Approval Workflows

Approval Chain Design

StackFlow's approval engine supports multi-stage approval chains for catalog items and changes. Each stage can require one or more approvers, with options for unanimous approval (all approvers must approve) or quorum (a majority must approve). Approval chains are defined in the catalog item configuration and can be overridden by conditional rules.

⚙️ Minimum Requirements

DynamoDB: StackFlow_ApprovalRequest table with GSI on approverId and status
SES: Approval request emails from approvals@stackflow-tech.com (must be SES-verified)
SNS Topic: stackflow-approval-reminders for escalation after approval timeout
EventBridge: Rule stackflow-approval-timeout-check firing every 15 minutes

{
  "approval_chain": [
    {
      "stage": 1,
      "name": "Manager Approval",
      "approver_type": "manager",
      "approval_mode": "any_one",
      "timeout_hours": 24,
      "on_timeout": "escalate"
    },
    {
      "stage": 2,
      "name": "IT Budget Review",
      "approver_type": "group",
      "approver_group": "IT Finance",
      "approval_mode": "unanimous",
      "condition": "variables.estimated_cost > 500",
      "timeout_hours": 48,
      "on_timeout": "reject"
    }
  ]
}

Approver Types

Type	Description
`manager`	Requester's direct manager (from org hierarchy)
`specific_user`	A named individual user
`group`	Any member of a named assignment group
`role`	Any user with a specified StackFlow role
`dynamic`	Determined at runtime by a workflow condition or script

Parallel vs Sequential Approvals

Sequential approvals require each stage to complete before the next begins. Parallel approvals send requests to all approvers simultaneously and proceed when the required quorum or all approvers respond. Sequential is used when each stage's approval depends on the previous decision (e.g., manager before budget review). Parallel is used when approvals are independent and speed is important.

Mixed Chains: You can mix sequential and parallel stages in the same approval chain. For example, Stage 1 (sequential): Manager → Stage 2 (parallel): Security + Finance → Stage 3 (sequential): VP Sign-off.

Approval Notifications

Pending approvers receive email notifications with a direct approval link. Approval links are time-limited (48 hours by default) and use a one-time token for security. Approvers can approve, reject, or request more information directly from the email without needing to log in to StackFlow, provided they are already authenticated with their SSO session.

Delegation

Users can delegate their approval authority to another user for a specified time period (e.g., during vacation). Delegations are configured in My Profile → Delegation Settings. Pending approvals are automatically forwarded to the delegate, and all approvals made by the delegate are logged with the original approver's name plus a delegation note.

← Previous

Self-Service Portal

End-user portal experience

CMDB Overview

Configuration database architecture