0 votes

Hello,

We have a script that checks for expiring accounts (temp/contractor) and emails the users manager requesting that they respond to the email either approving an extension of the account for another 90 days, or the termination of the account.

We also have a custom task that our security group uses to extend the account for 3 months.

What we would like to do, is use Adaxes to generate an approval request to the manager, have the manager log into the self service website, then click approve or deny. I can see how to do the approval, but is there any way to trigger an action if the manager clicks deny? If they do deny it we want to deprovision the account after it has expired, or at least send an email to the security group to do so.

by (710 points)

1 Answer

0 votes
by (216k points)

Hello,

Since, if the Approval Request is denied. the account will expire, you can create a Scheduled Task that will run, say, daily and that will execute the Custom Command used for deprovisioning on every user, whose account has expired. To implement such a solution:

  1. Create a new Scheduled Task.
  2. On the 3rd step of the Create Scheduled Task wizard, select the User object type.
  3. On the 4th step, add the Execute a Custom Command action.
  4. Click Select.
  5. In the dialog box that appears, select the Custom Command that you use for user deprovisioning and click OK two times.
  6. Click the Add Condition button.
  7. Select the If account/password <expiration status> condition.
  8. Select If the User account has expired.
  9. Click OK and finish creation of the Scheduled Task.
0

What if the approval is not denied and is just ignored? Will it be removed with the object?

I was thinking about this post on my way to lunch today. Wouldn't it be easier for it to be in one scheduled task?

use an available attribute

Action 1
1. Look for expiring accounts that will expire in ** days and where attribute is blank
2. Set attribute to {something}
3. Set account expiration to +3 months (Require Approval)

Action 2
1. Look for accounts that expired * days ago and where attribute is not blank
2. Deprovision account

With this, if the manager does not approve or does deny the request for the account, then it is deprovisioned. The only concern I have here is that when you get over 1000 pending approvals, Adaxes gets slower and if you have managers\users like I do, then they will ignore requests that they are not concerned with.

0

Hello,

The only issue here is that you cannot find the specific Approval Request that requires to approve a specific action. However, it is possible to find all pending requests that require approval of operations on a specific user. So, I suggest a Scheduled Task with two sets of actions and conditions:

    • If account will expire in less than ** days
    • Set account expiration to +3 months (Requires Approval)
    • If account has expired ** days ago
    • Deprovision account
    • Run a PowerShell script that finds all pending Approval Requests that request approval for operations on the account and deny them.

If this solution is OK with you, see Managing Approval Requests for information on how to manage Approval Requests in scripts. If you need assistance with the script, we will help you.

Related questions

0 votes
1 answer

In a custom command where an approval is added in Powershell code ($Context.SubmitForApproval) or as an action Send this operation for approval' how can you run specific ... is denied a mail is sent to requestors manager and requestors account is disabled.

asked Mar 28, 2023 by Pihl (20 points)
0 votes
1 answer

I have an issue we don't fully understand. We are running Adaxes v2018.2. Last night I logged in to unlock a user account. Under the "User Management" section I clicked " ... been made to any of our accounts. Any suggestions as to where to look next? Thanks.

asked Apr 24, 2019 by mjewison (50 points)
0 votes
1 answer

Since upgrading to 2019.2 I am no longer able to run scheduled reports, either automatically or manually. When looking at the log I see it fails at the "generate report ... is attempting. I can run the report directly with no problem. Can anyone help? Thanks,

asked Nov 21, 2019 by rossb (20 points)
0 votes
1 answer

Hi Are there any plans to allow the creation of approval requests via PowerShell? My client has a requirement to allow staff to request new Teams, but the Team needs to ... could be a balance of both automated approval emails and not as required. Thanks Matt

asked Oct 12, 2023 by chappers77 (2.0k points)
0 votes
1 answer

I have created a Business Rule (call it BR1) that occurs After adding or removing a member from a group . For testing purposes, it currently runs a PowerShell script ... the Business Rule I created. Is this expected behavior? Or am I doing something wrong?

asked Apr 12, 2023 by alex.vanderwoude (60 points)
3,326 questions
3,025 answers
7,723 comments
544,675 users