Single step |
Approval step name. |
Approval procedure |
Procedure to use for determining the approvers. |
Processing status |
Processing status of the success or failure case of the approval step. The processing status for the request is set according to the decision and whether it has been made positively or negatively. Define the processing status in the basic configuration data. |
Role |
Hierarchical role from which to determine the approvers.
The role is used in the OM and OR default approval procedures. Additionally, you can use the role if you use a custom approval procedure in the approval step. |
Fallback approver |
Application role whose members are authorized to approve requests if an approver cannot be determined through the approval procedure. Assign an application from the menu.
To create a new application role, click . Enter the application role name and assign a parent application role. For more information, see the One Identity Manager Authorization and Authentication Guide.
NOTE: The number of approvers is not applied to the fallback approvers. The approval step is considered approved the moment as soon as one fallback approver has approved the request. |
Condition |
Condition for calculating the approval decision. The condition is used in the CD, EX, or WC default approval procedures. Additionally, you can use the role if you use a custom approval procedure in the approval step.
Comparison value for the risk index in the approval procedure RI. Enter a number in the range 0.1 to 1.0. 1.0. You can use , or . as a decimal point. |
Number of approvers |
Number of approval required to approve a request. Use this number to further restrict the maximum number of approvers of the implemented approval procedure.
If there are several people allocated as approvers, then this number specifies how many people from this group have to approve a request. A request can only be passed on to the next level if this has been done.
If you want approval decisions to be made by all the employees found using the applicable approval procedure, for example all members of a role (default approval procedure OR), enter the value -1. This overrides the maximum number of approvers defined in the approval procedure.
If not enough approvers can be found, the approval step is presented to the fallback approvers. The approval step is considered approved as soon as one fallback approver has approved the request.
If an approval decision is made by the chief approval team, it overrides the approval decision of just one regular approver. This means, if three approvers must approve an approval step and the chief approval team makes a decision, two more are still required.
The number of approvers defined in an approval step is not taken into account in the approval procedures CD, EX,or WC. |
Description |
Text field for additional explanation. |
Approval reason |
Reason entered in the request if approval is automatically granted.
This field is only shown for the approval procedures CD, CR, RI, SB, EX, and WC. In the CR approval procedure, you can user the wild card {0} in the text. The place holder syntax corresponds to a format place holder in VB.Net ({0} to {9}) |
Reject reason |
Reason entered in the request and the approval history, if approval is automatically denied.
This field is only shown for the approval procedures CD, CR, RI, SB, EX, and WC. In the CR approval procedure, you can user the wild card {0} in the text. The place holder syntax corresponds to a format place holder in VB.Net ({0} to {9}) |
Reminder after (minutes) |
Number of minutes to elapse after which the approver is notified by mail that there are still pending requests for approval. The input is converted into working hours and displayed additionally.
NOTE: Ensure that a state, county, or both is entered into the employee's main data of determining the correct working hours. If this information is missing, a fallback is used to calculate the working hours. For more information about calculating employees' working hours, see the One Identity Manager Identity Management Base Module Administration Guide.
TIP: Weekends and public holidays are taken into account when working hours are calculated. If you want weekends and public holidays to be dealt with in the same way as working days, set the QBM | WorkingHours | IgnoreHoliday or QBM | WorkingHours | IgnoreWeekend configuration parameter. For more information about this, see the One Identity Manager Configuration Guide.
If more than one approver was found, each approver will be notified. The same applies if an additional approver has been assigned.
If an approver delegated the approval, the time point for reminding the delegation recipient is recalculated. The delegation recipient and all the other approvers are notified. The original approver is not notified.
If an approver has made an inquiry, the time point for reminding the queried employee is recalculated. As long as the inquiry has not been answered, only this employee is notified. |
Timeout (minutes) |
Number of minutes to elapse after which the approval step is automatically granted or denied approval. The input is converted into working hours and displayed additionally.
The working hours of the respective approver are taken into account when the time is calculated.
NOTE: Ensure that a state, county, or both is entered into the employee's main data of determining the correct working hours. If this information is missing, a fallback is used to calculate the working hours. For more information about calculating employees' working hours, see the One Identity Manager Identity Management Base Module Administration Guide.
TIP: Weekends and public holidays are taken into account when working hours are calculated. If you want weekends and public holidays to be dealt with in the same way as working days, set the QBM | WorkingHours | IgnoreHoliday or QBM | WorkingHours | IgnoreWeekend configuration parameter. For more information about this, see the One Identity Manager Configuration Guide.
If more than one approver was found, then an approval decision for the approval step is not automatically made until the timeout for all approvers has been exceeded. The same applies if an additional approver has been assigned.
If an approver delegated approval, the time point for automatic approval is recalculated for the new approver. If this approval is rejected, the time point for automatic approval is recalculated for the original approver.
If an approver is queried, the approval decision must be made within the defined timeout anyway. The time point for automatic approval is not recalculated.
If additional approvers are determined by recalculating the current approvers, then the automatic approval deadline is not extended. The additional approvers must approve within the time frame that applies to the current approver. |
Timeout behavior |
Action that is run if the timeout expires.
-
Approved: The request is approved in this approval step. The next approval level is called.
-
Deny: The request is denied in this approval step. The approval level for denying is called.
-
Escalation: The request process is escalated. The escalation approval level is called.
-
Cancel: The approval step, and therefore the entire approval process for the request, is canceled. |
Reason type on approval |
Specifies which type of reason is required when granting approval to this approval step.
-
Optional: A reason can be provided if required.
-
Standard reason required: A standard reason must be selected.
-
Free text required: A reason must be given. This can be any text. |
Reason type on denial |
Specifies which type of reason is required when denying approval to this approval step.
-
Optional: A reason can be provided if required.
-
Standard reason required: A standard reason must be selected.
-
Free text required: A reason must be given. This can be any text. |
Additional approver possible |
Specifies whether a current approver is allowed to instruct another employee as an approver. This additional approver has parallel authorization to make approvals for the current request. The request is not passed on to the next approval level until both approvers have made a decision.
This option can only be set for approval levels with a single, manual approval step. |
Approval can be delegated |
Specifies whether a current approver can delegate the approval of the request to another employee. This employee is added to the current approval step as the approver. This employee then makes the approval decision instead of the approver who made the delegation.
This option can only be set for approval levels with a single, manual approval step. |
Approval by affected employee |
Specifies whether the employee who is affected by the approval decision can also approve this request. If this option is set, requester, and request recipients can approve the request.
If this option is not set, use the QER | ITShop | PersonInsertedNoDecide, QER | ITShop | PersonOrderedNoDecide, QER | ITShop | PersonInsertedNoDecideCompliance, and QER | ITShop | PersonOrderedNoDecideCompliance configuration parameters to specify for all requests whether requester and request recipient can approve the request. |
Do not show in approval history |
Specifies whether or not the approval step should be displayed in the approval history. For example, this behavior can be applied to approval steps with the CD - calculated approval procedure, which are used only for branching in the approval workflow. It makes it easier to follow the approval history. |
No automatic approval |
Specifies whether the approval step is decided manually. The request is presented again to an approver even if they are the requester themselves or the request has been approved in a previous approval step. The setting of the DecisionOnInsert, ReuseDecision and AutoDecision configuration parameters is ignored in this approval step. |
Escalate if no approver found |
Specifies whether the approval step is escalated if no approver can be found and no fallback approver is assigned. In this case, the request is neither canceled nor passed to the chief approval team.
This option can only be enabled if an approval level is linked to escalation. The option cannot be enables if the approval step uses the approval procedure OC or OH. |