[alejo]

At a company I worked for in the last we had one of those homegrown systems to manage identity lifecycle

We couldn’t get rid of the managerial approval as that was needed for auditing and compliance, but the platform made it mostly self-service and automated

In the case of joiners, there were a specific set of permissions that were assigned based in the role they were joining at, and managers always had the chance to add/remove access before day-1

After that, the employee could use the self service platform to request access to other things they may need

[daemon_9009]

Asking for permission this way is ok. But how was it approved? Manually or some API automation?

[alejo]

It has to be approved by a person (the manager/owner) because if you automate that part then it may not be in compliance with certain regulation

If you were to automate the approval then why even ask for approval?

Edit: just to add, you can make the UX for approval as easy as possible (slack integration, bulk approvals, etc) in cases in which is necessary by regulation.

You can also leverage certain attributes of the identity and risk profile to provide automatic approval on certain workflows to streamline the experience

[daemon_9009]

automate the approval means here is that the person who will finally give you the approval, doesn't have to do this manually, he can just automate this permission giving process using github or jira API.

[alejo]

I think I understand this, and I hope this doesn’t sound like me repeating myself.

My point was that there are cases in which you cannot fully automate this (compliance, audits, regulation, etc)

So the solution will be to use Jira’s/GH’s API and build an integration that makes it easy for a manager/owner to approve request, without having to log into Jira/GH