Once an IT Shop request is raised, it follows a defined approval process which decides whether the request is be approved or rejected.
Figure 1: Approval workflow process
Once an IT Shop request is raised, it follows a defined approval process which decides whether the request is be approved or rejected.
Figure 1: Approval workflow process
A request raised on ServiceNow is routed to the manager for approval or follows self-service approval depending on how the configuration parameters are configured. If manager approval is configured, each requested item will be available for separate approval/rejection.
If manager approval is enabled, the request is routed to user’s ServiceNow/One Identity Manager’s manager for approval depending on the configuration parameter. Configure the following configuration parameters described below
| Config name | Value |
| perform_manager_approval | true |
| manager_approval_authoritative_source | SNOW / ONEIM |
| fallback_approver | “Fallback approver name” |
If manager_approval_authoritative_source has been configured to SNOW, the request will be routed to user’s ServiceNow manager and if one does not exist, it is routed to the configured fallback approver.
If manager_approval_authoritative_source has been configured to ONE IDENTITY MANAGER, the request will be routed to user’s One Identity Manager’s manager and if one does not exist, it is routed to the configured fallback approver.
NOTE: If the authoritative source is ServiceNow then system admin should make sure that the appropriate manager has approver role.
To enable self-service approval in ServiceNow, configure the following configuration parameters with the value specified
| Config name | Value |
| perform_manager_approval | false |
Now the user requests will be automatically approved.
SOD rules configured in One Identity Manager can be checked and validated against at ServiceNow end by enabling the configuration parameter perform_sod_check (set the configuration parameter to true). SOD use cases are summarized below:
No SOD conflict for any of the requested item: A user can submit the request.
SOD Conflict for some of the requested items and exception approver has been configured in the One Identity Manager SOD Rule: User can submit the request, but the request is routed to the compliance officer configured in ServiceNow (Configuration parameter: compliance_officer) post submission. If the compliance officer approves the request, the request is then routed to the configured manager/fallback approver/self-service approval is performed. If compliance officer rejects, the request is rejected.
SOD Conflict for some of the requested items and exception approver has not been configured in the One Identity Manager SOD Rule: The request is automatically canceled.
© 2025 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center