Setting Up Approval Escalations

Last updated: October 4, 2024

Background

Are you worried about approvals gathering dust while they wait on users who are no longer at your company? 😨 Are you worried about approvers not responding within your SLAs, causing your TTR to skyrocket?

Lumos has your back - introducing Escalation Policies!

By setting up these policies in your AppStore, it will ensure your time to approval remains low by rerouting requests to the appropriate parties & you'll be able to rest knowing your employees are getting access quickly. 

Steps

1. Go to Settings > Escalation Policies.

2. Click "Add New Policy".

3. Ensure "AppStore" is toggled

You'll be able to make policies for Access Reviews, but you'll want to create this for the AppStore.

Untitled (26).png

4. Define your trigger 💥

When it comes to AppStore approval escalation triggers, you have two options:

  • No active approver set

    • This will trigger when all approvers set for that particular stage of the approval request (manager, Stage 1, Stage 2) are inactive in Lumos, meaning they are also inactive in your source of truth. This trigger will automatically fire, and will not provide a warning to the original approvers, since they’re inactive.

  • Approvers do not take action

    • This will trigger when no approver has taken action for a particular stage of the approval request (manager, Stage 1, Stage 2). This trigger will first warn the original approvers 75% of the way throguh the SLA time that’s been configured, and then will escalated once 100% of the time has been hit.

    • You’ll be able to set the SLA option

5. Configure your Escalation Action(s)

  • Click Add to add actions, you will need at least one escalation action per rule.

  • You’ll see the option to “Reassign to” followed by users, groups, and a couple of shortcuts (App Admin, Manager) to configure.

  • If you add another escalation action, you’ll configure how long we should wait before the next escalation step.

  • You have the option of Including Original Approver(s) which will include the original approver(s) to the escalation. This will make it so that the original approvers can still approve or deny the request once it has been escalated.

6. Configure what app(s) you want this rule to apply to.

You may not necessarily want this escalation policy to apply to all the apps in your AppStore, so you can individually select what apps you want to be in scope. However, there's also a shortcut to apply to all apps which will apply to all the apps in your AppStore, and will include all future apps you add to your AppStore!

7.  [Optional] Rename your escalation policy

By default we’ll name this rule based on your trigger, but you can rename them too for easy reference!

Untitled (27).png

8.  Click Save, and you're done! 🥳

AppStore View

When escalation policies have been applied to particular apps, you'll be able to see that it's set from the configuration panel in settings. Upon hover, you'll be able to click "View Policy", which will take you to the policy page. 

FAQ

Are escalations auditable?

  • Yes!

  • Lumos will log when policies are created, edited, and deleted in the Activity Log.

  • Lumos will also log when the requests have been escalated and who it has been escalated to in the Activity Log.

Can I escalate to myself?

  • This depends - if you are making a request on behalf of someone, we may still escalate to you for approval. If you are the target on the request, Lumos will automatically skip this step in the escalation policy. If you have another action configured, Lumos will immediately move onto the next step. If there are no more steps, it will do nothing.

Do escalations run once per request, or do they run again per stage of approval?

  • Escalations will run per stage of approval. Meaning, you can escalate if the manager doesn’t approve in 1 hour, and then once that’s been approved, you can escalate the Stage 1 approval if the user/group doesn’t approve in 1 hour.

Do escalations run on manual provisioning steps?

  • This is not supported today.

Can I create two policies with the same trigger?

  • For a given application, you can technically apply up to two escalation policies, one for each trigger (inactive approvers, and approver inaction). Lumos will surface an error if you try to create a policy with a trigger that is already applied to an app.

What happens to my requests if I create an escalation policy — does the policy automatically run for all requests?

  • The escalation policy will only apply to requests created after the creation of the policy.

What happens if I delete a policy that has already escalated a request?

  • Lumos will surface this in the confirmation modal when you go to delete the policy, but the policy will continue to run for existing requests.

Can you read my vacation calendar and automatically reroute based on OOO?

  • This is not supported today.