How to automate App Access requests with workflows

Step by step article on how to set up a workflow for the app access requests.

In this article, we’ll review how to configure a workflow that fully automates app access requests — from the initial submission by an employee to the final provisioning of the application via Okta, JumpCloud, or a custom webhook integration.

By the end of this guide, you’ll be able to build a zero-touch access request flow that:

Automatically routes the request for the right approvals
Handles multi-level approval chains (e.g., manager and app owner)
Provisions the access once approved
Updates the ticket automatically once completed

Overview

App access requests are among the most frequent IT tickets in any company.
Employees constantly need access to new tools, systems, or applications — and without automation, each request requires multiple manual steps: qualification, approval, and provisioning.

This process is time-consuming for IT teams, especially as the number of SaaS tools grows. Automating app access requests through Siit Workflows not only reduces the manual workload but also ensures faster access for employees, consistent governance, and a complete audit trail — all without a single IT touch.

Step 1 — Create a New Workflow

Go to Settings > Workflows and click Create Workflow.
Select Request Submitted as your workflow trigger.
This ensures the automation starts each time an employee submits a new request in Siit.

CleanShot 2025-10-21 at 11.25.32

Step 2 — Define the Trigger Condition

Add a Condition to ensure the workflow only runs for app access requests.
- Choose “Associated to” → select your dedicated App Access Request service from the Service Catalog.

💡 Tip:
If you want to restrict the workflow to a specific app (for example: Slack Access Request), add a second condition referencing the app field in your service form.

CleanShot 2025-10-21 at 11.28.32

Step 3 — Send the Approval Requests

Next, you’ll add approval steps to ensure access is properly validated before provisioning.

Add the Send an Approval Request action.
Choose your approval recipients:
- First approver: Requester’s Manager
- Second approver: App Owner

💡 Tips:

Use dynamic variables such as or to personalize the message to approvers.
You can also include contextual information like the reason for access or duration if these fields exist in the form.

Once both approvals are completed, the workflow automatically continues to the next step.

CleanShot 2025-10-21 at 11.30.14

Step 4 — Provision Access Automatically

After approval, you can automate the actual access provisioning:

Option 1 — Using Okta or JumpCloud

Add an action: Add user to a group.
Select the target group manually or dynamically call it using variables (for example:
_users).

This automatically adds the requester to the right group, granting them access to the app.

CleanShot 2025-10-21 at 11.32.20

Option 2 — Using a Custom Provider via Webhook

If your company uses another identity or access system (like Google Workspace or Azure AD), you can:

Add a Custom Action using a Webhook.
Configure the endpoint to send the requester’s details and requested app to your provider’s API.

If you want to explore further this option, feel free to check out this article.

Step 5 — Confirm Completion

Finally, you can:

Add a Send a Message or Update Request action to notify the employee that their access has been granted.
Close the request automatically once the provisioning is complete.

Final Result

Your workflow now automates the entire app access process:

Employee submits the request.
The workflow qualifies and routes it for approvals.
Once approved, access is provisioned automatically.
The request closes — all without IT intervention.

Outcome: A fully automated, secure, and auditable app access management process.

CleanShot 2025-10-21 at 11.42.51