<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
OIG Access Requests (Request Type) – Can an Approver Supply Information for a Request?
Aug 27, 2024
Okta Classic Engine
Identity Governance
Okta Identity Engine

Overview

This article provides details on how Okta Identity Governance (OIG) Access Requests can be set up so a manager can supply additional information for a request. For example, the requester wants access to an application but they do not know the role they need, so the manager would select the role at the approval stage.

Request Types (or access request flows) normally comprise a series of questions to set up the request followed by approval and action steps to perform the change. The default is to assign the questions to the requester, but you can assign them to their manager or anyone else known to OIG Access Requests.

 

Solution

Background

Let’s look at an example: An employee needs wiki access, but their manager (who is the approver) will need to select the role and put in a comment about it.

For this, we created four groups in Okta to represent roles (they would be assigned to the” wiki” app with the relevant role: Wiki-Consumer, Wiki-Reviewer, Wiki-Editor, and Wiki-Admin.

A sublist was created in OIG Access Requests for these four group roles. This sublist was used as a Dropdown question in a new Request Type and assigned to the Requester’s manager. A required Text field for Manager Notes was also added and assigned to the Requester’s manager.

 

blob

 

Note the icon to the right of the Questions. The single person in a circle icon is the requester, and the org chart icon is the requester’s manager (you can see it for the Manager Approval step also).

When a user requests access, they are prompted to answer their question (“Request Justification”) and then Submit new request.

 

blobblob

 

The request is submitted and proceeds to the outstanding questions.

 

blob

 

The manager would see that they need to answer some questions also (highlighted by the numbered circle beside the Questions tab in the right pane).

 

 

blob

 

The view shows the question(s) already answered and the outstanding questions – one is the list of roles that can be selected, and the other is the notes for a manager to enter.

 

blob

They select/enter the answers and select Update.

 

blob

 

Once the answers are submitted, the manager then approves the request and the access is provisioned.

 

blob

The answers to the questions are visible in the transcript of the request. In this case, the first was answered by the requester and the other two by their manager.

The Slack experience is slightly different for the manager, with an additional section highlighting Your questions in addition to Your tasks. The message sent to Slack highlights the questions to be answered.

 

blob

 

As it is running the same Request Type, the flow and questions are the same.

 

blob

 

Thus, using a standard out-of-the-box feature in OIG Access Requests, an Access Request flow can be set up to get an approver (or someone else) to supply additional information to a flow.

Recommended content

Still looking for help?
Loading
OIG Access Requests (Request Type) – Can an Approver Supply Information for a Request?