IdentityIQ parallel and serial approvals

 Introduction

Out of the box Sailpoint’s IdentityIQ provides numerous workflows for provisioning, we can implement our custom workflows according to the necessity. Similarly, parallel and serial approvals are workflows used in an enterprise to manage the access of the user.

Requirement

In the world of IAM, one thing every developer should remember is that “Right thing must be accessed by the Right user at a Right time“, from the above sentence we can say that an access must be rightfully distributed to the user.

In this requirement a user in an enterprise requested an entitlement or role using IdentityIQ then that access must be approved by the work groups which are maintaining that privilege.

Understanding parallel and serial approvals in IdentityIQ

The following video illustrates about parallel and serial approvals.

Working demo of parallel and serial approvals

The following video demonstrates how parallel and serial approvals accomplishes.

 

 

 

Using lists in Identity IQ workflows at approval steps

Sailpoint’s Identity IQ converts all the empty lists that go through an approval step in a workflow into NULL values. This does not hold the same with non-empty lists.

null diagram

For example, we have a global variable in the workflow which is an empty ArrayList ( [] ). It is going to be converted to ( NULL ) once it goes through an approval step. So in order that the lists work as per our need, we could provide a dummy value so that list is never converted to NULL when it goes through an approval.