Documentation

Ticketing

Suggest Edits

In this guide, we'll discuss how to use tickets to propagate access to a custom app with Opal.

Setup

To enable ticket propagation on custom apps, please navigate to the App. Click on Edit, then toggle on Create ticket to propagate access, and add a ticket provider:

2312

When this feature is on, Opal will file a ticket on your ticket provider whenever a user is added to or removed from a resource on your custom app in Opal.

This ticket will have the following assignee:

  • If an admin manually added or removed a user from a resource, that admin will be assigned the ticket.
  • If a user was granted access to the resource via an access request, or the user's access was automatically expired, a random user from the admin group of the resource will be assigned the ticket.

Note: This feature only exists for custom apps in Opal, since access changes are automatically propagated for other apps.

Example

Suppose Josh is requesting access to a custom resource called My Role. Just like for access requests to native (non-custom) resources, the required reviewers for My Role will be notified in Slack that they have a request to review:

When the request is approved, Opal will create a ticket to assign and track the task of making the access change on the end system. This ticket will be assigned to one of My Role's admin users (assuming they have an account on the ticketing provider; otherwise the ticket will be unassigned).

You can see a reference to the ticket by navigating to the My Role resource and clicking on the Users tab. If you click the ticket's identifier, a modal will display containing a link to the ticket.

The ticket will appear on the ticketing provider as follows. If the ticket assignee has enabled email notifications on the ticketing provider, they'll be notified via email that there's been a new ticket assigned to them.

When the access change has been made on the end system, the assignee should mark the ticket as Done. Opal will then record the access change as complete. This appears as a green sync icon next to the user's access.

Please note that it may take several minutes for Opal to sync the ticket's status. If you're the admin of the resource, you can also force a sync by clicking the sync button on the top right of the resource's page.

Updated 3 months ago