<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00009zOtiNCASOkta Identity EngineIdentity GovernanceAnswered2024-09-25T19:44:22.000Z2024-02-05T10:10:35.000Z2024-02-06T19:37:07.000Z

영진채.15505 (Customer) asked a question.

February 5, 2024 at 10:10 AM
Inquiry on Dynamically Assigning Access Requests to Group Owners

Hello,

I am reaching out for guidance on setting up Okta Access Requests. My goal is to streamline the process where Access Requests are automatically assigned to the appropriate group owners based on the requester's group membership.

 

In a scenario where we have a universal draft accessible by all employees, I envision the following workflow:

  • When a member of Group A initiates a request, it should automatically be assigned to the owner of Group A.
  • Similarly, if a member from Group B submits a request, it should go to the owner of Group B.

 

At present, the "assigned to" configuration seems to allow selecting only a single Okta group owner, which is not feasible given our organizational structure with numerous departments. This limitation prevents automatic matching of the request to the submitter's departmental group owner.

 

The documentation suggests manually setting a managerId for each user as the approver, but this approach seems impractical for our needs.

Have I missed something in the documentation, or is there an alternative method to achieve this automatic assignment based on group ownership?

 

Thank you for your assistance.

  • 1 answer
  • 376 views

  • TimL.58332 (Workflows)

    @ÏòÅÏßÑϱÑ.15505 (Customer)​ 

     

    So I am assuming you are looking to have an Access Request question with a drop down selection (likely from a config list). As long as you are not doing multi-select and the approver/group assignment is a single selection then this process will work fine.

     

    When using a "drop-down" on the back end it is going to be passing okta groupID's. So when there is only one selection it would look like: 00vay40bkyyZbQtfD1d7

     

    However, when using multi-select when its 2 or more its a CSV such as: 00vay40bkyyZbQtfD1d7, 00bay40bkyyZbFtfA1d7

     

    So when an approver attempts to be selected that string is not a valid groupId (singular) for either owner assignment OR for Action group assignment. You can get around this but you need to do individual approval steps for each item in the selection. So if you had group1,group2,group3 you would need to have an approval && action step for each of the 3 groups.

     

    Then the logic would be if "list" includes "specific selection" then statically map to this group owner. And the action would be the same if "list" includes && approval step was approved then assign to this specific group.

    Expand Post
This question is closed.
Loading
Inquiry on Dynamically Assigning Access Requests to Group Owners