0 votes

Hello,

I have a workflow for a specific kind of user creation and I want the initiator to be able to approve the final step.

The user is created during the first part of the process, then the initiator have to configure some custom permission that I cannot script. I want the initiator to approve the final step wich is an email to the new user validating his new access. That mean he needs to be able to approve himself manually.

I tried with the %adm-initiatorDN% in the $context.sendforapproval but the approbator list is empty, I guess it's because it's himself.

So is my conclusion right and we don't have that option? Or maye is there another way to approve yourself manually?

Thanks

by (850 points)

1 Answer

0 votes
by (187k points)
selected by
Best answer

Hello Alex,

It is not possible to send an Approval Request for an operation to the user that initiated the operation. In this case, the operation will be approved automatically.

If you want the Approval Request to be sent to a different user than the operation initiator, use the $Context.SubmitForApproval method in your script and pass the distinguished name (DN) of the approver as the first parameter of the method. For details, see https://www.adaxes.com/tutorials_Delega ... t_approval.
If you want to send execution of an action (e.g. Run a program or PowerShell script) for approval, you can use option Get approval for this action. In this case the action will not be executed until approved.

0

Hi,

Thanks for your reply.

I already know how to send for approval to someone else, I'm asking for a manual approbation by the initiator.

I think if that option doesn't exist you should maybe implement it, it is usefull if the initiator wants to make manual change or wait for a specific action outside of Adaxes before sending the confirmation to the involved user. In my case I don't want to send the confirmation email to the external user before I've grant them access to specific application where I need to have the AD user newly created.

Workflow is like:

  • Create a new external user
  • Manager approval
  • New AD user creation
  • [the part that I was expecting] Send for approval to the initiator
    -> The initiator grant specific manual permission
  • Initiator manual approval when everything is set up
  • Email is send to the external user to confirm his new access to our infrastructure
0

Hello Alex,

As it was mentioned in our previous post, it is not possible to have an operation initiator as approver for the operation. If such a situation happens, the operation execution will be approved automatically. However, thank you for the suggestion, we will consider it.

As for granting specific permissions manually, could you provide us with all the possible details regarding this part? Maybe, it will be possible to automate the operation and in this case the issue with manual approval by initiator will be gone by itself.

0

That's annoying but I will think about a workaround, thank you.

This task could probably be automatise but it would require tons of work, it's not worth automatising for different reason even if I love process automation.

Related questions

0 votes
1 answer

I have been tasked with adding certain text to teh approval emails. What variable can i use for the object that the approval is required on? everything i currently select shows for the manager of the user?

asked Apr 9 by Derek.Axe (1.9k points)
0 votes
1 answer

Hello If a user manager is on vacation, how can I delegate approval tasks to the managers manager ? Delegation can for example be timebased (not answered within 2 days) ... value. Just guide me to documentation on this issue. Do not describe a solution.

asked Mar 11 by Boxx.dk (11.9k points)
0 votes
1 answer

Adaxes seems to want to use the Manager field to specify who gets approval confirmation emails. What do you do about a user without a manager, such as the CEO? Let's assume they're not tech saavy, and the IT department needs to confirm their requests.

asked Feb 10 by Liam (250 points)
+2 votes
1 answer

We set up a new hire form that has serveral custom text attributes that include pay rate, etc. These fields are routed to the correct departments via a PowerShell ... Is there anyway to prevent certain attributes from displaying in the approver request email?

asked Jan 8 by dhuffman (470 points)
+1 vote
1 answer

I am attempting to build out a report that shows all user accounts were approved by two different persons before being created. I have the workflow running correctly, ... this data stored in a specific location thats accessible by the reporting engine? Thanks!

asked Dec 16, 2019 by hendersonw (830 points)
2,325 questions
2,080 answers
5,665 comments
88,236 users