Setting Global Reminders and Escalation Policies

If an approver assigned to an access request has not taken action on it, you need the ability to automatically remind them that their review is required. If too much time passes, you need to be able to escalate the issue by sending the request to another reviewer.

To update the settings for these reminders and escalations, refer to the Update Access Request Configuration API.

When you use the API, you must define the identity who will act as the fallback approver. You may also configure the length of time to wait between escalations and how often to send reminders to reviewers.

Note

By default, no reminders or escalations are sent.

Escalation Pattern

If reviewers fail to complete their reviews within the time frame, the request is automatically escalated to a new reviewer. This can occur up to 3 times. The first two times, the request is escalated to the manager of the assigned reviewer. The third escalation is sent to a fallback approver. The fallback approver is the individual designated by the API to complete the request if the previous reviewers fail to meet the deadline. If an approver is not found during escalation, the request is assigned to the fallback approver. If the fallback approver has been deleted from IdentityNow, the request remains with the last valid approver.

Notes

• If the fallback approver is the same identity that submitted the access request, the original requester might be permitted to review their own access request.
• The request will be assigned to the specified identity, even if the identity is disabled or incomplete. In these cases, an admin can reassign the request by submitting an API call with the Forward Access Request endpoint.
• In the case of governance groups, the request will be sent to each member's manager.

If a reviewer reassigns a request, the timing of the escalation process does not restart. Emails will still be sent out at the designated times.

Email Templates

You can customize the emails that users see when requesting, reviewing, or reassigning access requests using the following email templates:

• Access Request Decision
• Access Request Decision for Others
• Access Request for Other
• Access Request Reassignment
• Access Request Reviewer
• Access Request Sunset Date Reminder