Hello ForgeRock community,
I have a question regarding a use case that has been brought up to me. I would like to know if there is a way to approve requests directly through email. I.E without the need of logging into OpenIDM; once the admin/manager gets the email, they can just click the link that will approve or disprove of the request and that would be the end of the process.
I assume that you are referring to the sync-asynchronous workflow sample that ForgeRock provides, since IDM doesn’t contain the behavior you describe out of the box. If so, then yes, you “can” do exactly what you are asking. You simply need to update the workflow to auto approve based on you arriving at a particular endpoint with a particular token/code.
While you “can” do this, I would question if you “should” do this. Keep in mind that logging in to IDM provides a second factor in the workflow request and an audit trail that demonstrates that the action was performed by someone that had the authority to approve the request in the first place.
You also need to decide what to do about situations where the manager doesn’t want to grant the approval – and he needs to provide a reason why to the submitter. Your approach would not work in that case without having to create additional endpoints to handle such cases.
Keep in mind that IDM is extremely flexible so you can definitely do whatever you want to do. Now should you do it, that is another question.