MIM Approval Justification – new feature!
The latest update to MIM SP1 (4.4.1459.0) added a new feature for justification on requests that require approvals. This will help designated approvers make informed decisions when approving or rejecting requests and give the requestors meaningful responses from the approver. Example use cases include:
- Giving justification when joining a group
- Giving justification when denying a request
How to enable the Justification UI
- In the MIM Portal navigate to Administration -> Portal Configuration
- Click the Extended attributes tab.
- Check the box next to Enable Justification UI.
- Click Submit
- Perform an IIS reset.
End user experience
When a user uses the MIM portal to locate a group they’d like to become a member of they can check the group and select join.
The confirmation window will prompt the user for a justification.
The approver will receive an email which contains the justification that is also stored on the approval object in MIM.
When the approver approves, or rejects the request they are also asked to give a justification.
Email Template Integration
Using the justifications in email templates can be achieved by using these XPATH expressions:
- [//Request/Justification] – Justification from the end user.
- [//WorkflowData/Reason] – Justification response provided by the approver.
Caveats
Setting the attribute to required in the RCDC does not seem to have any impact. Perhaps this will be enhanced in a future update.
This appears to be only available in the group join process. It is not available to be utilized with other types of requests now.
Conclusion
This is a much-requested feature for MIM and it’s great to see it released. Other features that were enabled in MIM SP1 hotfix 4.4.1459.0:
- Support for SQL Always On Availability Groups
- Support for SCSM 2016 for MIM Reporting
- Dynamic logging
- Custom object explicit membership
If you’re upgrading from FIM to MIM, or you need help designing or configuring your identity solution, let Oxford Computer Group’s expert consultants assist you. Contact us!
Need MIM training? Look no further than our specialist training team, Oxford Computer Training!