Skip to content

Admin By Request (ABR) Approval Action → Ivanti Automation

Overview

This automation playbook handles approval or denial actions for Admin By Request (ABR) service requests in Ivanti ITSM. It is triggered when an ABR request requires a decision, allowing IT staff to approve or deny requests directly from Ivanti, with all actions and outcomes synchronized between Ivanti and the ABR system.

High-Level Flow

  1. Ivanti task is created for ABR approval/denial
  2. Ansible Automation Platform triggers this playbook
  3. Playbook retrieves task and ABR request details from Ivanti
  4. Retrieves ABR API credentials from Passwordstate
  5. Executes the approval or denial action in the ABR system
  6. Updates the Ivanti task with the result (approved/denied)
  7. Closes the task or adds notes as appropriate

Execution Flow

sequenceDiagram
    participant Ivanti as Ivanti ITSM
    participant AAP as Ansible Automation
    participant PWS as Passwordstate
    participant ABR as Admin By Request API

    Ivanti->>AAP: Trigger approval/denial task
    AAP->>Ivanti: Get task and ABR request details
    Ivanti-->>AAP: Task info (AdminByReqId, action)
    AAP->>PWS: Get ABR API credentials
    PWS-->>AAP: ABR API credentials
    AAP->>ABR: Approve or deny ABR request
    ABR-->>AAP: Action result (success/failure)
    alt Success
        AAP->>Ivanti: Close task with resolution
    else Failure
        AAP->>Ivanti: Add note with error
    end

Components

Ivanti ITSM

  • Task Creation: Automated task creation for ABR approval/denial
  • Task Update: Updates task status and notes based on ABR action outcome

Passwordstate

  • Credential Storage: Securely stores ABR API credentials, retrieved at runtime

Admin By Request (ABR) API

  • Approval/Denial Actions: Receives and processes approval or denial commands for ABR requests

Playbook Logic

Variables

  • pws_ivanti_api_key: Title of the API key in Passwordstate
  • abr_api_key: Title of the ABR API key in Passwordstate

Main Steps

  1. Get Ivanti and ABR API Keys from Passwordstate

  2. Retrieves credentials for both Ivanti and ABR APIs

  3. Retrieve Task and ABR Request Details

  4. Gets the relevant task and ABR request information from Ivanti

  5. Approve or Deny ABR Request

  6. Uses the ABR API to approve or deny the request based on the action required

  7. Update Ivanti Task

  8. On success: closes the task with a resolution message
  9. On failure: adds a note to the task with error details

Task Input & Output

Input Parameters

  • AdminByReqId: Unique identifier for the ABR request
  • AssignmentID: Ivanti task number
  • Action: 'approve' or 'deny'
  • Reason: Reason for denial (if applicable)

Output Actions

  • On Success: Closes the Ivanti task with a resolution message indicating approval or denial
  • On Failure: Adds a note to the task with error details

Error Handling & Idempotency

  • Only attempts action if required and not already completed
  • All credentials are handled with no_log: true for security
  • Playbook is safe for repeated runs; only updates tasks as needed

Benefits

  • Automates ABR approval/denial workflow in Ivanti
  • Ensures ticket status in Ivanti matches real ABR request status
  • Reduces manual overhead for ITSM operations
  • Provides detailed resolution messages for audit and traceability

Notes

  • The playbook is designed to be idempotent and safe for repeated runs
  • All sensitive operations are delegated to localhost for security
  • PowerShell or API modules are used to interact with the ABR system
  • Task closure includes all relevant status and audit information