During the Identity Manager life-cycle implementation one of the most common scenarios is to define the Identity manager approval workflow or approval process.
The approval process is a very important piece due this allow to the user have an account in one or more systems connected to the IDM solution with the sponsor of the manager or IT department.
Typically on an Identity Manager Solution the user goes to the web interface for the IDM solution and submits a request requesting access to one or many applications.
After a request is being submitted, the IDM solution will execute one or all of the next actions:
- Create a request task ( Waiting for someone approval )
- Go to the Approver Queue or Auto approve ( Base in some business rules )
- Notify the approvers
- Notify the provisioners
- Provision / Deprovision access on the application
- Notify user/manager.
It is very important to consider the way that the user can submit a request, typically he can:
- Submit one request for one application
- Submit one request with multiple applications
Due the two ways to request below the gathering requirements phase needs clearly identify what actions or approvals are required for those scenarios. Some questions that need to be addressed are:
- What happen if the user submits one request for multiple applications?
- Does the user needs one notification per application or just one notification with all details?
- Are the same approvers for all applications?
- What happen if one approver denies one of the application requests?
- How does that affect the other requested applications?
As you noticed the requirement phase is very important, some aspects to consider when you are gathering the requirements for the approvals are:
- Approvals levels
- Escalation time
- Request time ( life time )
- Delegation
- Notifications
We’ll discuss in another post the details for these aspects.