Workflow major components
• workflow name and type
• description (optional)
• libraries (optional)
• variables
– initialized
– calulated value
• steps with proper transition and conditions
– start step
– more steps
• can call other subprocess with proper arguments
• can use forms/approvals/rules
– Stop step
Workflow variables:
optimisticProvisioning : When user requests for an entitlement then, it will be assigned to user and will be reflected in Entitlement section of Identity warehouse for that user without waiting for an Identity Refresh task run.
Set to true to enable optimistic provisioning. This will provide
changes to the entitlements from role assignments and applied immediately to the identity cube rather than waiting for the next refresh/reaggregation .
foregroundProvisioning
provisioning uses the "background" option to force the workflow to be suspend and be resumed in a background task thread. This prevents the browser session from hanging since provision can sometimes take a long time. For demos and testing it can be better to do this in the foreground so that provisioning will have been performed when control is returned to the user. This prevents having to run the Perform Maintenance task to see the results of the request.
transient - When user submits form then workitem enerated and remain in pending state so inorder to remove that workitem from pending state the workflow is set to true as transient.
splitprovisioning - suppose user requests for 3 applications and in which 2 applications have approvals but for 1 app there is no approval so if splitprovisioning is set to true then provisioning will be completed for that application which is not having any approval set means it will not wait for other 2 app. approval completion, but if splitprovisioning is not set to true then it will wait for all applications approval to be completed and then provisioning will be completed for all 3 apps.
Types of Workflow
Important Workflow types:
• Policy Violation
• LCM Provisioning
• Managed Attribute
• Identity Correlate
• Identity refresh
• Identity Update
• Identity LifeCycle
Workflow Points :
•Workflow: defines steps involved to perform certain task
• Workflowcase: workflow in progress. It is an instance of
workflow for a particular task
• Workflowcontext: available in all workflow
– contain all variables, step arguments, approval,
workflow definition, library and workflowcase
– contains everything present or used in that workflow
• Taskresult: status of a workflow
Triggering Workflow :
• LifeCycle manager: access request, changing
entitlement, roles etc
• Lifecycle event: create an identity and various life
events like joiner, termination, rehire,
• Policy Violation: A policy violation
• Identity Attribute change
• editing a role, changing a password etc
WorkFlows Working
- Start-Visual indicator, no logic.
- Build Approval Set (not applicable for LCM
Provisioning)
ApprovalSet is built by Identity
Request Initialize subprocess but when a approver wants to get a visual understanding on what
are the changes made to identity object and also to map the comments entered during checkout (at the request level
and not in line level).
Request Initialize subprocess but when a approver wants to get a visual understanding on what
are the changes made to identity object and also to map the comments entered during checkout (at the request level
and not in line level).
It is done by calling a built in
rule LCM Build Identity ApprovalSet.
rule LCM Build Identity ApprovalSet.
Important Arguments-None
Return-set(object)
3.Initialize, calls the Identity Request Initialize subprocess workflow.The main task of this step is to
- compile the provisioning plan into a provisioning project .
- create
the IdentityRequest object which will make it possible for the requester and
the requestee to follow the progression of the request. - subprocess
performs policy checking, as directed by the workflow variables.
Important Arguments- identityName
provisioningPlan
policiesToCheck
Return- approvalSet
identityRequestId
policyViolations
project
4.Approval- to get approval from the required people before provisioning the request. calls the Provisioning Approval Subprocess
Important Arguments-
- approvalMode: determines the "mode"
for the approval -- the timing of how multiple approvals will be
processed and how many decisions are required to approve or reject the
item - approvalScheme: defines the users who should be
involved in the approval - approvingIdentities: only used if approvalScheme
contains "identity"; this variable specifies a list of
identities to include in the approval - approvalAssignmentRule: names a rule which can be written
for each installation to calculate additional approval owners based on
any required logic (rule not provided by default)
Return- approvalSet
workItemComments
5.Provision- This calls the IdentityRequest Provision subprocess workflow to provision the access request to the target system(s).
Important Arguments- project
Return- project
IdentityRequest Provision subprocess calls another subprocess called the Provision with Retries to carry out the requested and approved provisioning action.
Important Arguments- foregroundProvisioning
identityRequestId
project
trace
Return- project
retries
6.Notify- This step calls the Identity Request Notify subprocess to send emails to various system users, notifying them of the final status of the request.
Important Arguments –notificationScheme
userEmailTemplate
managerEmailTemplate
plan
Return-None
7. Finalize- The two main purposes of the Identity Request Finalize subprocess are
- update the Identity Request with the final
dispensation of the request - audit the provisioning action if that audit action
has been turned on in the Audit Configuration.
Important Arguments- project
priority
approvalSet
Return- None
------------------------------------------------------------------------------------------
Reference class="sailpoint.object.Rule" name="LCM Workflow Library"