Setting Global Reminders and Escalation Policies
If an approver assigned to an access request has not taken action on it, you need the ability to automatically remind them that their review is required. If too much time passes, you need to be able to escalate the issue by sending information to someone who can enforce your approval policy.
For API information on how to set these reminders and escalations globally for your IdentityNow site, see Update Access Request Configuration.
You can configure:
- The identity to use as the fallback approver.
- The length of time to wait before escalating to the first reviewer's manager, as well as how long to wait between escalations.
- How often to remind reviewers, including escalation reviewers.
Notes
- By default, no reminders or escalations are sent.
- If you're making these API calls, you'll need to use one of our supported authentication methods. As a best practice SailPoint recommends using OAuth 2. The endpoint you use must be changed slightly based on the authentication method. For more details, see Authentication.
Escalation Pattern
When the criteria for an escalation has been met, the escalation email is sent to the following people in the system in order:
-
Approver 2 - Manager of the original approver
-
Approver 3 - 2nd-level manager of the original approver
-
Fallback Approver - An individual designated by this API to complete the request if all previous approvers fail to meet the deadline
Once the request reaches the final reviewer in the escalation process, no additional emails are sent. The request remains assigned to the fallback approver indefinitely, unless that identity reviews the access request or manually reassigns it.
Note
If the fallback approver is the same identity that submitted the access request, the original requester might be permitted to review their own access request.
Email Templates
You can customize the emails that users see when requesting, reviewing, or reassigning access requests using the following email templates: