Saviynt Forums

Hi @sudeshjaiswal 

The request is for New Account and Add Access. 

In endpoint > Entitlements with New Accounts(Default entitlements) > Here, we added Other endpoint entitlements (Once the task gets created after approvals these entitlements gets assigned by default).

Now the flow should go like > Once user submits request > Manager Approval (New Account/Access) > Owner Approval (Add Access) > Task creation for (Default entitlements Access/New Account/Access)

Here, the task should create only after Manager and Owner approves the entitlement Access but it's creating task without Owner approval only for Default entitlements not for New Account OR for Add Access which are requested in ARS (if Owner rejects the request then it won't create then access task but it also not creating the task for New Account)

The task should not create unless all the approvals are done even though it's still pending with Access approval. Can we make this happen

NOTE:

As per my understanding New Account/Add Access task should only create after the Approvals. Let me know if I'm wrong.

Since you have seperated the WF for Account and Entitlement where account goes through one level approval and entitlement goes through two level approval task gets created for account first without being waiting for entitlement approval.

To avoid this what you can try do is, in Security system make Create Task action as EntitlementOnly and also make entitlement as mandatory. With this setting task won't get created for account alone unless an entitlement is approved. But incase if you have a requirement for account only request without entitlement that cannot be achieved in this way

With entitlementsOnly action, can we still get the Entitlements with New Account added? Will Serial workflow not help here ?

@shivmano : Yes entitlements with new account should work. Also YES serial WF is another approach you can try

Hi @sk 

We made the change on Create Task action as EntitlementOnly in security system and we also have Entitlements with New Account in endpoint. Once the request is submitted the entitlement is going for Group Owner Approval and It's creating task for Entitlements with New Account entitlements without Group Owner Approval.

Is this the way it works? because if it creates a task for Entitlements with New Accounts first and what if the Group owner rejects the Add Access. In this case user shouldn't get access to the entitlements inside Entitlements with New Account, right ?

Are you saying without entitlement getting approved a task is created for entitlement that is added under Entitlements with New Account? If so do you see any new account task is also getting created?

@sk 

Yes, without entitlement getting approved, a task is created for entitlement that is added under Entitlements with New Account.

No, we don't see New Account task because we selected Create Task Action - EntitlementOnly in Security System. 

@Sampritha_r 

Thank You for the link, it should be helpful. I'll check it out.

How to configure All Approval Workflow to create t... - Saviynt Forums - 28987

On the same issue, we are sending Entitlement values in a tabular format in the Approved Email (Grant Access), since the Add Access (Entitlement) is still in pending with Owner Approval and task is creating directly without Owner Approval. We are receiving the Approved email without entitlements in table.

I understand that the above link you provided will solve this issue but, is there any other way we should send the email only if Entitlements are approved so that the entitlement with show up in email OR anything that we can change in email template?

If I understand correctly looks like you still splitting the WF for account and entitlement and making account as auto approval where as entitlement goes through approval and using one grant block for both. If that is the case you can try separating grant blocks for account approval and don't attach email template over there whereas another grant block you going to use for entitlement approval there you can assign email template which should solve the issue.

Hi @sk.

No, First New Account and Add Access will go for Manager approval Once manager approves then Add Access goes for Group Owner/Entitlement Owner Approver. Once New Account and Add access approves we are not sending it for GrantAccess, it's checking the if-else condition whether it has to go for Owner Approval or not, if it fails then it goes for GrantAccess.

 @Sampritha_r ,

I have checked the link you provided regarding the Task has to create only if all the Approvals are done. I've tried it but didn't get the expected solution. Can you please help me updating the XML snippet. I'm attaching the .zip file.

FYI, file consists of conditions where we mentioned in if-else block and the Email template Names also

.

Hello @ShyamSrisailam 

I have made changes to your workflow XML as per your requirement. Attached is the updated XML. 

Before loading the changed XML workflow into the Saviynt system, update the following entries in ‘workflowhistory’ table.

1. Set the status of this workflow in workflowhistory = 3.
2. Update the xmldata col with this workflow.
3. update ‘workflowhistory’ set WFLOADED=0 where WORKFLOWKEY = ;
4. Saviynt UI approves the workload So that it is approved and loaded successfully

Hello @ShyamSrisailam 

Thanks for sharing the XML.