Configure an approval sequence
Configure an approval sequence for an access request condition if you want to set questions, approval tasks, and custom tasks.
Before you begin
-
Configure any group owners that you plan to use as approvers. If the group owner is another group, push that group to Access Requests.
-
If you plan to use a requester's manager as an approver, set the managerId user attribute as their Okta username or email address.
Configure Okta Workflows actions in Access Requests
This task is optional. If you want to use the Call Okta Workflows action in your approval sequence, enable the self-service feature.
-
Set up delegated workflows and activate them in the Workflows Console. See Delegated flows and Build a delegated flow.
-
Create a custom admin role with the following configuration:
-
The role has the Run delegated flow permission.
-
The resource set contains at least one delegated flow that needs to be executed.
-
This role and the resource set are assigned to the Okta Access Requests OAuth app.
-
-
In the Access Requests console, go to .
-
On the Okta tile, click Edit connection, and then enable the Run a workflow toggle.
Create an approval sequence
-
Sign in to the Admin Console as a super admin, an access requests admin, or with a custom admin role with app admin permissions.
-
Go to
. -
Select an app, and then go to the Access requests tab on its profile page.
- Click + Create condition.
- Click Select sequence.
- On the Approval sequence page, click + Create sequence.
- Click Edit on the title bar and enter a name and description.
- To create questions for the requester to answer, click any node after the Trigger card and then select Questions for Requester. Follow the prompts and enter information as required.
- To assign a step to an approver, click any node after the Trigger card and then select the Approval card. Pick an approver from the Assign to dropdown menu.
- To invoke a delegated flow, click any node after the Trigger card and then select Call Okta Workflows. Select a workflow and then map the inputs from each field's dropdown menu (most are self-explanatory, with the following exceptions).
- OIG Request ID: The ID of the request made from the resource catalog
- Request subject: The title of the access request submission
- Resource URL: The URL of the requested resource
- Requester's user ID: The requester's user ID in Okta
- Okta User ID: The ID for the internal Access Requests app (don't confuse this with the Requester's user ID)
- Click Save.
Edit an approval sequence
You can also edit or delete an existing approval sequence, but remember that the changes affect all access request conditions that use this sequence.
-
Go to
. -
Select an app. Go to the Access requests tab on the app's profile page.
- Click + Create condition.
- Click Select sequence.
- Change the sequence, and then click Save.
- Click Update.
- To use the updated sequence for the access request condition, go back to the Approval sequences page. Select a sequence and then click Refresh.
- Click Select sequence.
- Click Update on the Access request condition page.