The comment icon is marked with a red asterisk when a comment is required. A comment at the overall request level, though the icon is not asterisked, will satisfy the comments requirement. Comments can also be made individually on each access item.

RequestNeedsComment.png

In approvals, the comments icon is green to indicate that there are comments from the requestor are present.

ApprovalComments1.png

A pop-up dialog requesting comments opens when the reviewer clicks the option to approve or deny the request.

ApprovalComments2.png

 

Labels (2)
Comments

Hi All ,

We are facing an issue where there are multiple approvers for an entitlement 

Example there are 3 levels of approval (Manager,L2 & L3 approval) the comments manager wrote is not visible in the lower ribbon when L2 approver approves it . But the comments manager wrote in upper ribbon is available across all approvers till L3 meaning Manager approval comments visible for L2 and L2 approver comment visible for L3 like that.

Please can you recommend is this an OOTB functional issue or some configuration issue that we are missing as part of our Upgrade to 8.2  

@ankit1 Were you able to hide the global comment or individual item comment on access request page ? Currently I am working on 8.3p3 . Thanks in advance 

Version history
Revision #:
6 of 6
Last update:
‎Mar 08, 2023 10:55 AM
Updated by: