Configuring Email Reminders and Notifications

Setting Global Reminders and Escalation Policies

If an approver assigned to an access request has not taken action on it, you need the ability to automatically remind them that their review is required. If too much time passes, you need to be able to escalate the issue by sending information to someone who can enforce your approval policy.

For API information about how to set these reminders and escalations globally for your IdentityNow site, see Update Access Request Configuration.

A task runs in the background on a daily basis at 12 am UTC to determine if any approvals meet the criteria for sending a reminder or an escalation.

Notes

• By default, no reminders or escalations are sent.
• If you're making these API calls, you'll need to use one of our supported authentication methods. As a best practice SailPoint recommends using OAuth 2. The endpoint you use must be changed slightly based on the authentication method. For more details, see Authentication​.

API

The API call to set a reminder and escalation policy is:

PATCH  /v2/org

The following JSON should be included:

• daysTillEscalation - Number of days from when the request is created to when the reminder/escalation process begins.

• daysBetweenReminders - Number of days between reminders or escalations.

• maxReminders - Maximum number of reminders sent before starting the escalation process.

• fallbackApprover - The alias of the identity that will review the request if no one else reviews it. Typically this is the SailPoint user name of the identity but in some cases, you might need to provide the UID. To determine the correct value for any particular identity, see the identity APIs described in the API Reference Guide​.

A task runs in the background on a daily basis at 12 am UTC to determine if any approvals meet the criteria for sending a reminder or an escalation.

For example:

{
  "approvalConfig": {
        "daysTillEscalation": 3,
        "daysBetweenReminders": 2,
        "maxReminders": 2,
    }
}

Escalation Pattern

When the criteria for an escalation has been met, the escalation email is sent to the following people in the system in order:

• Approver 2 - Manager of the original approver

• Approver 3 - 2^nd level manager of the original approver

• Fallback Approver - An individual designated by this API to complete the request if all previous approvers fail to meet the deadline

Note

If you define an escalation policy to enforce approvals, it may result in a unique workflow where a request gets escalated to the original person who requested the access, either for themselves or on behalf of someone else, essentially overriding the restriction in place to prevent this from happening.

Email Templates

You can customize the emails that users see when requesting, reviewing, or reassigning access requests using the following email templates:

• Access Request Decision

• Access Request Decision for Others

• Access Request for Other

• Access Request for Self

• Access Request Reassignment

• Access Request Reviewer

• Access Request Sunset Date Reminder