Hello Sean,

Here is a KB article to help with the Self Service configuration - https://help.okta.com/en/prod/Content/Topics/Apps/Access_Request_Workflow.htm

Configure your org for Self Service

1.    Go to Applications > Self Service.

2.  In User App Requests, click Edit.

3.  Ensure that either Allow users to add org-managed apps or Allow users to add personal apps selected

4.  You can also select Allow users to email "Technical Contact" to request an app. Before selecting this option, make sure that you have configured the email alias of the Technical Contact in Settings > Accounts > End User Support.

Configure the App Approval Workflow

1.    Go to Applications > Applications and select the name of the app.

2.  Click the Assignments sub-tab.

3.  Note: This tab is not the Assign to People link in the app setup.

4.  Click Edit in the Self Service section in the sidebar that appears on the right.

5.  Specify whether you want to allow users to request this app.

6.  If you choose to allow users to request the app, you also need to configure the following:

•     Note for requester — Use this field to provide a description of the app or instructions for the requester. The maximum length is 500 characters.

•     Approval — Either Required or Not Required. You can always configure approval and then make it required later.

      Note: If an admin decides to change an app approval status from required to not required, keep the following in mind:

•     If an end-user has requested the app before this change, but has not yet received their approval(s), their entire request is deleted. The user does not receive notification of this deletion.

•     For admins, a Deleted message appears in the Okta System Logs.

1.    If you decide to require the approval flow, then configure the following options:

•     Send app requests to — Specify the individual or group that should receive the app requests.

•     To specify an individual, begin typing the individual's name. A list of matches appears from which you can select.

•     To specify a group, change the drop down to Group and then type the group name. Groups designated as approvers cannot contain more than 100 members.

•     You can specify multiple individuals or groups to create an approval chain. An approval chain cannot exceed 10 approvers. You cannot enter the same individual or group more than once.

•     Entitlements specify the action the approver can perform on the requester's account. There are three choices.

•     Hidden — approver cannot view user's account attributes

•     Read — approver can view, but not modify, account attributes

•     Write — approver can edit the requester's account attributes

•     Best Practice: Set up the approval chain to satisfy provisioning requirements.

•     If the app supports provisioning and has required attributes that need to be specified during assignment, then at least one of the approvers needs to be able to edit and set these user attributes.

•     If the app does not support automated provisioning, the final approval step can also serve as the provisioning step. Select an admin who can provision the application account as the final approver. This admin can provision the account and then approve the request to give the end user immediate SSO access to the app.

•     Note: To change the order of the approvers, click and hold the dotted handle to the left of the approver's step number and drag the line to the desired location.