Setting up ABAC Approvals

Background

Sometimes you don't want to route your approvals to a named user, or even group. Sometimes, you want to route your approvals to a different person based on certain attributes of the requester. 

Perhaps this is your team lead! Or department head!

Nonetheless, you can now configure a field in Lumos to appropriately route approvals to the person who has the most context. That way, you're ensuring proper & quick approvals for your end users.

Instructions

1. Go to your Source of Truth settings & configure your Approver fields. 

Once you access your Source of Truth settings, you should be able to configure a custom field. Make sure you select "This is a user type." as Lumos will be trying to match this field with a user to route requests to.  

2. Configure your approvals to use your new field. 

Once the field has synced, you should be able to configure this as an approver on your requests! Note that you can not only select an attribute-based approver, but you can still regularly add individual or named groups as approvers as well. 

FAQs

1. What happens if I'm not seeing the new field to configure as an approver?

This may mean that the data has not synced into Lumos yet -- you'll want to navigate to your Source of Truth settings and click the "Re-sync data" button!

2. What happens if the approver is not valid/properly matched?

For example, say you have your Netsuite app routing to the Department Head for approval, but for some reason, Bob's Department Head is not configured on his Okta profile.

In these scenarios, we'll route the approval to the app admin on the request, saying that we weren't able to find the user. Like so:

The app admin will be able to reroute the approval OR reassign the request from the Web UI.