0 votes

Hello,

I have a workflow for a specific kind of user creation and I want the initiator to be able to approve the final step.

The user is created during the first part of the process, then the initiator have to configure some custom permission that I cannot script. I want the initiator to approve the final step wich is an email to the new user validating his new access. That mean he needs to be able to approve himself manually.

I tried with the %adm-initiatorDN% in the $context.sendforapproval but the approbator list is empty, I guess it's because it's himself.

So is my conclusion right and we don't have that option? Or maye is there another way to approve yourself manually?

Thanks

by (440 points)

1 Answer

0 votes
by (270k points)
selected by
Best answer

Hello Alex,

It is not possible to send an Approval Request for an operation to the user that initiated the operation. In this case, the operation will be approved automatically.

If you want the Approval Request to be sent to a different user than the operation initiator, use the $Context.SubmitForApproval method in your script and pass the distinguished name (DN) of the approver as the first parameter of the method. For details, see https://www.adaxes.com/tutorials_Delega ... t_approval.
If you want to send execution of an action (e.g. Run a program or PowerShell script) for approval, you can use option Get approval for this action. In this case the action will not be executed until approved.

0

Hi,

Thanks for your reply.

I already know how to send for approval to someone else, I'm asking for a manual approbation by the initiator.

I think if that option doesn't exist you should maybe implement it, it is usefull if the initiator wants to make manual change or wait for a specific action outside of Adaxes before sending the confirmation to the involved user. In my case I don't want to send the confirmation email to the external user before I've grant them access to specific application where I need to have the AD user newly created.

Workflow is like:

  • Create a new external user
  • Manager approval
  • New AD user creation
  • [the part that I was expecting] Send for approval to the initiator
    -> The initiator grant specific manual permission
  • Initiator manual approval when everything is set up
  • Email is send to the external user to confirm his new access to our infrastructure
0

Hello Alex,

As it was mentioned in our previous post, it is not possible to have an operation initiator as approver for the operation. If such a situation happens, the operation execution will be approved automatically. However, thank you for the suggestion, we will consider it.

As for granting specific permissions manually, could you provide us with all the possible details regarding this part? Maybe, it will be possible to automate the operation and in this case the issue with manual approval by initiator will be gone by itself.

0

That's annoying but I will think about a workaround, thank you.

This task could probably be automatise but it would require tons of work, it's not worth automatising for different reason even if I love process automation.

Related questions

0 votes
1 answer

Hello team, I created this custom command and action The manager is not notified by email about a new approval, only visible in portal Once the Manager approves it, the whole ... can I build a flow of two approvers? First manager, then owner of target group

asked Oct 20, 2023 by wintec01 (1.1k points)
0 votes
1 answer

Hi Are there any plans to allow the creation of approval requests via PowerShell? My client has a requirement to allow staff to request new Teams, but the Team needs to ... could be a balance of both automated approval emails and not as required. Thanks Matt

asked Oct 12, 2023 by chappers77 (2.0k points)
0 votes
1 answer

Hi if a request is send to the supervisor of the requester and he does not approve in 7 days can the request be forwarded to the supervisors manager for approval?

asked Sep 29, 2023 by johanpr (80 points)
0 votes
1 answer

How to deal with approval requests in a AD and AAD environment? I have recently created a workflow where I log on as a AD user and request to be a member of a AAD group, ... of member works despite the initial request was based on a AD user and not a AAD user.

asked May 2, 2023 by Daniel (80 points)
0 votes
1 answer

In a custom command where an approval is added in Powershell code ($Context.SubmitForApproval) or as an action Send this operation for approval' how can you run specific ... is denied a mail is sent to requestors manager and requestors account is disabled.

asked Mar 28, 2023 by Pihl (20 points)
3,326 questions
3,026 answers
7,727 comments
544,678 users