SeleneB.09496 (Customer) asked a question.
OIG for submitting an access request on behalf of another employee
Referencing this other question (https://support.okta.com/help/s/article/Does-Okta-Identity-Governance-Access-Request-support-requesting-access-onbehalf-of-another-user?language=en_US) -
Would a workflow need to be created to submit an access request on behalf of another employee if we wanted to reference the User ID (as stated above)? There are action cards in access requests as well, so I need clarification on this.
Additionally, if a workflow is needed, what would it look like? or as opposed to just the access request, what would that look like?
@SeleneB.09496 (Customer) - Essentially the only way to create a request "on behalf of" would be to leverage BETA API's for OIG.
https://developer.okta.com/docs/api/iga/
Do you have to use Workflows for this. No. But there is some integration between the two solutions. What the other article is alluding to is you could for example have an audience that is "Managers" so they have access to a specific AR Type. That AR Type could then ask for user specific information (like Okta email/username/okta id) and other pertinent information for the request (the resource) that they want to grant a specific user.
This information would all be collected with the AR as the "Front-end". It could then be passed to Workflows (Delegated flow) and a flow could be ran that creates the a new AR on behalf of that user since the body of the request requires an Okta user ID of the user "making the request" this could be populated as any user who would then be a target of the action.
requesterUserIds
Array of strings <okta-user-id> = 1 items -- A list of requester Okta user ids.
https://developer.okta.com/docs/api/iga/openapi/governance.api/tag/Requests/#tag/Requests/operation/createRequest