Workflows
Last updated
Last updated
All changes on entity objects are a possible subject of a defined workflow.
Consider the following subtle difference between authorization and execution : somebody can assign a entitlement to somebody, but if it is going to be effective can be determined by a workflow.
If you go to the vault and select the tab >governance>workflowconfigurations, you will see an example of some defined workflows.
A workflow configuration is a combination of a action, possible concept type, a type of workflow and some configuration.
By default a workflow with approval of a organisation administrator is configured, amongst others. The workflow engine finds back the organisation for the related concept/entity and creates a workflow task for the organisation administrators of that organisation. You can check the configuration of this workflow as an example.
Possible actions are :
CREATE
UPDATE
DELETE
Possible concept types are:
IdentityType
OrganisationType
Identity
Organisation
Entitlement
Transformer
ProvisioningUnit
OrganisationTypeAssignment
OrganisationAssignment
EntitlementAssignment
EntitlementRequest
Device
EntitlementConflict
Application
Scope
Possible workflows are:
APPROVAL_ROLE
APPROVAL_ORG_ADMIN
APPROVAL_ATTRIBUTE_MATCHER
This workflow is try to find back the organisation linked to the entity. Then it is creating a task for each identity linked to that organisation having the role organisation administrator. If no approvers found, it throws an exception and the concepts remain locked.
Following configuration can be changed
This workflow is going to create a task for all identities having the roles that are defined in the configuration
Duplicate identities are filtered and auto approve is supported when the requestor is matching the approver.
Following configuration can be changed
This workflow is going to create a task for identities that contain a matching attribute with the related concept.
Identity A has a attribute manager that contains value BB. Identity B has a attribute managerid that contains the value BB.
It can now be configured that a update of identity A has to be approved by identity B by setting the conceptAttribute to manager and the approverAttribute to managerId.
| Name | Description |
|---|---|
| Name | Description |
|---|---|
| Name | Description |
|---|---|
roles
configuration defining the roles/entitlements of the identities that have to approve within the organisation, separated by a comma if multiple roles are allowed (OR), defaulting to ADMIN_ORG
linkApprove
the link used to approve the entity ( in the email )
linkReject
the link used to reject the entity
mailTemplate
the name of the template to use while sending the notification
autoApproveIfSelfRequest
automatically approve the task if the requestor is the same as the approver, defaults to true
createNotification
create a notification for the approver, defaults to true
maximumNrOfTasksToCreate
maximum number of tasks to create, defaults to 10
roles
required configuration defining the roles or entitlements ( cross organisation ) of the identities that have to approve, separated by a comma if multiple roles are allowed (OR)
autoApproveIfSelfRequest
automatically approves the task when the requestor is also assigned as an approver. no notification is sent ( default true )
createNotification
creates a email notification containing a link to immediately approve or reject ( default true )
maximumNrOfTasksToCreate
the maximum number of tasks ( for different identities ) to create, if the treshhold is reached, no more tasks are created ( default 10 )
linkApprove
the link used to approve the entity ( in the email )
linkReject
the link used to reject the entity
mailTemplate
the name of the template to use while sending the notification
approverAttribute
the attribute of the approver
conceptAttribute
the attribute of the concept
autoApproveIfSelfRequest
createNotification
maximumNrOfTasksToCreate
mailTemplate
