• Download a trial
  • Sales
  • Support
  • Login
logo
  • Home
  • Products
  • Solutions
  • Partners
  • About Us
  • Consulting
  • Resources
Request a Quote
  • Workforce Identity
  • Customer Identity
  • Comparison
  • Subscriptions

All Features

Overview of all features in Workforce Identity

User Onboarding and Offboarding

Automate joiner, mover, leaver processes

Access Request

Access requests with multi-step approvals

User Access Reviews

Save time with user access reviews

Self-Service Portal

Self-service portal for all end user activities

Segregation of Duties

Detect and remediate SoD violations

Password Management

Enforce password policies and enable synchronization

Single Sign-On (SSO)

Enable SSO using standards - SAML, oAuth, OIDC

Authentication and MFA

Improve security with adaptive authentication and MFA

3rd Party IdP Integration

Integrate with your existing identity provider

Integration API

Use the REST API to add identity into your applications

Connector Library

Integrate on-premise and SaaS applications

Modern Architecture

Microservice architecture that supports deployment using RPM, Kubernetes or OpenShift

Workforce Identity Concepts

All Features

Overview of all features in Customer IAM

Authentication and MFA

Improve security with adaptive authentication and MFA 

Single Sign-On (SSO)

Enable SSO using standards - SAML, oAuth, OIDC

Password Management

Enforce password policies and enable synchronization

Modern Architecture

Microservice architecture that supports deployment using RPM, Kubernetes or OpenShift

Customer Identity Concepts

Community vs Enterprise

Summary of the differences between the Community and Enterprise editions

Subscription Benefits

Overview of the benefits provided by an OpenIAM subscription

  • Integrations
  • Verticals
  • Workforce Use Cases
  • CIAM Use Cases
  • Compliance

Active Directory

Manage identity in Active Directory

Azure (O365)

Manage identity in Office365

SAP

Manage identity in SAP S/4 Hana

SAP SuccessFactors

Manage identity in SAP SuccessFactors

Workday

Manage identity in Workday

Education

Manage identity for students, staff and alumni

User Access Requests

Empower end users and improve compliance with user access requests

Strong Authentication

Improve security with adaptive authentication and MFA

Single Sign-On (SSO)

Improve customer experience with SSO

NIS2

Achieve compliance with the EU directive for cybersecurity frameworks.

DORA

Comply with the Digital Operational Resilience Act for the EU.

HIPAA

For healthcare organizations seeking HIPAA compliance.

  • Partners

Current Partners

Our Current Partners

  • About Us

About OpenIAM

Learn about OpenIAM

Press Releases

References to OpenIAM press releases

OpenIAM in the Media

References to OpenIAM in the media

Careers

Learn about open positions at OpenIAM.

  • Consulting

Proof of Value

Customized engagement to confirm defined proof of value objectives

Jump Start

Customized engagement to rapidly deliver a solution into production

Solution Implementation

Engagement with the objective to deliver a complete IAM solution based on customer requirements

  • Resources

Videos

Collection of videos describing how OpenIAM can be used to solve common use cases

Community Portal

Collaborative community portal to learn more about OpenIAM

CE Documentation

Documentation for the Community Edition

Blog

Musings on identity penned by the OpenIAM team

Webinar Calendar

Upcoming webinars and training sessions

Workforce Identity Concepts

Customer Identity Concepts

Workflow Approval Delegation Options in OpenIAM

December 20, 2023
Ameet Shah

I recently had a customer ask me about the delegation options available in OpenIAM. They wanted to know if OpenIAM can support the following use cases:

  • Ability to delegate a request
  • Ability to define a permanent delegation
  • Ability to auto-delegate the approval to the next level in the manager hierarchy
  • Ability to delegate to another manager if the current manager cannot complete the approval from some reason
  • Define delegation for an executive

These questions come up periodically and given its newness, it’s the subject of today’s post. We will work through each of these cases and describe why this feature maybe needed and how you can access/configure it in OpenIAM. This article is not intended to replace the product documentation for this topic.

Delegate a request

There are times when a request for approval is sent and either the approver is unable to process the request in a timely manner or the designated approver is simply the wrong person for the request. In either case, OpenIAM provides several options which are described below:

Delegate a single request

In situations where the approver can delegate a particular request, they can follow the steps below:

  1. Log in to the Self-Service portal.
  2. Go to your inbox and open the request that you need to delegate.
  3. Scroll to the bottom of the approval form and click on the [delegate] button.
  4. From the dialog below, select the user that you want to delegate to.
singleRequest

 

Permanent delegation/delegate requests for a period

Consider that an approver is planning to be out of the office and wants to delegate their requests to another person during their absence. To enable the out of office feature, the approver can do the following:

  1. Log in to the Self-Service portal.
  2. Click on My Info -> My information -> Out of office assistant
  3. In the dialog below, select the person that you want to delegate to and the dates that you want the delegation to be in effect. If you leave out the “End Date”, then it’s a permanent delegation.
PermDelegation

Select the out of office delegate and the time period

When you save this information, you will be given the opportunity to delegate existing items that are in your inbox.

This option also covers the second request on our list where we need to create a permanent delegation.

Manager delegation of a request

There are times when an admin or a manager must step in to delegate one or more requests because the approver is unavailable (e.g. approver is on vacation and forgot the delegate open request). In this case, an authorized user can use the steps below to delegate one or more requests on behalf of the approver.

  1. Log in to the Self-Service portal.
  2. Select Request approval -> Request administration.

managerDelegation

3. Select the request, and then select Delegate Selected Requests.

delSelReqWhen you save this information, you will be given the opportunity to delegate existing items that are in your inbox.

This option also covers the second request on our list where we need to create a permanent delegation.

Delegate to another manager

In OpenIAM, both use cases listed below are addressed through the escalation functionality found on all access request and access certification workflows.

  • Ability to auto-delegate the approval to the next level in the manager hierarchy
  • Ability to delegate to another manager if the current manager cannot complete the approval from some reason

To configure an escalation path for a workflow, follow the steps described below:

  1. Log in to the webconsole (admin portal).
  2. Navigate to the entitlement (group, role, resource) for which you want to define the escalation.
  3. Go to the “Approver association” menu.
  4. Click on the “i” icon shown below.
DelegateToManager

 

Use the dialog below to define the escalation path. For example, the image below shows that we will first escalate to the supervisor’s manager and then to their manager. To achieve this, the system will use the manager hierarchy that is defined in OpenIAM.

DelegateToManager2

 

Delegation for an executive

At many companies, senior executives do not want to be bothered with access request or access certification requests. To define the delegations for this audience, OpenIAM provides the ability to define both a delegate for access requests and one for access certifications. Since the sensitivity level of an access review maybe different, it’s possible that the delegate for each will also be different. To define these delegates, follow the steps below:

  1. Log in to the webconsole (admin portal).
  2. Navigate to User admin -> User search and then find your user.
  3. Use the “Classic view”.
  4. Expand the section titled “User’s assistants” as shown in the image below.
DelegateForExec

To define a delegate for access requests, select a person from the “Alternate contact” drop down. To define the delegate for access certification requests, select a user in the “Certification delegate”. In each section define the start date. The end-date is only required if you want to limit this delegate for a period.
Share

Leave a Comment
footer-top-logo
openIAM-white-logo

All modules of our IAM platform share a common infrastructure allowing customers to see one unified identity solution versus a collection of disparate products.

  • linkedin-icon
  • facebook-icon
  • twitter-icon
  • youtube-icon

sales@openiam.com

(858)935-7561

Copyright © 2025 OpenIAM. All rights reserved.
  • Privacy Policy